March 12 will see the biggest change in Australian privacy law in 25 years with the introduction of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Privacy Amendment Act). In order to help businesses comply with the changes, the Office of the Australian Information Commissioner (OAIC) published new guidelines on February 21.

These are some key changes and resources available ahead of the changes on March 12.

The Australian Privacy Amendment Act

The Privacy Amendment Act includes a set of new, harmonized privacy principles that will regulate the handling of personal information by Australian government agencies and businesses. These 13 new principles are called the Australian Privacy Principles (APPs). They will replace the existing Information Privacy Principles (IPPs) that apply to Australian Government agencies and the National Privacy Principles (NPPs) that currently apply to businesses.

What do these changes mean for Australian consumers and businesses?

Under the new laws from March 12, 2014, it will be easier for Australians to:

    • find out if their personal information will be sent overseas
    • request access to their personal information held by an organization or agency
    • request a correction to their personal information held by an organization or agency
    • access an organization or agency’s Privacy Policy for more information about how that entity manages personal information.

Businesses will also be impacted by these changes, which will include enhanced powers for Privacy Commissioner Timothy Pilgrim, who oversees privacy at OAIC (the Commission also regulates government access and information policy). Under the new law, the Privacy Commissioner and OAIC are able to:

    • enforce the new requirements against companies doing business located in Australia or with a link to Australia
    • seek civil penalties in the case of serious or repeated breaches of the Act’s requirements
    • conduct assessments of privacy performance for both Australian government agencies and businesses

How can you tell if you’re compliant?

On February 21, the Office of the Australian Information Commissioner (OAIC) released Australian Privacy Principles (APP) guidelines to provide a resource for all those subject to the new APPs from March 12, 2014, to assess whether they are compliant.

The APP guidelines outline the mandatory requirements of the APPs, how the OAIC will interpret the APPs, and matters they may take into account when exercising functions and powers under the Privacy Act. The APP guidelines give many examples of how the APPs may apply in particular circumstances and contain suggestions for good privacy practices.

In addition to publishing the APP Guidelines, the OAIC has also said it is producing a practical tool that organizations can use to review their privacy policy which will be ready in March.

If you want to find out more: