Newsflash: Privacy (Australian Government Agencies — Governance) APP Code is coming

On 1 July 2018 the new Privacy (Australian Government Agencies — Governance) APP Code 2017 (Code) comes into effect.

The Code applies to all Australian Government agencies subject to the Privacy Act 1988 (Cth).  It sets out how agencies which are governed by Australian privacy laws will need to:

  • comply with their requirements under Australian Privacy Principle (APP) 1.2 – which requires agencies to take reasonable steps to implement practices, procedures, and systems to ensure compliance with the APPs; and
  • deal with any inquiries or complaints from individuals.

The Code requires agencies to:

  • have a privacy management plan which identifies measurable goals and targets and sets out how compliance with the obligations in the APPs will be maintained;
  • appoint a Privacy Officer, or Privacy Officers, and ensure that the following functions are undertaken by the Privacy Officer:

1. handling of all privacy enquiries, privacy complaints, and requests for access to and correction of personal information made under the Privacy Act;

2. maintaining a record of the agency's personal information holdings;

3. assisting with the preparation and maintenance of privacy impact statement; and

4. measuring and documenting the agency’s performance against the privacy management plan at least annually;

  • appoint a senior official as a “Privacy Champion” to provide cultural leadership and reviewing and reporting on privacy and management of personal information;
  • prepare and publish on their website a privacy impact assessment for all ‘high privacy risk’ projects – a term which is defined as those likely to change or impact the way personal information is handled, and so is sufficiently broad to capture most data sharing and release activities; and
  • provide appropriate privacy education or training to staff.

Lavan Comment

Agencies need to be aware of these requirements and be ready to be compliant by 1 July 2018. Whilst these requirements are not mandated in the private sector, other entities may wish to use them as best practice guidelines.

Individuals can find comfort in the fact that agencies will be subjected to more regulated processes which will likely facilitate, and thereby increase, compliance with the APPs.

Disclaimer – the information contained in this publication does not constitute legal advice and should not be relied upon as such. You should seek legal advice in relation to any particular matter you may have before relying or acting on this information. The Lavan team are here to assist.