Privacy Law Reform
The aim of the Privacy Act is to protect personal information about individuals handled by organisations. The Act contains Principles which set the minimum standards for handling personal information.
Personal information is information that identifies an individual or allows their identity to be readily worked out. It includes information such as a person's name, address, financial details, marital status, billing details, ethnicity, religion and health details. The Privacy Act does not apply to employment records of private sector organisations, used for employment purposes.
Privacy Law and Small Business
Small businesses with an annual turnover of $3 million or less do not need to comply unless they are:
* Note: The credit reporting system may still apply.
Australian Privacy Principles
The 13 Australian Privacy Principles (APPs) set out standards, rights and obligations for the handling, holding, use, accessing and correction of personal information.
The Privacy Act also covers the following areas:
- APP 1 – Open and Transparent Management of Personal Information
- APP 2 – Anonymity and Pseudonymity
- APP 3 – Collection of Personal and Sensitive Information
- APP 4 – Dealing with Unsolicited Personal Information
- APP 5 – Notification of Collection
- APP 6 – Use or Disclosure of Personal Information
- APP 8 – Cross Border Disclosure
- APP 9 – Adoption, Use or Disclosure of Government Identifiers
- APP 10 – Quality of Personal Information
- APP 11 – Security of Personal Information
- APP 12 – Access of Personal Information
- APP 13 – Correction of Personal Information
The Privacy Act also covers specified persons handling your:
- Consumer credit reporting information
- Tax File Numbers under the Tax File Number guidelines
- Personal Information contained under the Personal Property Securities register
- Old Conviction information under the Commonwealth Government Conviction Scheme
- My Health record information
The Australian Privacy Commissioner is able to conduct performance assessments and apply orders or penalties to non-compliant businesses. Penalties may be up to $340,000 for individuals and up to $1.7 million for organisations
Ensuring Your Business Complies with the Privacy Act
What you need to do to ensure your business complies with the Privacy Act will depend on the size and the type of business you run and the kind of personal information you collect.
The following steps provide a framework to ensure your business is ready to comply with the Privacy Act and reforms:
More information on the obligations which may be relevant for your organisation can be found on the Office of the Australian Information Commissioner website http://www.oaic.gov.au/ or by contacting our office.
If you would like to print this information please click here for PDF format
The information provided in this information sheet does not constitute advice. The information is of a general nature only and does not take into account your individual situation. It should not be used, relied upon, or treated as a substitute for specific professional advice. We recommend that you contact Brentnalls SA before making any decision to discuss your particular requirements or circumstances.