The purpose of the Privacy Act is to protect individuals against the mishandling of personal information about them by organisations that collect or share that information. Significant changes to the Act will come into force in March 2014 and are likely to affect you and your business. These are the most significant changes to Australian Privacy laws since the current Act was passed in 1988.

Until now, the Act has not taken into account the rise of the internet and the predominance of online business dealings. Online banking and billing and electronic marketing did not exist when the Act was implemented.

Organisations need to ensure that policies and procedures addressing each of the new Australian Privacy Principles are in place, to ensure compliance with the updated legislation. It is essential that you review your privacy policy and data collection notices prior to March 2014 as the Privacy Commissioner will also have greater power to conduct assessments of your compliance with the Act, in both the government and the private sector. Civil penalties will apply for businesses who fail to comply with these laws with the Act providing for penalties for repeat offenders of up to $340 000 for an individual and $1.7 million for a company.

The changes to the Act include restrictions on what type of personal information can be collected. This means you will need to review how you identify, manage and monitor the personal information residing in your organisation, how that information can be used (eg for direct marketing), and the basis on which personal information, may be shared with a third party either in Australia or overseas.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.