Privacy has become major concern in the digital world. In order to keep pace with rapid technological development, in December 2012 the Australian Government introduced the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth). This Act introduced a number of key changes to Australian privacy laws, which take effect from 12 March 2014.
What are the main changes?
The definition of personal information has been amended to include information about an individual who is ‘identified’ or ‘reasonably identifiable’. Significantly, this new definition contemplates the linking of information and/or data sets (held by one or multiple entities), which will render an individual identifiable or reasonably identifiable.
This Act also introduces the Australian Privacy Principles (APPs), a set of mandatory privacy principles which replace the National Privacy Principles and the Information Privacy Principles contained in the Privacy Act 1988 (Cth). The APPs apply to all organizations that collect personal information and have a minimum annual turnover of $3 million. The APPs relate to the collection, storage, security, use, disclosure, access and correction of personal information. Penalties for breach of the APPs can be up to $1.1 million.
What should I do?
To ensure that you and your clients are compliant with the new laws, you should:
- review your practices and procedures for handling personal information and enquiries;
- prepare a collection statement for display at the time of collection of personal information, and ensure that it contains all the information required under the new rules;
- ensure you have an appropriate process for accessing and reviewing complaints; and
- ensure your staff are adequately trained.
The introduction of the APPs and changes to the Privacy Act will impact the way that your agency and clients collect, use and disclose personal information. It is expected that you and your clients will be fully compliant with the new obligations under the Privacy Act and you should therefore consider the changes you and your clients will need to make to comply by 12 March 2014.
As more and more branded mobile applications come across our desks for legal review, the importance of compliance with privacy legislation (in Australia and worldwide) has turned into a recurring theme.
Where you or your client are collecting personal information about Australian users through an App, you will need to comply with the principles set out in the Privacy Act 1988 which deal with how you may collect, use and disclose such information.
Remember that personal information is information that identifies the user or could identify the user. Common examples are names and addresses, but personal information can also include medical records, bank account details, photos, videos, and even information about what users like, their opinions and where they work – simply put, any information where the user is reasonably identifiable from that information. An obvious example in the App world is where you require users to register to interact with the App, and such registration involves the provision of information like their name and email address.
- What information is collected by the App and how is it used?
- Does the App collect precise real time location information of the device?
- Do third parties see and/or have access to information obtained by the App?
- Is the App supported by advertising, and does the App collect data to help the App serve ads?
- What are the user’s opt-out rights?
- How is personal information stored? How can users access or correct the information held about them?
Our current privacy laws are under consideration for reform this year with one of the take-outs being the importance of privacy policies and clear and accurate disclosures as to how personal information is being used.