Australia has recently amended the Privacy Act.
The Federal Government originally enacted the Privacy Amendment Act in 2012 with the new amended laws coming into effect on the 12th March 2014. The amended act sees the National Privacy Principles and Information Privacy Principles replaced with a new set of 13 Australian Privacy Principles (APPs).
The new amended privacy laws may require businesses to:
- Identify the types of personal information they hold, collect, use and disclose
- Amend contracts and agreements
- Train staff and establish procedural compliance into their systems
It is worth noting that small businesses with an annual turnover of $3 million or less are not considered as APP entities, there are however exceptions to this and it is worth getting some legal advice if unsure.
What should a business do to ensure compliance?
- Don’t collect unnecessary information - the new privacy amendments make it pretty clear not to collect personal information unless that information is reasonably necessary for your business functions or activities. Make sure you are not collecting information that has no relevance to your business.
- Make sure you are Spam Act compliant - the amendments have tightened up the practices around direct marketing. The Australian Spam Act has been implemented in 2003 and most businesses should be fairly familiar with practices to comply with the act. The Spam Act refers to ‘Expressed Consent’, ‘Inferred Consent’ and also covers off unsubscribe practices. Learn more about the spam act.
- Review where your data is stored - the privacy amendments introduce more stringent rules around cross border disclosure of personal information. If personal information is to be disclosed overseas the business must take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles. In essence once data leaves Australian borders other laws apply.
If you want some more information on the new Australian Privacy Principles you can download a summarised fact sheet from the Office of the Australian Information Commissioner.