On 17 September 2012 the House of Representatives of Australia’s Commonwealth Parliament passed important reforms to the Privacy Act 1988(Cth). Key reforms include expanded powers of the Australian Information Commissioner and a new set of 13 Australian Privacy Principles (APPs) to replace the current Information Privacy Principles for the public sector and National Privacy Principles for the private sector.
The APPs are high level principles which set out standards, rights and obligations in relation to the handling and maintenance of personal information. The APPs broadly follow the form and content of the exposure draft APPs, but contain a number of changes.
The significant changes include:
- changes to how personal information may be sent outside of Australia, including a general obligation on agencies, before disclosing personal information to an overseas recipient, to take reasonable steps to ensure the overseas recipient does not breach the APPs (subject to specified exceptions);
- requiring that sensitive information may (subject to certain exceptions) only be collected by an Australian Government agency if the individual has consented to the collection and the information is reasonably necessary for one or more of the agency’s functions or activities; and
- creating an obligation on Australian Government agencies where personal information is corrected to take reasonable steps to notify any other entity to which it had previously disclosed the information, if that notification is requested by an individual.
While the changes listed above are the most significant affecting Australian Government agencies we encourage you to seek advice for a complete understanding of all of the changes that will be implemented by the APPs.
Increased powers of the Australian Information Commissioner
The reforms will also enhance the powers of the Australian Information Commissioner to improve the Commissioner’s ability to resolve complaints, conduct investigations and promote privacy compliance. A key change will include the ability of the Information Commissioner to accept written undertakings from Australian Government agencies that they will take, or refrain from taking, specific action to ensure compliance with the Privacy Act. This will allow Australian Government agencies to take active responsibility for actions which might otherwise result in a court-based outcome. The Information Commissioner will also receive new powers to direct an agency to prepare a privacy impact assessment for particular projects or programs.
Privacy Act amendments – The Impact for Australian Government agencies
Should the Bill pass the upper house, the proposed reforms to the Privacy Act will have a significant impact on the regulation governing how personal information is collected and handled by Australian Government agencies. Agencies should be aware of the proposed changes and be in a position to anticipate how the reforms will affect their existing privacy policies and procedures and contractual arrangements to ensure compliance.