The Privacy Amendment (Enhancing Privacy Protection) Act 2012 amends the existing Privacy Act 1988.
New laws taking effect from 12 March 2014.
Who is effected?
The new laws effect businesses and most government bodies that collect and transfer personal information in Australia.
What are the main changes?
Of the 13 newly introduced Australian Privacy Principles (APPs), the most significantly changed are as follows:-
- APP 4 (unsolicited personal information): If an entity receives unsolicited information, the entity must, within a reasonable period, determine whether it could have legally collected the information itself, and if not, the entity must, as soon as practicable, destroy or un-identify the information.
- APP 5 (notification of collecting personal information): The requirements regarding notifying an individual of the collection of personal information have been greatly expanded.
- APP 7 (direct marketing): An organisation must not use or disclose personal information collected about an individual for the purpose of direct marketing, unless one of the various prescribed exceptions apply.
- APP 8 (cross-border disclosure of personal information): Before an APP entity discloses personal information about an individual to an overseas recipient, the entity must take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles. In certain circumstances, an entity may now be deemed to be liable for a breach of the APPs by an overseas recipient of personal information disclosed by the entity.
Non-compliance with the new legislation risks civil penalties of up to $1.7 million for corporations and $340,000 for individuals.
How to Proceed
In light of the impeding changes in the law, now is the time for businesses to be familiarising themselves with the new APPs and reviewing and updating their privacy policies accordingly.
Click here for more information on Abbey Huckstep.