In brief - New privacy laws take effect in Australia in March
Businesses should be aware of the Australian Privacy Principles
created by the new privacy legislation and understand the
implications for collection of personal information, storage of
data and use of cloud based IT services.
New privacy laws and definition of personal information
New privacy laws take effect in March 2014, imposing new
requirements on businesses and government bodies that collect
personal information online in Australia, or outside Australia if
that data is brought to Australia.
The definition of "personal information" is broad and
includes customer records, website cookies and customer information
Changes to the privacy principles
The legislation creates new Australian Privacy Principles (APPs)
that deal with how personal information can be collected and
How businesses and government bodies must collect, update and
store personal information
The purpose for which personal information may be
How individuals may access their personal information and seek
its correction or deletion
How individuals may complain about invasion of their
Risks of using cloud based IT services
In most instances, user consent will be required to transfer
personal information overseas. If you use cloud based service
providers, data may be transferred overseas in the cloud without
your specific knowledge and without the required consent.
You must protect the personal information you hold from misuse,
interference, unauthorised access, modification, disclosure and
You may need to disclose unexpected or unauthorised access to
personal data (hacking or data theft) to relevant authorities.
Direct marketing and sensitive information
Specific consent will be required if you wish to use sensitive
information about an individual for direct marketing purposes.
Enforcement by Australian Privacy Commissioner
The Australian Privacy Commissioner has powers to enforce the
APPs, including powers to obtain enforceable undertakings and to
apply for civil penalty orders up to a maximum of $1.7 million for
corporations or $340,000 for individuals.
Make sure your business complies with the new legislation
You should quickly review your practices to make sure they
comply with the new laws before they become effective.
Those types of personal disclosure may still be permitted under the Privacy Act as long as your house is in order.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).