In brief - New privacy laws take effect in Australia in March 2014
Businesses should be aware of the Australian Privacy Principles created by the new privacy legislation and understand the implications for collection of personal information, storage of data and use of cloud based IT services.
New privacy laws and definition of personal information
New privacy laws take effect in March 2014, imposing new requirements on businesses and government bodies that collect personal information online in Australia, or outside Australia if that data is brought to Australia.
The definition of "personal information" is broad and includes customer records, website cookies and customer information databases.
Changes to the privacy principles
The legislation creates new Australian Privacy Principles (APPs) that deal with how personal information can be collected and transferred including:
• How businesses and government bodies must collect, update and store personal information
• The purpose for which personal information may be collected
• How individuals may access their personal information and seek its correction or deletion
• How individuals may complain about invasion of their privacy
Risks of using cloud based IT services
In most instances, user consent will be required to transfer personal information overseas. If you use cloud based service providers, data may be transferred overseas in the cloud without your specific knowledge and without the required consent.
You must protect the personal information you hold from misuse, interference, unauthorised access, modification, disclosure and loss.
You may need to disclose unexpected or unauthorised access to personal data (hacking or data theft) to relevant authorities.
Direct marketing and sensitive information
Specific consent will be required if you wish to use sensitive information about an individual for direct marketing purposes.
Enforcement by Australian Privacy Commissioner
The Australian Privacy Commissioner has powers to enforce the APPs, including powers to obtain enforceable undertakings and to apply for civil penalty orders up to a maximum of $1.7 million for corporations or $340,000 for individuals.
Make sure your business complies with the new legislation
You should quickly review your practices to make sure they comply with the new laws before they become effective.
This is commentary published by Colin Biggers & Paisley for general information purposes only. This should not be relied on as specific advice. You should seek your own legal and other advice for any question, or for any specific situation or proposal, before making any final decision. The content also is subject to change. A person listed may not be admitted as a lawyer in all States and Territories. © Colin Biggers & Paisley, Australia 2023.