+61 8 9288 6000
Chinese
Services
Our People
The Firm
News
Publications
Blog
Community
Careers
Contact

Reforms to the Privacy Act

YOU MIGHT ALSO BE INTERESTED IN:
Equitable Estoppel - Is It Set In Stone?
21 March 2024
Parasitic costs disputes: Robust decisions from Quinlan CJ and Lundberg J clarify the Court's expectations on costs
13 November 2023
Merc v Merc: Mercedes-Benz win will change the way Mercedes are sold in Australia
19 October 2023
Administrative Appeals Tribunal NDIS Cases, What Is Really Under Review?
09 October 2023
View all Litigation & Dispute Resolution Updates

In December 2012 the Privacy Act 1988 (Cth) was overhauled via the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (Reform Act).  These reforms will take effect on 12 March 2014.

The Reform Act has created a set of new, harmonised, privacy principles, called the Australian Privacy Principles (APPs), which apply to both the public and private sector, now termed APP entities.  A quick reference sheet of the new APPs can be found here.  Whilst the APPs are generally comparable to the pre-existing regime, some important differences should be noted:

  • APP 4 deals with unsolicited personal information, specifying when such information must be destroyed or de-identified by the APP entity.  In essence, you should not collect or retain anything on an unsolicited basis that you could not on a solicited basis.

  • APP 7 regulates when personal information can be used or disclosed for the purpose of direct marketing.  This is a new provision.

  • APP 8 imposes new requirements with respect to an APP entity’s accountability for personal information that it has disclosed to overseas recipients.  In conjunction with the amended section 16C, APP 8 introduces an accountability approach where acts done to information by an overseas recipient is taken to have been done by the APP entity.  Therefore to discharge this duty, before an entity discloses personal information to an overseas recipient, the entity must take reasonable steps to ensure that the overseas recipient does not breach the APPs.  You should review both your privacy consents and your contracts with third parties who hold your information for you in a cloud.

  • Penalty provisions have been introduced, where the maximum penalties for a serious or repeated interference with the privacy of an individual will be $340,000 for individuals and $1.7 million for entities. 

The majority of the APPs (11 out of 13) rely upon what is reasonable in relation to the APP entity and the personal information held.  The reasonable test is to be determined by the factors relating to the nature of the APP entity; quality of the information held; risk to individuals’ concerned in the event of a breach; data handling practices of the APP entity; and the ease which security measures can be implemented.  APP entities have been advised to start preparing now, and complete a Privacy Impact Assessment for all projects in order to determine what is reasonable, manage privacy and avoid privacy breaches. 

The OAIC website contains additional information and guides in relation to the changes to the Privacy Act.

You should start your review now.

Disclaimer – the information contained in this publication does not constitute legal advice and should not be relied upon as such. You should seek legal advice in relation to any particular matter you may have before relying or acting on this information. The Lavan team are here to assist.
SERVICES
PUBLICATIONS
AUTHOR
Level 20, 1 William Street, Perth Western Australia 6000     Telephone +61 8 9288 6000
Quadrant Advisory
   ©2016-2024 Lavan. All rights reserved.   
Privacy Policy
Terms & Credits
Site Map