Businesses need to prepare now for changes to the Privacy Act that take effect from 12 March 2014. Businesses that fail to update their privacy policies and practices will very likely find themselves in breach of the Privacy Act, potentially resulting in fines and orders to pay compensation, and possibly adverse publicity.
Some of the changes introduced by the new APPs include:
- A prescriptive approach to what the content of privacy policies must include.
- Restrictions on the use or disclosure of personal information for direct marketing purposes unless certain exceptions apply.
- The need to advise individuals whether their personal information is likely to be disclosed to overseas recipients and, if so, in what countries those recipients are located.
In addition to these changes to the APPs, the amending legislation has also handed sweeping new powers to the Australian Information Commissioner and introduced greatly increased penalties for breaches of the APPs.
Amongst the Commissioner’s new powers are the ability to obtain undertakings from businesses which are enforceable by a Court and, in serious cases, to take businesses directly to Court to have fines imposed.
The maximum fine that can now be imposed on businesses for serious breaches of the APPs will be increased to $1.7 million. The Commissioner has also recently flagged a `get tough’ approach meaning that he is unlikely to be as forgiving of transgressions as previously. Whilst most penalties imposed on businesses for breaches will not approach the maximum penalty of $1.7 million, the fact that the penalty has been increased significantly, coupled with the Commissioner’s tough new approach, indicate that businesses face a far greater exposure under the new regime.
Paul Hesse and Craig Healy of our office would be happy to discuss with you what might be involved in updating your policy.