The new privacy regime
As a business owner, you need to be ready for the significant amendments to the Privacy Act 1988 (Cth) (“the Act”) that come into effect on 12 March 2014 and that could impact your business.
These changes may mean that your privacy policies and procedures need a radical overhaul, or you may face very substantial fines. Personal information The new Australian Privacy Principles (APPs) must be complied with if your business collects, uses, stores or receives personal information about individuals. Personal information has a broad meaning and includes informa- tion or opinions about an individual whose identity is apparent from the information or opinion supplied.
It includes information such as customer records, names, email addresses, dates of birth, as well as more sensitive information.
information; • how the information will be collected
and used by your business; • the length of time the information
will be held by your business; • how an individual can access and
correct the information; • how the individual can complain
The use of an individual’s personal information (including, for example, their home address to send advertising) may now require the consent of the individual.’
about breaches of privacy; and • whether the information will be shared with other businesses (located in or outside Australia). If your business receives information about individuals from another source, you may be responsible for making sure that the individual concerned is aware of that fact. There are also new provisions about: • how you can collect, use and disclose
personal information; • your obligations regarding keeping
your records accurate and up to date; • data information security; and • your ability to disclose personal infor
mation overseas. Providing credit A wide range of businesses will now be caught by the credit provider requirements which apply more broadly than to traditional credit providers (such as banks and financiers).
You will be considered a credit provider and have to comply with the onerous credit provider obligations, (including providing detailed information about the kinds of credit checks you may perform and how you may access and disclose the personal information of those seeking credit) if your business provides customers with more than seven days credit.
Credit providers will therefore need to update the following: • standard terms and conditions if goods or services are purchased on delayed payment terms; • credit application documentation; • privacy statements; and • any arrangements with credit report
The new regime also covers the use of personal information for direct marketing.
The use of an individual’s personal information (including, for example, their home address to send advertising) may now require the consent of the individual.