New Australian Privacy Laws for Businesses: The Highlights. | International Business, Trade and Taxation

Privacy has been a hot topic as of late all over the world. Legislation is often years behind changes in technology and in the case of privacy this is definitely the case. Two weeks ago, Australia’s new amendments for its privacy law came into effect updating the law to the impacts of today’s technological advancements. The original Privacy Act (1988) is being reformed and updated to protect Australians in the digital revolution. Not only will Australian businesses be making changes to be compliant but certain international organisations and businesses will also have to do the same or face steep fines. The first thing either organisation will have to consider is how it collects, uses, discloses, and handles personal information data. Without this information, determining whether or not the organisation is compliant with the amendment is impossible.

Australian Organisations. A key change in the Act is the addition of the Australian Privacy Principles (APPs) replacing the National Privacy Principles and the Information Privacy Principles. The thirteen APPs apply to organisations and agencies doing business in Australia with over AU$3-million in revenue. These entities will certain have big changes to implement if preparations had not been made before the effective date of the amendment. The biggest changes are how to deal with unsolicited personal information, using previously obtained information for direct marking purposes, obligations in regards to international data sharing, and increased protection and security for holding data.

International Organisations. As mentioned previously, this amendment not only applies to Australian businesses but to agencies and organisations doing business in Australia with over AU$3-million in revenue so many international businesses and organisations will be impacted. One very important change relates to personal information collected in Australia leaving the country. Now, if this particular information leaves Australia, the disclosing entity must take reasonable steps under the circumstances to assure that the receiving entity applies the thirteen APPs. There are some exceptions to this rule and an international organisation that is compliant with privacy laws in the EU and the US, for instance, should not think that they would be compliant in regards to Australia. The amendments are similar to other countries but tend to come out stronger in practice.

If your business is located in Australia, is an international business impacted by this amendment, or you just aren’t quite sure, please don’t hesitate to contact us for help in tackling this change for your organisation. We can help with determining if this amendment impacts you, how to avoid its impact or how to avoid fines and be compliant if you are impacted including but not limited to drafting new privacy policies, amending complaint procedures and being more transparent.