Reform to Australia’s Privacy legislation began in 2004 – and as of tomorrow, 12 March 2014, there will be a raft of changes to the way in which our privacy is regulated. The Australian Privacy Commissioner, Timothy Pilgrim, provides a high level of overview of the changes in this video.
Australian Privacy Principles
The changes that come into effect tomorrow, include a set of 13 new harmonised privacy principles that regulate the handling of personal information by Australian and Norfolk Island Government agencies and some private sector organisations. These replace the national privacy principles and the information privacy principles that were previously in place. In particular, the following principles apply to marketers:
- Direct marketing: Australian Privacy Principle 7 (APP7) relates to direct marketing. Where you hold personal information about an individual, this principle covers the manner in which that information can be used (or not) for direct marketing purposes
- Cross-border disclosure of personal information: Australian Privacy Principle 8 (APP8) covers the sharing of personal information with an overseas entity. This will apply where you are capturing or sharing information with overseas providers.
Who do the APP apply to?
The short answer is government agencies and organisations with over $3 million in annual turnover – but be sure and check the details:
The APPs cover the collection, use, disclosure and storage of personal information. They allow individuals to access their personal information and have it corrected if it is incorrect. There are also separate APPs that deal with the use and disclosure of personal information for the purpose of direct marketing (APP 7), cross-border disclosure of personal information (APP 8) and the adoption, use and disclosure of government related identifiers (APP 9).
The APPs generally apply to Australian and Norfolk Island government agencies and also to private sector organisations with an annual turnover of $3 million or more. These entities are known as ‘APP entities’. In addition, the APPs will apply to some private sector organisations with an annual turnover of less than $3 million, such as health service providers. More information is available on the Who is covered by privacy and the Privacy Topics — Business pages.
The APP checklist
What has changed and what do you need to review?
Take a look at the Privacy Act Reform Checklists for organisations (yes, that’s you if you run a business with turnover > $3 million) and government agencies.
Get reviewing now
Remember, the changes come into effect tomorrow. So you’d best get started on that review ASAP!