New amendments to the Commonwealth Privacy Act come into effect today, Wednesday 12 March 2014. According to the Office of the Australian Information Commissioner (OAIC) this is the biggest change in privacy law for Australia in 25 years.
For the most part the big change is that there is now a mandatory requirement for businesses to be “open and transparent” about how they use and manage personal information. So if your business collects information from customers, potential customers or people who visit your website, this affects you.
If you’re a new business or you’re not sure how this change will impact you, I’ve covered some important things to consider in this blog post.
Understanding what is considered personal information
The Privacy Act deals with “personal information”, that is information which can be used to identify a person, not just you and or your clients. This can include name, address, date-of-birth, tax file number, driver’s licence number or anything else that identifies a person.
- What personal information your business does collect?
- Is the personal information reasonably necessary for one or more of your business activities or functions?
- Why is the information collected?
- How does your business collect, handle and store information?
- To whom is this information disclosed? Internally and/or externally?
- Do you disclose any information to people or entities overseas? And if so in which country are they located?
- Do you have procedure in place for complaints
New guidelines for business
The new Commonwwealth Privacy Act now refers to the Australian Privacy Principles, also referred to as the APP guidelines. OAIC has also released guidelines for entities to help them implement the APPs, you’ll find the guidelines here.
Something to be aware of is that businesses collecting personal information need to have what is called a “collection notice” available which should contain certain information as set out in the APPs. This notice will need to be, where reasonably practicabe, supplied before, at the time or as soon as possible after personal information is collected by you.
You’ll find a helpful checklist for knowing if your business meets new requirements here.