On 28 February 2014, the Office of the Australian Information Commissioner (OAIC) issued a Statement in relation to its approach to enforcement after the amendments to the Privacy Act commence on 12 March 2004. For most businesses that will involve compliance with the harmonised Australian Privacy Principles (APPs), and for other businesses include the changes to the credit reporting system.
The OAIC stated:
“Our compliance focus in the months following 12 March 2014 will be on working with entities to ensure that they understand the new requirements and have the systems in place to meet them. In resolving matters brought to the attention of the OAIC we will take into account the steps taken by entities to genuinely prepare for the changes and to comply with the new legal requirements”.
Accordingly, businesses that are not fully prepared but are taking genuine steps to comply with the new laws will have the benefit of this approach.
The OAIC Statement notes that a number of detailed guidance notes have been prepared and published for both businesses and agencies in relation to the privacy reforms. The latest update from the OAIC is here More... And a number of updates are also available on the Holding Redlich website More...
The OAIC confirmed its enforcement model is an escalation model. That is, it would first try to resolve complaints by an individual with the relevant organisation by conciliation. If this was unsuccessful then the OAIC would use other tools such as determinations, enforceable undertakings or in some circumstances initiating court proceedings for civil penalties.
We have been working with clients to provide privacy statements and privacy clauses. To be effective we have been working with clients to audit their personal information collection, usage, and disclosure processes so that appropriate changes can be made and staff can be trained.