Are You Ready For The New Privacy Laws?


Privacy has become major concern in the digital world. In order to keep pace with rapid technological development, in December 2012 the Australian Government introduced the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth). This Act introduced a number of key changes to Australian privacy laws, which take effect from 12 March 2014.

What are the main changes?

The definition of personal information has been amended to include information about an individual who is ‘identified’ or ‘reasonably identifiable’. Significantly, this new definition contemplates the linking of information and/or data sets (held by one or multiple entities), which will render an individual identifiable or reasonably identifiable.

Image: g4ll4is

This Act also introduces the Australian Privacy Principles (APPs), a set of mandatory privacy principles which replace the National Privacy Principles and the Information Privacy Principles contained in the Privacy Act 1988 (Cth). The APPs apply to all organizations that collect personal information and have a minimum annual turnover of $3 million. The APPs relate to the collection, storage, security, use, disclosure, access and correction of personal information. Penalties for breach of the APPs can be up to $1.1 million.

What should I do?

To ensure that you and your clients are compliant with the new laws, you should:

  • review and update your Privacy Policy to ensure that it is compliant with the new laws;
  • review your practices and procedures for handling personal information and enquiries;
  • prepare a collection statement for display at the time of collection of personal information, and ensure that it contains all the information required under the new rules;
  • ensure you have an appropriate process for accessing and reviewing complaints; and
  • ensure your staff are adequately trained.

The introduction of the APPs and changes to the Privacy Act will impact the way that your agency and clients collect, use and disclose personal information. It is expected that you and your clients will be fully compliant with the new obligations under the Privacy Act and you should therefore consider the changes you and your clients will need to make to comply by 12 March 2014.

Privacy in the Mobile App World


Sample of TRUSTe's Privacy Policy

As more and more branded mobile applications come across our desks for legal review, the importance of compliance with privacy legislation (in Australia and worldwide) has turned into a recurring theme.     

Where you or your client are collecting personal information about Australian users through an App, you will need to comply with the principles set out in the Privacy Act 1988 which deal with how you may collect, use and disclose such information.

Remember that personal information is information that identifies the user or could identify the user. Common examples are names and addresses, but personal information can also include medical records, bank account details, photos, videos, and even information about what users like, their opinions and where they work – simply put, any information where the user is reasonably identifiable from that information. An obvious example in the App world is where you require users to register to interact with the App, and such registration involves the provision of information like their name and email address.

So what measures can you take for best practice compliance? No doubt you have come across privacy policies on websites which set out how personal information may be accessed via the website. The same needs to apply to mobile Apps to clearly and easily explain to users how their information may be used in the mobile environment. There are likely certain disclosures that are specific to the mobile world which may not currently be included in your client’s standard privacy policy. 

What should an App privacy policy disclose? Consider the following: 

  1. What information is collected by the App and how is it used?
  2. Does the App collect precise real time location information of the device?
  3. Do third parties see and/or have access to information obtained by the App?
  4. Is the App supported by advertising, and does the App collect data to help the App serve ads?
  5. What are the user’s opt-out rights?
  6. How is personal information stored? How can users access or correct the information held about them?

Our current privacy laws are under consideration for reform this year with one of the take-outs being the importance of privacy policies and clear and accurate disclosures as to how personal information is being used.

Take care to bring privacy discussions to the table with your clients when developing their branded App. Feel free to contact us if we may assist with developing an App privacy policy so you can be confident to traipse through the mobile world with ease.