Upcoming Privacy Law Reforms and the Importance of Updating your Privacy Policy

We aim to deliver Just, Redemptive Outcomes®

On 23 May 2013, privacy law reforms were introduced to Federal Parliament proposing to amend the current Privacy Act 1988 (“Privacy Act”). That was the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (“Amending Act”). It was passed by Parliament with amendments on 29 November 2012. A total of 197 changes have been made by this legislation to the existing Privacy Act.

The changes introduced by the new legislation will take effect on 12 March 2014.There will be no transition period for these reforms. Therefore, on 12 March 2014 the amendments introduced by the Amending Act will immediately supersede the current provisions.

For our School clients these changes will mainly affect the content of schools’ and business’ Privacy Policies and their practices and procedures for collecting and managing the personal information of students, parents/guardians and business employees.

Given the number of amendments, new obligations and civil penalties introduced by the Act , it is important for schools and businesses to prepare prior to this date by having their existing policies and procedures reviewed to ensure that an updated Privacy Policy and procedures are positioned to take effect on the commencement date of 12 March 2014.

Currently, schools and businesses are required to adhere to a set of principles which outline their obligations in relation to privacy. This set of rules is called the National Privacy Principles (“NPPs”). The Amending Act replaces the NPPs with a more streamlined, comprehensive set of rules called the Australian Privacy Principles (“APPs”).

There are 13 new APP’s. Many of these APPs are different from the existing NPPs and introduce several new privacy obligations. One of these is an ongoing obligation on the part of the organization to take reasonable steps to comply with the APPs, which will include taking the relevant steps to implement practices, procedures and systems in relation to privacy matters.

A growing trend in organizations is a shift to cloud computing, or data storage in an offshore server. A new obligation under the Amending Act requires the organization to take reasonable steps to ensure that overseas entities who are disclosed the data do not breach the APPs.

Where there have been serious and repeated interferences with privacy, pursuant to the amendments of the Act, an entity may be subject to a new civil penalty introduced by the Amending Act, which may go up to $340,000.00 (if the entity is an individual) or $1,700,000.00 (if the entity is a body corporate).

If you need to update your Privacy Policy or practices in anticipation of the commencement of the Act, our team of legal professionals can assist you.

For more information regarding the Privacy Law Reforms

Please contact our Business Development Team or call us on (07) 3252 0011 to book an appointment with one of our specialist Education Lawyers today.