Your basket is empty

Changes to Privacy Law

 by fileit on 07 May 2014 |
No Comment
Privacy issues today are significantly different to how they were years ago. Technology has changed immensely and so too have the issues of privacy.   

For this reason, on 12th March 2014, several changes to the current privacy laws will come into effect, in order to keep up with these up-and-coming privacy issues. The new changes will fall under the Privacy Amendment (Enhancing Privacy Protection) Act 2012.

Currently there are privacy laws under a number of different principles; the NPPs (National Privacy Principles) for the private sector and the IPPs (Information Privacy Pricniples) for the government sector. A bit confusing, right? To make this simpler, the government have introduced new laws that will mean “a single set of Australian Privacy Principles applying to both Australian Government agencies and the private sector” according to the Australian Government (2013).

Mark Dreyfus, the Attorney General, and Timothy Pilgrim, the Privacy Commissioner, suggest that entities should make the necessary changes now, not in March when the laws come into force. Dreyfus says “The sooner these changes are embedded the easier it will be to comply with the new measures in March 2014”.

The APPs apply to entities which include agencies and organisations. Pilgrim says “an entity must now take reasonable steps to protect the personal information it holds from misuse; interferences and loss; and from an unauthorised access, modification, or disclosure. The inclusion of interference is new and recognises that attacks on personal information may not be limited to simple attacks being with modification of content of the information”. APPs will therefore regulate/control the “collection, holding, use and disclosure of personal information that is included in records” (Chand 2012).

The public sector will be required to conduct their own privacy impact assessments whilst the private sector will be assessed by the privacy commissioner who will be able to carry out these assessments on privacy performance at any given time.

Some of the important new APPs are:

- Managing personal information in an open and transparent way. (APP 1)
Having a “clearly expressed” privacy policy on managing personal information that is up to date. This should include (APP 1.3-1.4):
  • The kinds of personal information that the entity collects and holds;
  • How the entity collects and holds personal information;
  • The purposes for which the entity collects, holds, uses and discloses personal information;
  • How an individual may access personal information about the individual that is held by the entity and seek the correction of such information;
  • How an individual may complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds the entity, and how the entity will deal with such a complaint;
  • Whether the entity is likely to disclose personal information to overseas recipients;
  • If the entity is likely to disclose personal information to overseas recipients—the countries in which such recipients are likely to be located if it is practicable to specify those countries in the policy.
- Having a privacy policy that is available free of charge and in an appropriate form. (APP 1.5)
- That individuals should have the option to not identify themselves or to use a pseudonym (some exceptions apply) (APP 2).
That “if an APP entity is an agency, the entity must not collect personal information (other than sensitive information) unless the information is reasonably necessary for, or directly related to, one or more of the entity’s functions or activities” (APP 3.1).
  • For organisations the information collected must be “reasonably necessary for one or more of the entity’s functions or activities”. (APP 3.2)
    • Importantly, an individual must consent to this as well (APP 3.3).
- That “if an organisation holds personal information about an individual, the organisation must not use or disclose the information for the purpose of direct marketing” (APP 7.1). Although some exceptions do apply.
- That an entity should “take reasonable steps to ensure the personal information it collects is accurate, up to date and complete”. It should also ensure that using and disclosing this information “is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure” (APP 10). 

As you can see, there are quite a lot of APPs and this is exactly why agencies and organisations should take note and adapt now before the laws come into force. Below is a summary of the APPs offered by the government. To see a more complete and detailed list of the new APPs click here.



Leave a comment

* Please enter your name.
Email address will not be published
Please enter a valid email address.
* Please enter your comment.
Image Verification
'Please enter security code.
ABN: 11 056 481 568                                                                            Copyright © 2014 File-IT Pty Ltd