Do the Australian Privacy Principles apply to your organisation?

As of 12 March 2014 changes were made to the Privacy Act 1988 (Cth) to include a new set of Australian Privacy Principles (APPs) which replaces the National Privacy Principles and Information Privacy Principles. The APPs will regulate the handling of personal information by Australian Government agencies and businesses with a turnover of more than $3,000,000.00 and those with a turnover of less than $3,000,000.00 trading in personal information and all private health service providers.

Notwithstanding a turnover of less than $3,000,000.00, the legislation allows small businesses/not-for-profits, to opt in to the regime and therefore to become subject to the APP's.

This would allow small businesses/not for profits the opportunity to:

  • benefit from any increase in confidence and trust by the public that may be derived from operating under the Privacy Act 1988 (Cth); and
  • make a public statement about being committed to good privacy practice.

The APPs consist of 13 principles which can be found in Schedule 1 of the Privacy Act 1988 (Cth) that seek to address the collection, use, disclosure and security of personal information.

In summary the 13 APP's are as follows:

  1. Open and transparent management of personal information
  2. Anonymity and pseudonymity
  3. Collection of solicited personal information
  4. Dealing with unsolicited personal information
  5. Notification of the collection of personal information
  6. Use or disclosure of personal information
  7. Direct marketing (please note that the SPAM Act 2003 (Cth) should also be considered in conjunction with this principle)
  8. Cross-border disclosure of personal information
  9. Adoption, use or disclosure of government related identifiers.
  10. Quality of personal information
  11. Security of personal information
  12. Access to personal information
  13. Correction of personal information

You should now consider the practical implications of the APPs for your organisation and in doing so review as a minimum the following:

  • your privacy policy and ensure that it complies with the new requirements and is readily available and easy to access, such as on your website;
  • your complaints processes and how to deal with any inquiries;
  • your practice in disclosing how information disclosed to overseas recipients is handled and whether the overseas recipient must comply with similar legislation;
  • the method by which you obtain consent for direct marketing and implementing unsubscribe or "opt-out" facilities;
  • your policy and procedure for collecting, storing, securing and updating any personal information; and
  • your procedures for dealing with enquiries to update, remove or release personal information.

We would be happy to provide your not-for-profit entity with a "health check" to confirm it complies with the APPs.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.