The new Privacy Act and you
MARCH 12 this year will see significant changes to the Privacy Act taking place, so if you are in business make sure you are aware of these changes.
Changes will include new principles and obligations, large fines for breaches, and an increase in powers of the Australian Information Commissioner to enforce penalties.
Australian businesses will need to reassess their privacy policies and procedures so as to identify risk as well as changing internal processes to ensure compliance.
The new Australian Privacy Principles (APP’s) will replace the National Privacy Principles (NPPs) and the Information Privacy Principles (IPPs) which currently apply to business and government.
Organisations and government must give “consideration of personal information privacy”.
Australian Privacy Principle 1: Open and transparent management of personal information. The object of this principle is to ensure APP entities manage personal information in an open and transparent way.
Compliance with the Australian Privacy Principles etc.
An APP entity must take such steps as are reasonable in the circumstances to implement practices, procedures and systems relating to the entity’s functions or activities that:
(a) will ensure the entity complies with the Australian Privacy Principles and an APP code (if any) that binds the entity ; and
(a) the kinds of personable information the entity collects and holds;
(b) how the entity collects and holds personal information;
(c) the purpose for which the entity collects, holds, uses and discloses personal information;
(d) how the individual may access their personal information and seek corrections to I;t
(e) how the individual may complain about a breach of the Australian privacy Principles, or a registered APP code (if any) that binds the entity and how the entity will deal with ia complaint; and
(f) whether the entity is likely to disclose personal information to overseas recipients. This is a minefield if ever I have seen one. I cannot find in my reading, who needs to become registered under the Australian Privacy Principles, but as the accounting bodies are holding seminars to ensure businesses are compliant with the new rules, I imagine any business who employ staff will have some obligation.
For those who take an interest in the laws of the country, it was interesting to read just last week how details of some 10,000 asylum seekers records appeared on a government website, apparently due to someone pressing the wrong button.
In Victoria, The Health Records Act 2001( Victoria) protects the health information handled by the Victorian public and private sectors.
“Health Information” is defined to include information about the physical, mental or psychological health of an individual, and can include personal information collected in providing an individual with a health service.
I suggest you read “Privacy fact sheet 17” on Australian Privacy Principles located on the website of Office of the Australian Information Commissioner.