Moore Australia part of a global network of offices, providing auditing and financial reporting services, advising local, national and international clients in the public and private sectors. Moore Australia generates annual revenues in the region of $80m.
Moore Australia is part of the Moore Global network and has 14 offices with over 450 people nationwide.
Moore Australia has extensive experience in state and local government, biotechnology, energy mining and renewables, health and aged care, education, manufacturing, not for profit, property and construction, retail and tourism and hospitality and has a strong presence in the following service lines: Asia Desk, Audit & Assurance, Business Advisory, Taxation, Corporate Finance, Governance and Risk Advisory.
On 12 March 2014, the Privacy (Enhancing Privacy Protections)
Act 2012 (Cth) (the Amendments) came into effect and brought about
significant change to the Privacy Act 1988 (Cth) (the Act).
The Act regulates the collection, storage, use, and disclosure
of personal information. The Act will apply to independent schools
with an annual turnover of more than $3 million.
Schools need to be aware of the changes to the Act and ensure they
comply with the new requirements. Specifically, schools need to be
proactive in ensuring that they have and implement practices,
policies and procedures that comply with the Australian Privacy
Principles (APPs).
The key change brought about by the Amendments is that the
National Privacy Principles (NPPs) are replaced by the APPs.
Other changes included:
the Australian Information Commission (AIC) was given greater
power to enforce privacy laws (including penalty orders of up to
$1.7 million for corporations);
amendments to credit reporting provisions;
amendments to definitions; and
allowing for new privacy and credit reporting codes to bind
organisations.
A summary of the APPs is below.
APP 1: Open and Transparent Management of Personal
Information
A school must take reasonable steps to implement practices,
procedures and systems relating to the school's functions that
ensure the school complies with the APPs and will enable the school
to deal with inquiries or complaints.
A school must have a privacy policy which meets the
requirements as set out in APP 1.
APP 2: Anonymity and Pseudonymity
A school must provide individuals with the option of being
dealt with anonymously; this will not apply if it is
impractical.
APP 3: Collection of Solicited Personal
Information
Schools can only collect information where it is
"reasonably necessary".
Sensitive information can only be collected with consent,
unless an exception applies or it is reasonably necessary for one
of the school's functions or activities.
APP 4: Dealing with Unsolicited Personal
Information
If a school receives unsolicited personal information they must
consider whether they were allowed to collect it under APP 3; if
not, the information will generally need to be destroyed or
de-identified.
APP 5: Notification of the Collection of Personal
Information
Most schools use a standard collection notice to notify an
individual of the collection of personal information. A school must
notify an individual about how they can access, correct, make a
complaint, and if the school disclose information overseas, to
which countries.
APP 6: Use or Disclosure of Personal
Information
Additional exceptions apply for where a school can use or
disclose personal information, i.e. to assist in finding a missing
person.
APP 7: Direct Marketing
A school can only use personal information if an individual has
consented to it, or reasonably expects that their information will
be used for direct marketing.
Schools must provide an "opt-out' option.
APP 8: Cross-Border Disclosure of Personal
Information
A school must take all steps reasonable to ensure an overseas
recipient does not breach the APPs.
APP 9: Adoption, Use or Disclosure of Government
Related Identifiers
A school must not disclose a government related identifier of
an individual unless an exception applies.
APP 10: Quality of Personal Information
A school must ensure that the personal information they use or
disclose is accurate, up to date and complete.
APP 11: Security of Personal Information
A school must take steps to protect information from misuse,
interference, loss, unauthorised access, modification and
disclosure.
If the school no longer uses information, they must destroy and
de-identify information in accordance with the APPs.
APP 12: Access to Personal Information
A school must deal with access to personal information,
requests for access, charges for access and refusal for access in
accordance with APP 12.
APP 13: Correction of Personal
Information
A school must take reasonable steps to ensure that the
information they hold is correct.
Given these changes schools should, at an absolute minimum,
ensure that:
its policies comply with APP 1; and
its practices and procedures that govern collection, storage,
use and disclosure of personal information comply with the
Amendments.
Privacy is a difficult area of law to navigate. It is important
that your school take steps to ensure compliance as failure to do
so can have expensive consequences.
