The new Pri­vacy Act and you

Wangaratta Chronicle - North East Regional Extra - - Regional Extra - By KEN CLARKE, WAN­GARATTA CER­TI­FIED PRAC­TIC­ING AC­COUN­TANT kclarke@al­phalink.com.au

MARCH 12 this year will see sig­nif­i­cant changes to the Pri­vacy Act tak­ing place, so if you are in busi­ness make sure you are aware of these changes.

Changes will in­clude new prin­ci­ples and obli­ga­tions, large fines for breaches, and an in­crease in pow­ers of the Aus­tralian In­for­ma­tion Com­mis­sioner to en­force penal­ties.

Aus­tralian businesses will need to re­assess their pri­vacy poli­cies and pro­ce­dures so as to iden­tify risk as well as chang­ing in­ter­nal pro­cesses to en­sure com­pli­ance.

The new Aus­tralian Pri­vacy Prin­ci­ples (APP’s) will re­place the Na­tional Pri­vacy Prin­ci­ples (NPPs) and the In­for­ma­tion Pri­vacy Prin­ci­ples (IPPs) which cur­rently ap­ply to busi­ness and govern­ment.

Or­gan­i­sa­tions and govern­ment must give “con­sid­er­a­tion of per­sonal in­for­ma­tion pri­vacy”.

Aus­tralian Pri­vacy Prin­ci­ple 1: Open and trans­par­ent man­age­ment of per­sonal in­for­ma­tion. The ob­ject of this prin­ci­ple is to en­sure APP en­ti­ties man­age per­sonal in­for­ma­tion in an open and trans­par­ent way.

Com­pli­ance with the Aus­tralian Pri­vacy Prin­ci­ples etc.

An APP en­tity must take such steps as are rea­son­able in the cir­cum­stances to im­ple­ment prac­tices, pro­ce­dures and sys­tems re­lat­ing to the en­tity’s func­tions or ac­tiv­i­ties that:

(a) will en­sure the en­tity com­plies with the Aus­tralian Pri­vacy Prin­ci­ples and an APP code (if any) that binds the en­tity ; and

(b) will en­able the en­tity to deal with en­quiries or com­plaints from in­di­vid­u­als about the en­tity’s com­pli­ance with the Aus­tralian Pri­vacy Prin­ci­ples or such a code. APP Pri­vacy Pol­icy: An en­tity must have a clearly ex­pressed and up to date pol­icy (the AAP pri­vacy pol­icy) about the man­age­ment of per­sonal in­for­ma­tion by the en­tity. Things such as:

(a) the kinds of per­son­able in­for­ma­tion the en­tity col­lects and holds;

(b) how the en­tity col­lects and holds per­sonal in­for­ma­tion;

(c) the pur­pose for which the en­tity col­lects, holds, uses and dis­closes per­sonal in­for­ma­tion;

(d) how the in­di­vid­ual may ac­cess their per­sonal in­for­ma­tion and seek cor­rec­tions to I;t

(e) how the in­di­vid­ual may com­plain about a breach of the Aus­tralian pri­vacy Prin­ci­ples, or a reg­is­tered APP code (if any) that binds the en­tity and how the en­tity will deal with ia com­plaint; and

(f) whether the en­tity is likely to dis­close per­sonal in­for­ma­tion to over­seas re­cip­i­ents. This is a mine­field if ever I have seen one. I can­not find in my read­ing, who needs to be­come reg­is­tered un­der the Aus­tralian Pri­vacy Prin­ci­ples, but as the ac­count­ing bod­ies are hold­ing sem­i­nars to en­sure businesses are com­pli­ant with the new rules, I imag­ine any busi­ness who em­ploy staff will have some obli­ga­tion.

For those who take an in­ter­est in the laws of the coun­try, it was in­ter­est­ing to read just last week how de­tails of some 10,000 asy­lum seek­ers records ap­peared on a govern­ment web­site, ap­par­ently due to some­one press­ing the wrong but­ton.

In Vic­to­ria, The Health Records Act 2001( Vic­to­ria) pro­tects the health in­for­ma­tion han­dled by the Vic­to­rian pub­lic and pri­vate sec­tors.

“Health In­for­ma­tion” is de­fined to in­clude in­for­ma­tion about the phys­i­cal, men­tal or psy­cho­log­i­cal health of an in­di­vid­ual, and can in­clude per­sonal in­for­ma­tion col­lected in pro­vid­ing an in­di­vid­ual with a health ser­vice.

I sug­gest you read “Pri­vacy fact sheet 17” on Aus­tralian Pri­vacy Prin­ci­ples lo­cated on the web­site of Of­fice of the Aus­tralian In­for­ma­tion Com­mis­sioner.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.