The Privacy Amendment (Enhancing Privacy Protection) Bill 2012 was introduced to Parliament on 23 May 2012. The Bill amends the Privacy Act 1988 (Act) and implements the Government's first stage response to the Australian Law Reform Commission's Report into Privacy. The majority of the new provisions have a deferred commencement of 9 months from the day the Bill receives the Royal Assent. The Bill includes four main changes to the Privacy Act. These are:
The new APPs replicate many of the concepts that currently exist in the Act. However, a range of amendments and additional protections have been included. Some of the key features of the new APPs are as follows:
Five new kinds of credit related personal information (or data sets) are now permitted in the credit reporting system. This means that credit providers will have access to additional personal information to assist them in establishing an individual's credit worthiness. To counter the increased amount of personal information in the system, enhanced obligations and processes dealing with notification, data quality, access and correction and complaints have been included. New APP codes may be developed by the Commissioner or by APP code developers and will operate in addition to the requirements of the APPs. An APP code will set out how one or more of the APPs are to be applied or complied with. A new Credit Reporting Code of Conduct (CR Code) will also be developed. The CR Code will bind all credit reporting bodies and will set out which credit providers or other entities (e.g. mortgage insurers and trade insurers) will be bound. A breach of an APP Code or the CR Code will be subject to investigation by the Commissioner.
The amendments to the Act will allow the Commissioner to conduct investigations on his own initiative. The Commissioner may investigate an act which may be an interference with an individual's privacy or a breach of APP 1 (Open and Transparent Management of Personal Information). The Commissioner may also make a determination after his investigation which can be enforced by court proceedings. Currently, the Act only allows the Commissioner to make a determination when he is investigating a complaint from an individual. A further significant change is the extension of the Commissioner's current audit powers from government agencies and credit reporting agencies to private sector organisations. With the reforms, the Commissioner will be able to conduct assessments of private sector organisations to ensure they are maintaining and handling personal information in accordance with the Act.
Organisations should review their privacy practices, procedures, systems and policies to ensure that they comply with the new APPs and that they are up-to-date. This review must be completed before the end of the nine month transition period when the new APPs come into force. This is particularly important given the Commissioner's new audit and investigatory powers over private sector organisations.
Be the first to receive the latest articles, news and publications.