What's happening?
A raft of changes to the Privacy Act 1988 (Cth) ("the Privacy Act") are being introduced from 12 March 2014.
Penalties for non-compliance are increasing, so it is more important than ever to understand if, and how, the changes will affect your business.
Who does it apply to?
The Privacy Act protects personal information handled by large businesses (including not-for-profit organisations) with a turnover greater than $3 million and health service providers of any size.
The Act may also apply to a "small business" if it has an annual turnover of less than $3 million and either:
- trades in personal information (i.e. selling customer databases);
- provides services under a Commonwealth contract;
- runs a residential tenancy database;
- is related to a larger business; or
- is a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act.
However, it is advisable for everyone to have a general awareness of the privacy laws.
What are the changes?
A new set of "Australian Privacy Principles" that cover the handling of personal information by businesses will be introduced. These will replace the current "National Privacy Principles" that apply to some businesses.
Some of the key changes will affect how businesses can:
- handle and process personal information;
- use personal information for direct marketing; and
- disclose personal information to parties located overseas.
The changes also provide a number of new enforcement powers and functions for the Australian Information Commissioner, including the ability to:
- investigate serious breaches (including the right to impose significant penalties on businesses);
- assess the privacy performance of businesses; and
- require Federal government agencies to conduct privacy impact assessments.
Civil penalties will apply for businesses who fail to comply with these laws, with the Act providing for penalties for repeat offenders of up to $340,000 for individuals and $1.7 million for companies.
What do you need to do?
The first step is to carefully consider whether or not your business will be required to comply with the Privacy Act. Secondly, you need to take practical legal steps within your business to comply with each Australian Privacy Principle. If in doubt, contact the Office of the Australian Information Commissioner or seek legal advice.
If you have any queries regarding your whether your business is covered by the Privacy Act, or how to comply with the new laws, please feel free to contact Mitchell Zadow on (03) 8561 3318.
The information contained in this article is intended to be of a general nature only and should not be relied upon as legal advice. Any legal matters should be discussed specifically with one of our lawyers.
Liability limited by a scheme approved under Professional Standards Legislation.
Mitchell is the Managing Principal of our law practice.
He is an Accredited Specialist in Commercial Law (accredited by the Law Institute of Victoria). He also deals with areas of Employment Law, Wills & Estate Planning and Probate. For further information, contact Mitchell on his direct line (03) 8561 3318.
