New Privacy Laws Commence 12 March 2014 – Commercial Law, Australia

It is vital to know what personal information you collect, how you use that information and what disclosures you
make as the new privacy laws will commence on 12 March 2014 following the amendments to the Privacy Act
1988 (Cth). These amendments will introduce the Australian Privacy Principles (APPs), give new powers to the
Australian Information Commissioner and increase protection for individuals.

The new laws apply to personal information handled by Commonwealth government agencies, businesses and
health services providers. There are some exceptions for small businesses with an annual turnover of less than
$3 million.

The APPs require entities governed by the Act to have and maintain a current privacy policy and to ensure their
practices and procedures are compliant with the Act.

The Information Commissioner released an opinion in relation to website privacy policies following a review of
50 websites. It was identified that:

  • 83% of the sites had issues that the privacy policies were not easy to find, not east to read, were too long or irrelevant 
  • Policies over 2,600 words are too long
  • The Information Commission recommends such polices meet a reading age of 14 years old.

The new laws give the Information Commissioner broad powers to investigate serious breaches and to assess
the privacy performance of a business through auditing. If an entity is non-compliant the Information
Commission may seek substantial enforceable undertakings or where there has been a serious or repeated
interference with the privacy of an individual impose civil penalties of up to $340,000 for individuals and $1.7
million for businesses.

The Information Commissioner has also issued guidelines on compliance with the APPs. These are available on the Office of the Australian Information Commission at www.oaic.gov.au.If you are currently collecting any personal information whether for direct marketing or to provide the requested goods and services, then we recommend that you review your policies and procedures for compliance with the new laws.

If you need to pass personal information to another entity as part of your services (e.g. a broker) or store personal information in the cloud then your contracts may also need to be reviewed to ensure ongoing compliance. There are also significant and complex changes regarding credit reporting requirements.

Wendy Meredith
Partner
T +61 2 4911 5430
E [email protected]

Elizabeth Radley
Special Counsel