The Federal Government recently passed comprehensive reforms to the Australian Privacy Act 1988 (Cth) (the “Act”) which will come into operation in March 2014, giving organisations lead time to prepare for the wholesale changes. The reforms follow the extensive (and lengthy) inquiry into Australia’s privacy laws and form the first stage of the Australian Government’s response to privacy reform, so we should expect to see further reform in this area over the next few years.
Key reforms include the introduction of a single set of Australian Privacy Principles (“APPs”) that will replace the current public sector Information Privacy Principles (“IPPs”) and private sector National Privacy Principles (“NPPs”). The new APPs comprise 13 harmonised principles, which largely consolidate the existing IPPs and NPPs but also incorporate important changes and new obligations.
In addition, the reforms will enhance the Privacy Commissioner’s powers to deal with breaches of privacy, including the ability to seek civil penalties for serious or repeated breaches.
In preparation for the reforms, organisations will need to review their privacy policies and systems, particularly around new obligations relating to the handling on unsolicited information, cross-border disclosure of personal information and the retention of personal information.
Lessons for Employers: While the changes do not affect the “employee records” exemption, the introduction of the APPs will inevitably affect employers that have employees and customers in Australia, particularly around the collection, use and transfer of personal information. Organisations will need to familiarise themselves with the comprehensive reforms and take active measures to ensure ongoing compliance. We have experience reviewing and developing privacy policies and compliance systems for our clients whether they be based in Australia, doing business within Australia, or collecting information from Australia.