Has your business implemented the privacy law changes that were effective 12th March 2014?
The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (Amendment Act) amends the Privacy Act 1988 (Cth) (Privacy Act) with effect from 12 March 2014 and the National Privacy Principles (NPP) will be replaced with the Australian Privacy Principles (APP). Download here.
The good news for employers is the ‘employment records’ and ‘small business’ exemptions that currently exist under the Privacy Act will be unaffected by the introduction of the Amendment Act.
Therefore there will be no change to the exempt status of ‘employment records’, meaning that private sector employers can continue to handle records of personal information relating to the employment of an individual (e.g. terms and conditions of employment, an employee’s personal and emergency contact details, details relating to an employee’s performance or conduct) free from the application of the APPs.
However, The Privacy Act does not exempt information relating to unsuccessful applicants that is collected by private sector employers during their recruitment activities. Employers now need to be extra careful in the way they handle the pre-employment records and personal information of unsuccessful candidates that comes into their hands during recruitment drives. Information on contractors is also not exempt from the Privacy Act.
The following are the key changes to the Privacy Act:
- the introduction of the ‘Australian Privacy Principles’ (APPs) – examples of the APPs include open and transparent management of personal information, notification of the collection of personal information and use or disclosure of personal information;
- the requirement for all private organisations (except small businesses) to have a privacy policy;
- new credit reporting provisions;
- significant changes for businesses who engage in direct marketing and those outsourcing to, or dealing with, overseas suppliers;
- new penalties of up to $1.7 million for a body corporate which engages in a serious or repeated interference with the privacy of an individual.
Previously, companies were not financially penalised for breaches of privacy however serious financial penalties have now been put in place. A review of your company’s privacy policy is required under governance requirements and employers must also consider any impact on their employees or prospective employees.
Each business will have its own compliance issues with the new laws and we recommend you seek legal advice for the circumstances of your business and the interaction, if any, with other applicable state privacy legislation.