Privacy Laws now have teeth

New Privacy laws came into effect 12 March 2014.

The Australian Privacy Principals (APPs) consist of 13 principals and replace the Information Privacy Principal’s (which applied to the government sector) and the National Privacy Principals (which applied to some businesses).

For the APPs to apply a business must:
* have an annual turnover of greater than $3 million;
* be trading in personal information; or
* be a private health services provider.

Small business should be aware that they may be trading in personal information if they are providing customer information to third parties to manage direct marketing or where they sell a list (even if it is to a related business). Businesses that start off under the $3 million threshold should also consider setting up systems to comply from the outset rather than having to engineer it across their systems at some time in the future.

The new Privacy laws come with new teeth. There are enhanced powers for the Office of the Australian Privacy Commissioner which include:
* conducting assessments of compliance;
* accepting enforceable undertakings; and
* the seeking of civil penalties.

On this last point, there are now fines of up to $1.7 million for companies and $340,000 for sole practitioners or non corporate entities.

Our advice to our clients is the same as it has always been in relation to Privacy. There are 4 steps which all businesses who collect personal information should follow:

1. Audit – clients should identify what personal information is collected, how it is stored and how it is used or shared outside the business.
2. System – the business should develop a system for dealing with personal information to ensure all the APPs are complied with.
2. Notice – notice should be given to people at the time the information is collected about its uses.
4. Privacy Policy – a privacy policy should be developed and readily available. In particular there should be a way for customers to access and correct the information about them and opt out of direct marketing.

If you would like to discuss your obligations under the Privacy Laws please contact Leisa Bayston on 0421 344 843.