Thursday 05 December 2013

From 12 March 2014, there will be many changes to the Privacy Act.

Although this seems a while away, if the Privacy Act applies to your business, it’s a good idea to start preparing for the changes now.

Does the Act apply to my business?

The Privacy Act protects personal information handled by large businesses and health service providers of any size.

The Act may also apply to a small business if it has an annual turnover of more than $3 million and either:

trades in personal information

provides services under a Commonwealth contract

runs a residential tenancy database

is related to a larger business

is a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act.

If you’re not sure whether the Privacy Act applies to your business, try the 9 Step Privacy Checklist for Small Business External link on the Office of the Australian Information Commissioner (OAIC) website.

If you’re still not sure, you may need to seek advice from your lawyer or other business advisors.

What is changing?

A new set of privacy principles that covers the handling of personal information by businesses will be introduced.

The changes will affect how businesses can:

handle and process personal information

use personal information for direct marketing

disclose personal information to people overseas.

The Privacy Act changes will also give the Information Commissioner the ability to:

investigate serious breaches (including the right to impose penalties on businesses)

assess the privacy performance of businesses.

To comply with the Privacy Act from 12 March 2014, businesses will need to have a clear and up to date privacy policy that is easily available.

For details of all changes to the Privacy Act, visit the Privacy law reform External link page on the OAIC website.