“From our experience, government agencies and private organisations that handle a lot of personal and sensitive information will have to allocate a lot of time and resources in order to comply with the new privacy laws. For agencies or organisations handling a relatively small amount of personal information, compliance may be relatively simple.”
Katarina Klaric, Principal, Stephens Lawyers & Consultants
The Australian privacy laws regulate the handling, storage, use and disclosure of personal information by Commonwealth, State and local government and its agencies and private organisations.
The Information Privacy Principles (“IPP”) contained in the Federal Privacy Act 1988 (Cth) specified the standards that the Federal Government and its agencies had to comply with when handling personal information during the period up to 12 March 2014. The National Privacy Principles (NPP) outlined in Schedule 3 of the Act applied to the handling of personal information by private sector organisations during the period 21 December 2001 to 11 March 2014. In addition, the privacy laws of each Australian State and Territory regulated the handling of personal information by State and Territory government agencies and local government.
As of 12 March 2014, the NPP and the IPP were replaced by the Australian Privacy Principles (“APP”) which apply to the handling of personal information by both Federal government, its agencies and private organisations covered by the Privacy Act, and referred to as “APP” entities in the Act. State and Territory privacy laws continue to apply to State and Territory government agencies and local government/councils.
On 22 February 2018, the Notifiable Data Breach scheme (“NDB scheme”) under the Federal Privacy Act 1988 (Cth) commenced.
The application and compliance with the relevant Australian privacy laws can be complex and expert advice should be sought. Civil pecuniary penalties may be imposed where there is serious or repeated interference with privacy.
In summary, the Australian privacy laws give individuals the right to:
- Know if their personal information is being collected by government agencies or private sector organisations.
- Know what personal information is held about them.
- Know for what purposes the personal information is collected, held, used and disclosed including whether any disclosure is likely to an overseas recipient.
- Access personal information held and to seek correction of the personal information if it is wrong.
- Know how the entity will deal with the individual’s complaints involving breaches of the privacy principles.
- Entities failing to comply with Australian privacy laws risk court enforceable determinations. Privacy Commissioners and approved code adjudicators have the power to investigate complaints and issue determinations for:
- Payment of compensation including amounts for injury to feelings or humiliation suffered.
- Rectification of conduct that constitutes the interference with privacy.
- Redress of any loss or damage suffered.
There is also a requirement for organisations to report data breaches to the individual and the Office of the Australian Information Commissioner (“OAIC”) under the Notifiable Data Breach scheme.
Read the Stephens Lawyers & Consultants Privacy Act Information Sheets below to ensure that your business is fully aware of its liabilities and obligations under the Australian privacy laws:
Make sure that your government agency, organisation or business has a Privacy Plan and Policy that complies with the applicable Australian privacy laws and is capable of implementation, by completing the Stephens Lawyers and Consultants Privacy Law Compliance Checklist:
Stephens Lawyers & Consultants advises on all aspects of Privacy Law and works with its clients in the development and implementation of privacy compliance programs.
The firm has extensive experience in:
- Conducting internal privacy audits, including the development of audit questionnaires and procedures.
- Preparing procedures and policies for the collection, use, disclosure, handling, security and storage of information in accordance with Australian Privacy Principles.
- Advising in respect of compliant handling procedures for privacy breaches.
- Advising in respect of privacy breaches and privacy dispute resolution/litigation.
In many cases compliance need not be costly or onerous. Stephens Lawyers & Consultants recognises this and is able to offer advice on the most appropriate compliance approach.