On 12 March 2014, the new Australian Privacy Principles (APPs) will come into force and replace the National Privacy Principles (NPPs). The Office of the Australian Information Commissioner recently released a document that summarises the most significant differences between the old NPPs and the new APPs. This post will describe some of the biggest changes highlighted by that document.
APP 2 – ANONYMITY AND PSEUDONYMITY
The APPs set out an entirely new requirement that organisations must provide individuals with the option of dealing under a pseudonym. The only exceptions to this rule are if:
- the organisation is required or authorised by law to deal only with people who have identified themselves; or
- it is impracticable for the organisation to deal with someone using a pseudonym.
APP5 – NOTIFICATION OF THE COLLECTION OF PERSONAL INFORMATION
The NPPs required organisations to inform individuals when they were collecting personal information, however, more information is now required during the notification. If an organisation is likely to disclose personal information to overseas recipients, APP 5 requires organisations to notify individuals about the countries in which the recipients are likely to be located.
APP8 – CROSS BORDER DISCLOSURES OF PERSONAL INFORMATION
Under APP 8, an organisation must not disclose personal information to an overseas recipient unless that organisation has taken reasonable steps to ensure that the recipient does not breach the APPs (with the exception of APP 1). In certain circumstances outlined by the principles, the organisation can be held responsible for breaches of privacy law by the overseas recipients. APP 8 sets out measures that an organisation must take to avoid this liability.
TAKEAWAY
If you’re running a business that collects personal information, it’s critical to get familiar with the new Australian Privacy Principles.
Like our technology articles? Checkout our blog at techlawyer.com.au.