All organisations handle personal information. Some of that personal information can be a very valuable asset.
The way organisations handle personal information is a key business issue, and failure to handle it properly can create significant business risks.
There is not just the risk of a breach of law. There is also the risk of good customer or stakeholder relations being prejudiced and trust reduced, with a commensurate reduction in the volume and nature of personal information that individuals are willing to share.
Research has shown that privacy protection is becoming increasingly important to Australians and privacy law is one of the fastest developing areas of law. This website provides you with an introduction to some of the law's key elements.
Allens privacy team brings together expertise from a range of fields, including e-commerce, telecommunications, banking, insurance, credit reporting, biotechnology and health, workplace relations, superannuation, funds management and trade practices. We welcome your enquiries about how we can: help you to develop compliance solutions and obtain maximum benefit from customer databases; advise on issues affecting the Internet and new media industries; facilitate workshops to educate and train staff; help you to outsource data processing functions; or help to harmonise privacy obligations across other jurisdictions.
The current system
In December 2001, the Privacy Act 1988 (Cth) (the Act) was amended to establish a national scheme to regulate private sector organisations' handling of personal information. The National Privacy Principles, or NPPs, regulate how private sector organisations may collect, keep, use and disclose personal information. The NPPs are legally binding.
Reform of Australia's privacy laws: what's ahead?
In January 2006, the then Attorney-General, Mr Philip Ruddock, asked the Australian Law Reform Commission (the ALRC) to conduct an inquiry into the extent to which the Act and other laws provide an effective framework for the protection of privacy in Australia. The ALRC issued a wide-ranging issues paper in October 2006, followed by a very detailed discussion paper in September 2007.
After extensive consultation, the ALRC issued its final report in August 2008, with 295 recommendations for reform of Australia's privacy laws. We summarised the ALRC report's recommendations in a series of Focus articles in 2008: ALRC releases privacy law report; The new Unified Privacy Principles; Credit reporting and credit information; Privacy Commissioner's new guide on notification of data breaches; Reforming privacy and health information. A lengthy consultation process followed involving numerous Parliamentary inquiries and exposure draft legislation.
On 27 November 2012, the Federal Parliament passed substantive amendments to the Privacy Act, which will come into effect on 13 March 2014. These amendments are discussed in our Focus article and in broad terms:
- replace the NPPs and the Information Privacy Principles applicable to government agencies with a single set of 'Australian Privacy Principles';
- increase restrictions on using personal information for direct marketing;
- change the rules for disclosing personal information outside Australia;
- redraft the credit reporting regime, introducing more comprehensive credit reporting;
- introduce significant civil penalties for serious or repeated breaches of privacy; and
- strengthen the powers of the Privacy Commissioner (now a part of the Office of the Information Commissioner) to conduct investigations and promote compliance with the Act.
The Government has indicated that stage two of the reforms will be released once its first stage has been progressed. Stage two will consider other recommendations from the ALRC Report, such as reviewing the exemptions for employee records and small businesses, the introduction of a statutory cause of action for a serious invasion of privacy and serious data breach notifications.