On 12 March 2014 new amendments to the Privacy Act 1988 (Cth)
will drastically change how both public bodies and private
businesses must deal with personal information.
The changes are being brought in by the Privacy Amendment
(Enhancing Privacy Protection) Act 2012 (Cth)
The Amendment Act abolishes the National Privacy Principles,
which currently apply to the private sector, and the Information
Privacy Principles, which currently apply to the public sector. It
replaces them with a set of uniform rules known as the Australian
Privacy Principles ("APPs"). The APPs
will apply to all public sector entities and private organisations
that are subject to the Act ("APP
The National Privacy Principles currently apply to bodies
corporate, partnerships, unincorporated associations and in some
circumstances individuals. However, small businesses with annual
turnover of less than $3,000,000 do not generally need to comply
with them provided they do not engage in certain activities (for
example health service provides must comply with the Act regardless
of their turnover). The introduction of the APPs leaves this
position largely unchanged.
The explanatory memorandum states that the new APPs are grouped
into five sets of principles:
Principles that require APP entities to consider the privacy of
personal information, including ensuring that APP entities manage
personal information in an open and transparent way (APP 1, APP
Principles that deal with the collection of personal
information, including unsolicited personal information (APP 3, APP
4, APP 5)
Principles about how APP entities deal with personal
information and government-related identifiers, including
principles about the use and disclosure (including cross-border
disclosure) of personal information and identifiers (APP 6, APP 7,
APP 8, APP 9)
Principles about the integrity, quality and security of
personal information (APP 10, APP 11)
Principles that deal with requests for access to, and
correction of, personal information (APP 12, APP 13).
The implementation of the APPs will significantly affect many
businesses. For example, the National Privacy Principles do not
currently require a private organisation to have privacy compliance
measures in place. This will change with the implementation of APP
App 1.2 creates a new positive obligation requiring APP entities
to take such steps as are reasonable to implement practices,
procedures and systems relating to the organisation's functions
or activities, to ensure the entity complies with the APPs.
APP 1.3 requires an APP entity to have a clearly expressed and
up-to-date policy about the management of personal information. APP
1.4 details information that must be included in the policy (for
example how an individual may access personal information about
themselves that is held by the entity and seek correction of such
These requirements are more proscriptive than the current
requirements of the National Privacy Principles, which require a
policy relating to the management of personal information to be set
out but do not specify what matters must be covered by the
In addition to the creation of the APPs, the Amendment Act will
introduce significant new penalties. For example, if a business
does an act, or engages in a practice, that is a serious
interference with the privacy of an individual, the business could
be fined up to $340,000.
The Act allows organisations and industries to develop and
enforce their own privacy codes. If properly approved and
registered, compliance with a code will be enough to meet an
organisation's obligations under the Act.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
Kott Gunning is a proud member of
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The legal rights and wrongs of taking photos can be confusing, so what does the law say about photos in a public place?
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).