The new privacy legislation is coming

The Office of the Australian Information Commissioner (OAIC) has advised Government agencies and businesses to start preparing now for the changes to the Privacy Act. But these changes will not commence till March 2014, so why do you need to prepare a full year in advance? This is simply because the changes are extensive. A few of them are highlighted below.

APPs replace IPPs and NPPs

Currently, the Information Privacy Principles (IPPs) apply to the public sector and the National Privacy Principles (NPPs) apply to the private sector. From March 2014, a new set of privacy principles called the Australian Privacy Principles (APPs) will replace both the IPPs and the NPPs.

Of the 13 new APPs, some are significantly different from the existing principles. The OAIC gave these three examples on its privacy law reform page:

1. APP 1 on the open and transparent management of personal information;
   
2. APP 7 on the use and disclosure of personal information for direct marketing, and 
   
3. APP 8 on cross-border disclosure of personal information.

The Commissioner has more power

The Commissioner will have the ability to accept enforceable undertaking and seek civil penalties in the case of serious or repeated breaches of privacy.

Changes to credit reporting laws

There will be many changes to credit reporting laws, including the introduction of more comprehensive credit reporting.

So it is time to review, and amend as necessary, templates such as collection notices, privacy clauses and confidentiality clauses, and policies and procedures such as those relating to cross border data flow.