New privacy laws: are your policies up to date?

Australian Privacy Principles

The new privacy laws came into full effect on 12 March 2014 with the introduction of 13 new Australian Privacy Principles (APPs). The APPs guide how businesses collect, use, store and disclose personal information and engage in direct marketing. In short it is the Privacy Act 1988 catching up with the current technological environment and businesses could be fined up to $1.7 million for infringement of the laws.

The following is some general information on the new laws. You will need to seek your own legal advice on specifics of the laws relevant to your circumstances.

Do the new privacy laws apply to my business?

These changes will affect all government agencies and private organisations that handle personal information and have an annual turnover greater than $3 million.

Most small businesses with an annual turnover of less than $3 million aren’t affected by the changes unless you fall into one of the below categories:

  • Are a health service provider
  • Trade in personal information (e.g buying or selling mailing lists)
  • Are a contractor that provides services under a Commonwealth contract
  • Are a reporting entity for the purpose of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006
  • Are an operator of a residential tenancy database
  • Are a credit reporting body

What are the new laws?

The 13 new privacy principles address the open and transparent management of personal information; the collection, handling and storage of personal information; the integrity and security of personal information; and the accessibility and correction of personal information.

For full detail on the new privacy principles we recommend you visit the information page on the OAIC website.

What can I do to comply?

  • Review your personal data handling methods
  • Create/ update your privacy policy and privacy disclosure statement
  • Train your staff in the new procedures
  • Only collect personal information that is necessary
  • Provide an opt-in and opt-out (unsubscribe) option on all your direct marketing communications
  • Provide a reasonable means for an individual to access their personal information and seek the correction of the information
  • Seek legal advice - approach your solicitor for more specific advice.