Privacy has become major concern in the digital world. In order to keep pace with rapid technological development, in December 2012 the Australian Government introduced the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth). This Act introduced a number of key changes to Australian privacy laws, which take effect from 12 March 2014.
What are the main changes?
The definition of personal information has been amended to include information about an individual who is ‘identified’ or ‘reasonably identifiable’. Significantly, this new definition contemplates the linking of information and/or data sets (held by one or multiple entities), which will render an individual identifiable or reasonably identifiable.
This Act also introduces the Australian Privacy Principles (APPs), a set of mandatory privacy principles which replace the National Privacy Principles and the Information Privacy Principles contained in the Privacy Act 1988 (Cth). The APPs apply to all organizations that collect personal information and have a minimum annual turnover of $3 million. The APPs relate to the collection, storage, security, use, disclosure, access and correction of personal information. Penalties for breach of the APPs can be up to $1.1 million.
What should I do?
To ensure that you and your clients are compliant with the new laws, you should:
The introduction of the APPs and changes to the Privacy Act will impact the way that your agency and clients collect, use and disclose personal information. It is expected that you and your clients will be fully compliant with the new obligations under the Privacy Act and you should therefore consider the changes you and your clients will need to make to comply by 12 March 2014.