Changes to privacy laws in Australia will come into force from 12 March 2014. The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (the "Act") amends the current Privacy Act 1988 and will aim to increase privacy protection by providing greater access to personal information to individuals and strengthening obligations on entities collecting personal information.

Key Changes

A single set of new privacy principles, the Australian Privacy Principles ("APPs"), will apply both to Commonwealth agencies and private sector organisations and will replace the Information Privacy Principles ("IPPs") and the National Privacy Principles ("NPPs") that currently govern the public and private sectors respectively.

The APPs contain some significant changes including:

  • Requirement for organisations to demonstrate that steps (such as implementing practices, procedures and systems) are being taken to comply with the new principles
  • Increased obligations to inform individuals about their personal information including details about the countries to which their personal information might be transferred, their rights of access to their personal information and the complaint processes available to them
  • Provisions governing the use of personal information for direct marketing
  • Greater accountability for organisations sending personal information to overseas recipients.

Changes to Credit Reporting Laws

The Act will also introduce changes to credit reporting laws including:

  • the introduction of more comprehensive credit reporting, with the ability to report on an individual's current credit commitments and their repayment history information over the previous two years
  • a simplified and enhanced correction and complaints process
  • a prohibition on the reporting of credit related information about children
  • a prohibition on the reporting of defaults of less than $150
  • the introduction of specific rules to deal with pre-screening of credit offers
  • the introduction of specific provisions that allow an individual to freeze access to their credit related personal information in cases of suspected identity theft or fraud
  • the introduction of civil penalties for breaches of certain credit reporting provisions.

What are my next steps?

The maximum penalty for a serious or repeated breach of privacy will be $340,000 for individuals and $1.7 million for entities.

To ensure that your organisation does not breach the Act you should consider having reviewed and updated any customer marketing material, privacy policies and procedures, website and social media material, and other documents involving personal information.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.