Privacy Law Reforms and the Importance of Updating your Privacy Policy

We aim to deliver Just, Redemptive Outcomes®

On 23 May 2013, a proposal to amend the current Privacy Act 1988 (“Privacy Act”) was made to the Federal Parliament. This was in regard to the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (“Amending Act”) The law reform  was passed by Parliament with amendments on 29 November 2012. A total of 197 changes have been made by this legislation to the existing Privacy Act.

On 12 March 2014, the amendments introduced by the Amending Act will supersede current provisions as the new legislation takes effect with no transition period for these reforms.

For our School clients these changes will mainly affect the content of schools’ and business’ Privacy Policies and their practices and procedures for collecting and managing the personal information of students, parents/guardians and business employees.

It is therefore important for schools and businesses to prepare prior to 12 March 2014 given the number of amendments, new obligations and civil penalties introduced by the Act. Schools and businesses must therefore review their existing policies and procedures and ensure they have an updated Privacy Policy in place before the commencement date of the new legislation.

Currently, schools and businesses adhere to a set of rules called the National Privacy Principles (“NPPs”). These principles outline their obligations in relation to privacy.  The Amending Act replaces the NPPs with a more streamlined, comprehensive set of rules called the Australian Privacy Principles (“APPs”).

Many of these APPs are different from the existing NPPs and there are 13 new APP’s that introduce several new privacy obligations.  One of these is an ongoing obligation on the part of the organization to take reasonable steps to comply with the APPs, which will include taking the relevant steps to implement practices, procedures and systems in relation to privacy matters

There is a growing trend in organizations to shift to cloud computing or data storage in an offshore server.  In this regard, a new obligation under the Amending Act requires the organization to take reasonable steps to ensure that overseas entities who are disclosed the data do not breach the APPs.

An entity may be subject to a new civil penalty introduced by the Amending Act which may go up to $340,000.00 (if the entity is an individual) or $1,700,000.00 (if the entity is a body corporate). This may be so if there are serious and repeated interferences with privacy, pursuant to the amendments of the Act.

If you need to update your Privacy Policy or practices in anticipation of the commencement of the Act, our team of legal professionals can assist you.

For more information regarding the Privacy Law Reforms

Please contact our client engagement team or call us on (07) 3252 0011 to book an appointment with one of our specialist Education Lawyers today.