In November 2012, the Australian Parliament passed the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (‘Amendment Act’) to amend the Privacy Act 1988 (‘Privacy Act’). Commencing 12 March 2014, the Amendment Act introduces new privacy laws that increase obligations on Australian Government agencies and private sector organisations that collect or deal with personal information in Australia.
The amendments include the introduction of a single set of Australian Privacy Principles (‘APPs’) applying to both Australian Government agencies and the private sector. The APPs will replace the existing Information Privacy Principles that apply to Government agencies and National Privacy Principles that apply to business.
The Office of the Australian information commission (‘OAIC’) has released a draft APP Guidelines for consultation on the 23rd of August 2013. This draft is open for comments until 20 September 2013.
What are the key changes to the Privacy Act?
Introduction of the APPs
As a whole, the APPs require a higher degree of openness and transparency about how entities manage personal information.
For a full list of the APP guidelines, visit OAIC webpage: http://www.oaic.gov.au/privacy/privacy-engaging-with-you/current-privacy-consultations/draft-australian-privacy-principles-guidelines/draft-app-guidelines
Increased Powers to the Commissioner
The Amendment Act increases the functions and powers of the Privacy Commissioner to, among other things:
- seek civil penalties (up to $340,000 for individuals and $1.7 million for an agency) where there is a serious or repeated interference;
- audit the handling of personal information by agencies and undertake “own motion” investigations; and
- make determinations following investigations and apply to the Federal Court to enforce such determination.
What does this mean for entities?
In preparation for the commencement of the amendments, entities should consider;
- reviewing and updating existing privacy policies and internal procedures to ensure compliance with the APPs and the recent OAIC guidelines regarding handling of sensitive information;
- reviewing privacy policies and processes for notification of it/obtaining consent to it comply with APPS; and
- training employees to ensure they understand the amendments.
Finalised guidelines will be published at the end of the year.