March 12 will see the biggest change in Australian privacy law in 25 years with the introduction of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Privacy Amendment Act). In order to help businesses comply with the changes, the Office of the Australian Information Commissioner (OAIC), published new guidelines on February 21.
In this blog, we outline some of the key changes and the resources available ahead of the changes on March 12.
The Australian Privacy Amendment Act
The Privacy Amendment Act includes a set of new, harmonized, privacy principles that will regulate the handling of personal information by both Australian government agencies and businesses. These 13 new principles are called the Australian Privacy Principles (APPs). They will replace the existing Information Privacy Principles (IPPs) that currently apply to Australian Government agencies and the National Privacy Principles (NPPs) that currently apply to businesses.
What do these changes mean for Australian consumers and business?
Under the new laws from March 12, 2014, it will be easier for Australians to:
- find out if their personal information will be sent overseas
- request access to their personal information held by an organization or agency
- request a correction to their personal information held by an organization or agency
Businesses will also be impacted by these changes, which will include enhanced powers for the Privacy Commissioner Timothy Pilgrim, who oversees privacy at OAIC (the Commission also regulates government access and information policy). Under the new law, the Privacy Commissioner and OAIC are able to:
- enforce the new requirements against companies doing business located in Australia or with a link to Australia
- seek civil penalties in the case of serious or repeated breaches of the Act’s requirements
- conduct assessments of privacy performance for both Australian government agencies and businesses
How can you tell if you’re compliant?
On February 21, the Office of the Australian Information Commissioner (OAIC) released Australian Privacy Principles (APP) guidelines to provide a resource for all those who will be subject to the new APPs from March 12, 2014 to assess whether they are compliant.
The APP guidelines outline the mandatory requirements of the APPs, how the OAIC will interpret the APPs, and matters they may take into account when exercising functions and powers under the Privacy Act. The APP guidelines give many examples of how the APPs may apply in particular circumstances and contain suggestions for good privacy practice.
If you want to find out more:
- Download a PDF summary of the 13 Australian Privacy Principles here
- Watch the video of Professor John McMillan, Australian Information Commissioner as he announces release of Australian Privacy Principles Guidelines
- Visit the Office of the Australian Information Commissioner (OAIC) website at www.oaic.gov.au
- Follow @OIACgov on Twitter