THE NEW LAW
The Federal Parliament passed major changes to Australian privacy law on 28 November 2012. The regime affects every business that collects "Personal Information", which is defined by the Privacy Act 1988 (Cth) as any information that identifies a person or could be used to identify a person (‘Personal Information’). It is highly likely that your business is collecting such information.
The changes to the law will come into force in March 2014. This article will cover the most important changes.
NEW POWERS FOR THE PRIVACY COMMISSIONER
The new laws grant the Privacy Commissioner major new powers to take the initiative with investigations and audits to ensure compliance with privacy law. The Commissioner's new powers are bolstered by the ability to impose fines of up to $1.1 million on corporations that do not comply with the law.
THE NEW AUSTRALIAN PRIVACY PRINCIPLES
When the new laws come into force, the "Australian Privacy Principles" ('APPs') will replace the current "National Privacy Principles". The APPs will bring into force a number of new principles, the most important of which are summarised below.
1 – Open and Transparent Management of Personal Information
4 - Unsolicited Personal Information
If a business receives Personal Information that it does not solicit, it has a reasonable period to decide if it could have collected that information on its own behalf under the APPs. If the business decides that it could not have collected the information itself, it must make the information anonymous or destroy it.
5 - Notification of Collecting Personal Information
When a business collects Personal Information, it must notify the person of, amongst other ...