Does your business have an annual turnover of more than
$3 million? Do you offer payment terms of seven days or more? If
you answered yes to either of these questions, and you haven't
to act or you might face significant penalties.
This Thursday, 12 March 2015, marks the first anniversary of the
most significant changes to Australia's privacy laws in over 25
years. Amendments to the Privacy Act 1988 (Cth) included
the introduction of a new set of Australian Privacy Principles
(APPs) and credit information obligations that now regulate the
handling of personal information and credit information by most
businesses and government agencies.
The amendments also introduced significant penalties of up to
$340,000 (for individuals) or $1.7 million (for corporations) for
breaches of certain provisions of the APPs and the Privacy
Australian Privacy Principles
The APPs apply to businesses with an annual turnover of more
than $3 million.
Some key obligations for affected businesses include ensuring
that your business:
contains information about a number of mandatory matters (if your
is not APP compliant);
notifies individuals of certain privacy and information
handling matters before collecting their personal information;
only collects personal information for permitted reasons and,
once collected, deals with the personal information in accordance
with the APPs;
doesn't use personal information for direct marketing
purposes unless an exception is satisfied; and
takes steps before disclosing information to overseas
recipients to ensure they do not breach the APPs (e.g. outsourcing
or cloud computing).
The 2014 amendments to the Privacy Act also imposed new
obligations on most businesses that defer payment for goods or
services on terms of seven days or more regardless of annual
Some key obligations for affected businesses include:
ensuring that your business has an up-to-date policy on your
handling of credit information and that the policy is easily
accessible and contains information about a number of mandatory
notifying individuals of certain credit information handling
matters before collecting their credit information.
Until last year, privacy compliance was seen by many businesses
as a toothless tiger. However, given the significant penalties that
are now on the cards for non-compliance, businesses should ensure
that they are aware of their obligations under the Privacy
Act and make positive steps towards complying with their
obligations or face hefty penalties.
Winner – EOWA Employer of Choice for Women Citation 2009,
2010, 2011 and 2012
Winner – ALB Gold Employer of Choice 2011 and 2012
Finalist – ALB Australasian Law Awards 2008, 2010, 2011 and
2012 (Best Brisbane Firm)
Winner – BRW Client Choice Awards 2009 and 2010 - Best
Australian Law Firm (revenue less than $50m)
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Those types of personal disclosure may still be permitted under the Privacy Act as long as your house is in order.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).