Australia’s New Privacy Laws
On 12 March 2014 the Australian Government introduced new privacy laws known as the Australian Privacy Principles (APPs).
On 12 March 2014 the Australian Government introduced new privacy laws known as the Australian Privacy Principles (APPs). The APP has set out 13 rules that govern how businesses handle personal information.
Companies that fail to comply with the rules now potentially face penalties including enforceable undertakings or fines of up to $1.7 million per infringement.
For the first time under Australian information privacy law, businesses have an express obligation to put in place practices and systems to protect personal data in accordance with the APPs. Businesses will have to deal with a number of new responsibilities, including ensuring they have processes to deal with privacy complaints, making sure they are accountable for personal information disclosed to overseas parties, establishing security measures to prevent information breaches, and many more.
These wide-ranging changes will affect most Australian businesses that handle personal information including online businesses, retailers, utilities, healthcare providers, communications companies and most businesses in the finance and insurance sectors.
Here are 10 tips to help your business become APP-compliant:
- Identify what types of personal information is collected. Examples include: name, contact details, address, employment details, personal circumstance,demographic details, Tax File Numbers, health information.
- Identify how information is collected, stored, used and disclosed
- Identify the scope of any disclosures, including, disclosures to overseas parties.
- Review and update procedures and policies for managing the privacy risks at the time of collection, use, disclosure, storage and destruction.
- Implement security systems for protecting the information from misuse, interference, loss and unauthorised disclosure.
- Implement procedures for identifying and reporting privacy breaches and for receiving and addressing complaints.
- Implement access and correction procedures.
- Introduce procedures to give individuals the option of not identifying themselves or of using a pseudonym.
- Identify website cookies and web-beacon procedures.
- Identify how and when personal information is relayed to third parties.
Dominic is the CEO of Lawpath, dedicating his days to making legal easier, faster and more accessible to businesses. Dominic is a recognised thought-leader in Australian legal disruption, and was recognised as a winner of the 2015 Australian Legal Innovation Index.