Privacy protection has become a major issue for organisations.
Major changes to Privacy Laws - are you affected?
Privacy protection has become a major issue in Australia. On 12 December 2001, the Privacy Amendment Act came into force and made changes to the Privacy Act (Cth) 1988.
The amendments introduced National Privacy Principals (NPPs), which are a crucial part of the legislation. It is compulsory for most private sector organisations to comply.
Scope of the legislation
It is important to comply with the NPPs. The NPPs cover the following issues:
The collection, use and disclosure of personal information;
The accuracy and security of the information collected;
Public availability of privacy policies;
Access to and correction of information;
Prohibition against using government identifiers;
Restrictions on transborder data flows; and,
The collection of sensitive information.
The NPPs cover personal information only. Personal information includes information or an opinion, whether true or not, and recorded in a material form or not, about an individual whose identity is apparent, or can reasonably ascertain from the information or opinion. Personal information relates to a human being rather than information that relates to a business.
Special rules apply to "sensitive information". Sensitive information includes information or an opinion about an individuals race, political opinions, memberships, sexual behaviour, criminal records etc. There are also important rules pertaining to health records.
Brief outline of the legislation
The new privacy legislation sets the standards for organisations who deal with personal information. Organisations must only collect personal information that is necessary for one or more of its functions.
The integrity of personal information must be maintained and individuals must be able to access and correct their information. Anonymity should be an option for all individuals entering into transactions with an organisation when appropriate.
Is my business affected?
All organisations with an annual turnover over $3 million are required to comply with the NPPs.
Many organisations with annual turnover of less than $3 million are also required to comply with the legislation if they fall under various categories.There are some exceptions.
Example: Information relating to a past or present employee of a company may also be exempt from the NPPs including acts and practices done by a media organisation in the course of journalism.
Small businesses with an annual turnover of less than $3 million, which fall into the limited categories were given an additional 12 months (until 12 December 2002) to implement the NPPs. They should now be complying with the legislation.
What do I need to do to comply with the new legislation?
In most cases, the following steps should be taken:
Develop a written policy on the management of personal information and communicate that policy to customers, clients and other affected individuals.
Appoint a Privacy Officer designated to handle all issues relating to compliance with the legislation.
Ensure that all staff are aware of and comply with the policy.
Develop and implement procedures for individuals to access their information. Ensure you communicate these procedures to those seeking access,or giving reasons for refusal.
The information needs to be kept current and accurate and protected from misuse, loss or unauthorised access.
Don't use agency identifiers or collect sensitive information without express consent.
Develop a complaint handling process within your organisation.
Ensure that client contracts contain all necessary consents and obtain written and express consent before collecting personal information.
This Information Outline is provided courtesy of Matthews Folbigg who are experienced in this area of law. They are located at Level 7 The Barrington, 10-14 Smith Street, Parramatta NSW 2124 or call them on (02) 9635-7966 if you would like more information on this legal topic, or you wish to obtain formal advice regarding your situation.
MatthewsFolbigg is a large commercial law firm based in Parramatta, New South Wales. The firm has Accredited Specialists in Business Law, Property,Immigration, Family Law and Personal Injury. MatthewsFolbigg has specialist groups advising clients in corporate structures, intellectual property, and information technology plus franchising, estate planning and insolvency work.