A number of significant changes to the Privacy Act 1988 (Cth) will come into force on 12 March 2014. It is important that businesses ensure that their privacy practices, procedures and systems are reviewed to ensure continuing compliance with the Privacy Act. The changes also give the Information Commissioner greater enforcement powers against non-compliant businesses, including civil penalties of up to $1.7 million.

Two of the most significant changes are:

  • a general obligation to take reasonable steps to implement practices, procedures and systems that ensure compliance with the Australian Privacy Principles, which will replace the National Privacy Principles (APP 1.2); and
  • more prescriptive requirements for privacy policies, including a requirement to disclose whether a business is likely to disclose personal information to overseas recipients and their location (APP 1.4).

These changes will affect businesses in all industries, and it is crucial that businesses prepare for these changes immediately.

Shelston IP worked with iTnews to release a new research paper entitled "Understanding Australia's new Privacy Act", which is a best practice guide for IT professionals to come to terms with the amended Privacy Act. The full report can be found here.

Brett Winterford of iTnews interviewed Shelston IP Partner, Mark Vincent and prepared a blog series. This series included:

Shelston IP can review your business' privacy policy and have a preliminary discussion with you about your business' compliance with these upcoming changes.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.