Businesses including Not-for-Profit entities should review their privacy policies and procedures to ensure that they comply with the new Australian privacy principles before they commence on 14 March 2014.
The Privacy Amendment (Enhancing Privacy Protection) Act 2012 is the most significant privacy reform since the Privacy Act was introduced over 25 years ago. The new privacy principles will regulate the handling of personal information by businesses and Australian government agencies.
What Are the Key Changes?
1. Australian Privacy Principles
The existing National Privacy Principles (NPPs) and Information Privacy Principles (IPPs) will be replaced with the Australian Privacy Principles (APPs). The reforms introduce 13 APPs and the Office of the Australian Information Commissioner has provided both a brief and a detailed summary of each of the principles.
2. Personal Information
A new s 16A outlines seven permitted general situations where the collection, use or disclosure of personal information about an individual will not breach of certain APP obligations (i.e. to lessen or prevent a serious threat to the safety or health of an individual or disclosure to law enforcement agencies).
3. Enforcement Powers
The amendments to the Privacy Act increase the Commissioner’s powers, including more power to resolve complaints, conduct investigations and to promote privacy compliance.
The changes will also strengthen the Commissioner’s enforcement powers.
Who Do The Changes Apply To?
The reforms apply to ‘APP entities’.
An APP entity is either an agency or an organisation. If you are an APP entity you will need to understand the impacts of the reforms before they commence in March 2014.
Agency is a government or government related entity (see the Act).
(a) an individual; or
(b) a body corporate; or
(c) a partnership; or
(d) any other unincorporated association; or
(e) a trust;
that is not a small business operator, a registered political party, an agency, a State or Territory authority or a prescribed instrumentality of a State or Territory.
There are no exemptions for Not-for-Profit or charitable entities.
Could my Business be Exempt from the Principles as a Small Business Operator?
A small business operator is a business that had an annual turnover for the previous financial year of $3,000,000 or less (note there are additional rules for new businesses). However, a business is not a ‘small business operator’ if it provides a health service to another individual and holds health information or is related to a body corporate that carries on a business that is not a small business.
Businesses including Not-for-Profit entities should review their privacy policies and procedures to ensure that they comply with the APPs before they commence on 14 March 2014.
The Office of the Australian Information Commissioner has prepared a checklist to assist ‘APP Entities’ with understanding the main changes they may need to make.
Please do not hesitate to contact Bill d’Apice or Anna Lewis of this office if you would like any advice in relation to the amendments.