5 MARCH 2014

From 12 March 2014, significant changes to privacy law in Australia will come into effect following recent amendments to the legislation.  As the changes have important practical and legal implications for businesses in relation to the collection, storage and disclosure of personal information about employees, clients and customers (among others), it is important that you take the time to understand the reforms and to adapt your business practices accordingly.

The changes apply to government agencies as well as organisations, which includes individuals, partnerships and small business operators. Small business operators are defined as businesses with an annual turnover of up to $3,000,000, subject to some limited exceptions.

Under the new laws, the previous regulatory requirements known as the “National Privacy Principles” have been replaced with a more robust and proscriptive set out of requirements known as the “Australian Privacy Principles” (APPs). Generally speaking, the APPs require the relevant business to maintain a compliant, up-to-date privacy policy and implement practices and procedures which ensure compliance. These policies need to be tailored to the type of business conducted and information that is likely to be collected.

To prepare for the new laws we recommend that existing privacy policies and statements (which may appear on websites) be reviewed and updated where necessary. As the new laws require businesses to take reasonable steps to put procedures and systems in place to ensure compliance with the new laws, we also recommend that these procedures and systems be clearly articulated and documented. This may include, for example, formal procedures and systems for:

(a) identifying, collecting, storing, using and disclosing personal information; and

(b) receiving and responding to complaints about alleged breaches of the APPs as well as requests for access to personal information.

Appropriate training of staff in relation to those procedures should also be carried out and recorded.

The new laws also introduce a much stricter penalty regime, with increased powers for the Commissioner and fines of up to $340,000 for individuals and $1.7 million for corporations.

We would be pleased to assist you in reviewing and updating your privacy policies, systems and procedures to help you to minimise the risk of falling afoul of the new laws.

[contactsbox] [leftcolumn]

Contact Partner: Francesca Petroccitto
Direct Telephone : 07 3210 5771
Mobile Telephone : 0402 293 644
[email protected]

[/leftcolumn] [endcontactsbox]