The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Privacy Amendment Act) was introduced to Parliament on 23 May 2012 and was passed with amendments on 29 November 2012.
The Privacy Amendment Act is a part of the privacy law reform process that began in 2004. More information on the privacy law reform process is available on the History of the Privacy Act page.
The Privacy Amendment Act introduces many significant changes to the Privacy Act. While these changes will not commence until 12 March 2014, Australian Government agencies* and businesses should start preparing now.
The Privacy Regulation 2013, made under the Privacy Act, and to also commence on 12 March 2014 was registered on 17 December 2013.
Watch the YouTube video of Australian Privacy Commissioner, Timothy Pilgrim speaking about the changes to the Privacy Act.
The Privacy Amendment Act includes a set of new, harmonised, privacy principles that will regulate the handling of personal information by both Australian government agencies and businesses. These new principles are called the Australian Privacy Principles (APPs). They will replace the existing Information Privacy Principles (IPPs) that currently apply to Australian Government agencies and the National Privacy Principles (NPPs) that currently apply to businesses.
Under the changes, there are 13 new APPs. A number of the APPs are significantly different from the existing principles, including APP 7 on the use and disclosure of personal information for direct marketing, and APP 8 on cross-border disclosure of personal information.
The OAIC has released draft APP guidelines.
Enhanced powers for the Australian Information Commissioner
The Australian Information Commissioner (the Information Commissioner) will also have enhanced powers, which will generally be exercised by the Privacy Commissioner, including the ability to:
- accept enforceable undertakings
- seek civil penalties in the case of serious or repeated breaches of privacy
- conduct assessments of privacy performance for both Australian government agencies and businesses.
The Privacy Amendment Act introduces new laws on codes of practice about information privacy (APP codes) and a code of practice for credit reporting (the CR code), including enabling the Information Commissioner to develop and register binding codes that are in the public interest.
The OAIC has released Code development guidelines to assist agencies and organisations considering developing a code under the Privacy Act.
The OAIC has produced a number of resources both to assist agencies and organisations, and their staff, in preparing for the reforms and to assist individuals understand the changes:
- Australian Privacy Principles
- Draft APP guidelines
- Code development guidelines
- EDR scheme recognition guidelines
- Frequently asked questions
- IPP/APP comparison guide
- NPP/APP comparison guide
- Checklist for APP entities (organisations)
- Checklist for APP entities (agencies)
- A privacy reform poster
- An APP quick reference tool (a 1 page summary of the APPs)
- Staff training presentations
- Credit reporting — what has changed
- Credit reporting: repayment history information
- Law reform guidance – expected publication schedule Updated 11 Dec 2013