On 12 March 2014 extensive amendments to the Privacy Act
1988 (Cth) (the Act) came into effect. The
Act introduced 13 Australian Privacy Principles
(APP's), which replace and in some instances
significantly modify the former National Privacy Principles and
Information Privacy Principles.
Do the new privacy laws and APP's apply to you?
Both Australian government agencies and private sector companies
must comply with the Act and the APP's. There are some
exemptions to the requirement that an organisation comply with the
Privacy Act. These include the following:
Employee Records: records of personal
information that relate to the employment of an individual are
exempt if the records are obtained only for the purpose of acts or
practices that directly relate to a current or former employment
relationship. Hence, the collection and storage of personal
information of a potential employee (i.e. job candidates) or the
cross-border disclosure of information may not be included in the
exception, and will be covered by the Act.
Small Businesses: if your business has an
annual turnover of $3 million or less you may be a small business
operator and may not be obliged to comply with the Act (however,
some businesses with an annual turnover of less than $3 million may
not be able to rely on this exemption).
Significant changes and features of the new privacy laws
organisations must have clearly expressed and up-to date Privacy
Policy that complies with the Act. APP 1 outlines what must be
included. Organisations must also take steps to implement
practices, procedures and systems that show how they will comply
with the Act in a practical manner. This can be achieved through
the introduction of a written Compliance Plan.
APP 7 - Direct Marketing: organisations may
only use or disclose an individual's personal information for
direct marketing purposes if the individual would reasonably expect
the entity to use or disclose the information, the individual has
consented to the use or disclosure, or where the entity provides a
simple way of opting out of the direct marketing.
APP 8 - Cross-border Disclosure: before
disclosing personal information to an overseas recipient, an
organisation must take reasonable steps to ensure that the
recipient complies with the Act. Overseas recipients may include,
but are not limited to overseas third party processors such as
off-shore internet servers, or overseas branches of the
Increased Powers: the Privacy Commissioner has
significantly increased powers and may now seek civil penalties of
up to $340, 000 (for individuals) and $1.7 million (for
Does your organisation comply?
Organisations must take active and practical steps to ensure
compliance with the Act and the APP's. For this reason we
personal and sensitive information you collect, the purpose(s) of
this collection, and how it is collected;
Introduce a written Compliance Plan, which outlines how
compliance will be achieved in a practical manner, and take active
steps to implement this plan;
Review your direct marketing processes and update
Consider whether you send personal information to overseas
recipients and take steps to ensure these recipients comply with
the Act. Also ensure that your policies, plans and consent
arrangements are updated accordingly.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
Kemp Strang has received acknowledgements for the quality of
our work in the most recent editions of Chambers & Partners,
Best Lawyers and IFLR1000.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The legal rights and wrongs of taking photos can be confusing, so what does the law say about photos in a public place?
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).