+61 8 9288 6000
Chinese
Services
Our People
The Firm
News
Publications
Blog
Community
Careers
Contact

Newsflash: Privacy (Australian Government Agencies — Governance) APP Code is coming

YOU MIGHT ALSO BE INTERESTED IN:
Equitable Estoppel - Is It Set In Stone?
21 March 2024
Parasitic costs disputes: Robust decisions from Quinlan CJ and Lundberg J clarify the Court's expectations on costs
13 November 2023
Merc v Merc: Mercedes-Benz win will change the way Mercedes are sold in Australia
19 October 2023
Administrative Appeals Tribunal NDIS Cases, What Is Really Under Review?
09 October 2023
View all Litigation & Dispute Resolution Updates

On 1 July 2018 the new Privacy (Australian Government Agencies — Governance) APP Code 2017 (Code) comes into effect.

The Code applies to all Australian Government agencies subject to the Privacy Act 1988 (Cth).  It sets out how agencies which are governed by Australian privacy laws will need to:

  • comply with their requirements under Australian Privacy Principle (APP) 1.2 – which requires agencies to take reasonable steps to implement practices, procedures, and systems to ensure compliance with the APPs; and
  • deal with any inquiries or complaints from individuals.

The Code requires agencies to:

  • have a privacy management plan which identifies measurable goals and targets and sets out how compliance with the obligations in the APPs will be maintained;
  • appoint a Privacy Officer, or Privacy Officers, and ensure that the following functions are undertaken by the Privacy Officer:

1. handling of all privacy enquiries, privacy complaints, and requests for access to and correction of personal information made under the Privacy Act;

2. maintaining a record of the agency's personal information holdings;

3. assisting with the preparation and maintenance of privacy impact statement; and

4. measuring and documenting the agency’s performance against the privacy management plan at least annually;

  • appoint a senior official as a “Privacy Champion” to provide cultural leadership and reviewing and reporting on privacy and management of personal information;
  • prepare and publish on their website a privacy impact assessment for all ‘high privacy risk’ projects – a term which is defined as those likely to change or impact the way personal information is handled, and so is sufficiently broad to capture most data sharing and release activities; and
  • provide appropriate privacy education or training to staff.

Lavan Comment

Agencies need to be aware of these requirements and be ready to be compliant by 1 July 2018. Whilst these requirements are not mandated in the private sector, other entities may wish to use them as best practice guidelines.

Individuals can find comfort in the fact that agencies will be subjected to more regulated processes which will likely facilitate, and thereby increase, compliance with the APPs.

Disclaimer – the information contained in this publication does not constitute legal advice and should not be relied upon as such. You should seek legal advice in relation to any particular matter you may have before relying or acting on this information. The Lavan team are here to assist.
SERVICES
PUBLICATIONS
AUTHOR
Level 20, 1 William Street, Perth Western Australia 6000     Telephone +61 8 9288 6000
Quadrant Advisory
   ©2016-2024 Lavan. All rights reserved.   
Privacy Policy
Terms & Credits
Site Map