Your information and Privacy Protected

Reforms intended to increase the effectiveness of the Privacy Act 1988 start on 12 March 2014.  Applicable to businesses since 2000, the Privacy Act was reviewed in 2008 and the reforms were recommended in that review.

Privacy laws are designed to protect individuals from the mishandling of information that identifies you or could reasonably identify you.  Examples include your name, address, date of birth, bank account details, and information on your appearance, place of work or your opinions.

For example, when a member of a NSW Leagues Club made a complaint that privacy laws were breached because their ex-partner was given details of their membership and gambling the club was ordered, among other things, to pay $7,500 in damages.

For consumers, the changes include more protection over what information can be disclosed to overseas recipients.  There are also greater restrictions around how information held by a business can be used for direct marketing purposes.  There is a new requirement that individuals be given the option to opt-out of direct marketing.

The changes should bring greater transparency to customers in how their information is used.  Whereas previously a company could pass on information about a consumer to a third party as long as this practice was stated in the privacy policy, the changes mean that this third party now needs to contact the consumer to let them know how they plan to use that information.

For businesses, check whether you need to comply.  Businesses that do should have a clear and up to date privacy policy, familiarise themselves with the 13 new Australian Privacy Principles and review all areas of their business to see where further work is needed.  Staff members should also be trained and understand how the privacy laws operate.

Any complaints are investigated by the Office of the Australian Information Commissioner whose powers are increased as a result of the reforms. They can issue fines of up to $1.7 million to companies and $340,000 to individuals for serious or repeated invasions of privacy.