From March 2014, public sector organisations and private businesses will face significantly more stringent privacy requirements and the prospect of stronger civil penalties if they do not comply. All businesses collecting and/or dealing with personal information in Australia or from Australian residents will need to review their privacy procedures to ensure they are compliant.
The Privacy Amendment (Enhancing Privacy Protection) Act 2012, which comes into effect on 12 March, will make substantial amendments to the existing Privacy Act and introduce new Australian Privacy Principles (APPs). Specifically, there will be changes to the regulation of handling and processing personal information, the use of personal information for direct marketing, and the disclosure of personal information overseas. It is important employers are aware of the specific changes, and that they review their business processes and policies.
What can I do to comply?
An organisation needs to ensure it has a clearly expressed and compliant policy on the management of personal information, and this must be updated to reflect the new Australian Privacy Principles. The policy must contain:
- the kinds of information the entity collects and holds
- how it collects this information and the purpose for holding it
- how an individual may access the personal information
- how an individual may complain about a breach of the Australian Privacy Principles
- whether the entity is likely to disclose this information internationally.
The organisation must ensure this policy is available free of charge and readily accessible to all employees should they request to see it.