Proposed privacy reforms

The Federal Government has released draft legislation which outlines a new set of privacy principles. The Australian Privacy Principles (APP’s) will replace the current National Privacy Principles (NPP’s).  The Senate Finance and Public Administration Committee will inquire into and report on the APP’s by 21 September 2010.

The key areas of change are likely to be as follows:

• Privacy policies and privacy collection statements
  Where privacy policies are stated or privacy notices are communicated to individuals, organsiations will be required to comply with increased disclosure requirements.  For example, an organisation which collects personal data must disclose the fact that it is doing so and must also provide details of how an individual can complain about any interference with privacy by the organisation.
• Direct marketing
  The APP’s will be further aligned with the Do Not Call Register, placing further limitations on the disclosure of private information by organisations.  Under the APP’s, an organisation which collects personal data of an individual must only do so where the individual has consented or where the individual may have reasonably expected their information to be used for direct marketing purposes.
• Cross border disclosure
  Increased compliance will be required by  Australian entities and their related offshore entities where personal information is disclosed by an offshore entity.  An Australian entity will be required to take greater safeguards regarding the use of personal information by the offshore entity.  Should an offshore entity fail to comply with the APP’s, the Australian entity will be held accountable.

In effect, the new principles impact privacy policies and privacy collection statements by requiring organisations to be more transparent regarding the use of any personal data collected.  The APP’s are a more restrictive regime as they will prohibit the use or disclosure of sensitive information for the use of direct marketing unless consent is received from the relevant individual.

Additionally, entities that disclose personal information to recipients outside of Australia may be held accountable for breaching privacy if a related off shore entity does not comply with the Australian privacy legislation.  It appears the APP’s will require all organisations to take enhanced steps towards ensuring privacy compliance through the implementation of improved privacy practices, procedures and systems.

MST will provide further updates once the Senate Committee final report is released.

Should you have any specific queries regarding these proposed changes, please contact one of our Corporate Advisory Lawyers.

Author:  Susan Reece Jones