New privacy laws are here
Important changes to the Privacy Act 1988 commenced on 12 March 2014. The changes include a new set of Australian Privacy Principles (APPs) that will regulate the handling of personal information by Australian Government agencies, businesses with a turnover of more than $3 million or those trading in personal information and all private health service providers. There are also changes to the credit reporting provisions of the Privacy Act and new regulatory powers for the Office of the Australian Information Commissioner (OAIC).
Read the media release
Law reform resources are available on the OAIC’s law reform webpage
New — Privacy (International Money Transfers) Temporary Public Interest Determination 2014 (No. 1) and Privacy (International Money Transfers) Generalising Determination 2014 (No. 1)
The OAIC has registered the following two determinations:
Privacy (International Money Transfers) Temporary Public Interest Determination 2014 (No. 1)
Privacy (International Money Transfers) Generalising Determination 2014 (No. 1)
These determinations were made urgently on request by ANZ Bank, just prior to the privacy reforms commencing. A comprehensive consultation process will be initiated in the coming months to determine whether the temporary determinations should be made into a longer term determination or repealed. This consultation will allow all stakeholders to provide submissions, and if necessary a conference will be called under section 76 of the Privacy Act.
New — Recognised external dispute resolution (EDR) schemes
The Privacy Act now gives the OAIC the power to recognise external dispute resolution (EDR) schemes to handle privacy-related complaints. The OAIC has recognised the following seven EDR schemes:
Credit Ombudsman Service Limited (COSL)
Energy & Water Ombudsman (NSW) Limited (NEW)
Energy and Water Ombudsman (Victoria) Limited (NEW)
Energy and Water Ombudsman Western Australia (EWOWA)
Financial Ombudsman Service (FOS)
Telecommunications Industry Ombudsman Limited (TIO)
Tolling Customer Ombudsman (TCO)
The list of recognised EDR schemes can be found on the OAIC website here
Note that a transitional, 12 month, exemption from the requirement to be a member of a recognised EDR scheme has been put in place for energy and water utilities and commercial credit providers wishing to access the credit reporting system. Further information on the reasons for the temporary exemption can be found in the explanatory statement to the Privacy Amendment (External Dispute Resolution Scheme — Transitional) Regulation 2014
Despite this transitional exemption, the OAIC encourages commercial credit providers to become a member of a recognised EDR scheme where there is one available for them to join. The OAIC notes that the Credit Ombudsman Service Ltd (COSL), which is a recognised EDR scheme, is accepting membership applications from commercial credit providers.
Updated — Credit FAQs
Some new credit reporting frequently asked questions (FAQs) have been added to the OAIC’s Credit and finance webpage. These are about the collection of repayment history information.
Visit the page here
AMSRO Consultation — Privacy (Market and Social Research) Code 2014
The Association of Market and Social Research Organisations (AMSRO) has released for public consultation the Privacy (Market and Social Research) Code 2014, the first voluntary Australian Privacy Principles (APP) code developed under for the privacy reforms that commenced on 12 March 2014.
AMSRO has requested comments on the code be forwarded to them by 30 April 2014.
For further information on the consultation visit the AMSRO website
ACT Information Privacy Bill 2014
The Information Privacy Bill 2014 has been presented to the ACT Legislative Assembly. The ACT Government has advised that the intention of the Bill is to ‘establish a clear and consolidated privacy framework for the ACT including introducing the Territory Privacy Principles which are consistent with the newly introduced Australian Privacy Principles, adapted to ACT circumstances’.
The Bill is available on the ACT legislation register
Reminder — Consultations closing soon
The following consultations are closing shortly.
Guide to undertaking privacy impact assessments — closing date: Friday 28 March 2014
OAIC’s privacy regulatory action policy — closing date: Friday 28 March 2014
Updated — Privacy Public Interest (Enhancing Privacy Protection) Amendment and Repeal Determination 2014
The Privacy Public Interest (Enhancing Privacy Protection) Amendment and Repeal Determination 2014 makes minor amendments to some existing Public Interest Determinations to reflect the change from the Information Privacy Principles and National Privacy Principles to the Australian Privacy Principles. No substantive changes have been made. Several other determinations are repealed because they are no longer required.
Updated — Section 95, 95A, 95AA Guidelines
Minor amendments have been made to the Section 95, 95A and 95AA Guidelines to reflect the change from the Information Privacy Principles and National Privacy Principles to the Australian Privacy Principles.
No substantive changes have been made.
Read the Section 95 Guidelines
Read the Section 95A Guidelines
Read the Section 95AA Guidelines
Information Commissioner review decisions
Leda Manorstead Pty Ltd and Department of the Environment  AICmr 26 (4 March 2014)
Whether documents contain personal information — Whether disclosure of personal information would be unreasonable — Whether disclosure would unreasonably affect person in respect of lawful business or professional affairs — Whether contrary to public interest to release conditionally exempt documents — (CTH) Freedom of Information Act 1982 (FOI Act)ss 11A(5), 11B, 47F, 47G
Rimes and Airservices Australia  AICmr 25 (4 March 2014)
Whether reasonable steps taken to find a document — (CTH) FOI Act s 24A(1)
Event — iappANZ privacy & health workshop 25 March
iappANZ is hosting a Health & Privacy Training Workshop providing practical advice and insights into best practice for protecting health information.
Speakers include industry leaders and privacy professionals: Helen Clarke, Partner, Corrs Chambers Westgarth; James Kelaher, Director, SmartNet; Dr Richard Kidd, AMA Qld, Specialist GP; Dr Trish Williams, Associate Professor, Edith Cowan University
When: Tuesday 25 March, 2.30 for 2.45pm start, finish 5.30pm
Where: Corrs Lawyers, L17, 8 Chifley Square, Sydney CBD
More information available here.
Reminder — Privacy Awareness Week 2014
Privacy Awareness Week (PAW) will be held from 4–10 May 2014. Thank you to all our partners who have signed up so far. If you haven’t yet signed up get in touch with us to register.
The OAIC will again hold a business breakfast event to launch the week.
Date: Monday 5 May 2014
Time: 7:30 am–9:15am
Venue: The Westin Hotel, Martin Place, Sydney.
This is a fantastic networking opportunity so save the date and we will let you know as soon as tickets go on sale.
Further event information will be available soon.
If you would like to subscribe to the OAICnet eNewsletter please subscribe on our website.