*Are You Ready for the New Privacy Laws?
You must be logged in to read the full article
In 2012, the Australian Government introduced the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth). This Act introduces a number of changes to Australian privacy laws, which take effect from 12 March 2014.?This Act establishes the Australian Privacy Principles (APPs), a set of 13 mandatory privacy principles. The APPs regulate the collection and use of personal information, including the disclosure of personal information for the purposes of direct marketing.
The APPs apply to all organisations that collect personal information and have a minimum annual turnover of $3 million, as well as organisations which trade in personal information. It is expected that many organisations with an annual turnover of under $3 million will voluntarily subscribe to the APPs in order to adopt best practice.
What is Personal Information?
Personal information is defined under the new APPs as ?information or an opinion about an identified individual, or an individual who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not.? Personal information can include:
- Internet Protocol (IP) addresses, Unique Device Identifiers (UDIs) and other unique identifiers in specific circumstances;
- Contact lists revealing details about the contacts themselves and also a user?s social connections;
- Voice print and facial recognition biometrics; and
- Location information.
What Should You Do?
To ensure that you are compliant with the new laws, you should:
- Review your practices and procedures for handling personal information and enquiries;
- Prepare a collection statement, and ensure that it contains all the information required under the new rules;
- Ensure you have an appropriate process for accessing and reviewing complaints;
- Ensure your staff are adequately trained; and
- Review and update your supplier contracts to ensure adequate privacy compliance and data protection.