On 28 February 2014, the Office of the Australian Information Commissioner (OAIC) issued a Statement in relation to its approach to enforcement after the amendments to the Privacy Act commence on 12 March 2004. For most businesses that will involve compliance with the harmonised Australian Privacy Principles (APPs), and for other businesses include the changes to the credit reporting system.
The OAIC stated:
Accordingly, businesses that are not fully prepared but are taking genuine steps to comply with the new laws will have the benefit of this approach.
The OAIC Statement notes that a number of detailed guidance notes have been prepared and published for both businesses and agencies in relation to the privacy reforms. The latest update from the OAIC is here More... And a number of updates are also available on the Holding Redlich website More...
The OAIC confirmed its enforcement model is an escalation model. That is, it would first try to resolve complaints by an individual with the relevant organisation by conciliation. If this was unsuccessful then the OAIC would use other tools such as determinations, enforceable undertakings or in some circumstances initiating court proceedings for civil penalties.
We have been working with clients to provide privacy statements and privacy clauses. To be effective we have been working with clients to audit their personal information collection, usage, and disclosure processes so that appropriate changes can be made and staff can be trained.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.