Changes to the Australian Privacy Principles- collection and treatment of personal information. Is your business compliant?

Changes to the Australian Privacy Principles- collection and treatment of personal information. Is your business compliant?

A topical issue lately has been the collection and use by various organisations of an individual’s personal information. In March of this year changes to the Privacy Act 1988 (Cth) (the Act) were enacted along with the introduction of the Australian Privacy Principles (APPs). The APPs set out minimum standards for business organisations who collect, store and handle personal information of individuals.

Personal information is considered any information that can reasonably identify a person. For example a person’s name, age, DOB, credit card details. Sensitive information that can identify a person such as their race, religious beliefs or health information also come under the APPs.

In a business environment much of this information can be collected and retained on databases regarding clients and customers. In many cases this information can be provided to third parties. Compliance with the APPs aim to ensure this information is treated in the appropriate way.

Who does it affect?

Broadly speaking the laws will apply to public or private sector businesses or organisations with annual turnovers of more than $3 million unless a specific exception applies.

Even if the APPs do not apply to your business, possessing an understanding of them can provide clarity in how you handle the personal information of your clients or customers. This benefit can extend to an enhanced level of consumer confidence for your business as people’s expectations surrounding the security of their personal information increase in the information age.

What are the key changes?

In a nutshell businesses who fall under the laws are required to have specific privacy policies that address specific topics covered under the principles and that they have appropriate systems and procedures in place to ensure compliance with the new laws.

From a compliance perspective the Office of the Australian Information Commissioner (OAIC) will have broader enforcement powers along with increased fines of up to $1.7 million for serious breaches of the law

How to be compliant

The following are some of the steps that can be implemented to ensure compliance with the laws:

  • Update your privacy policy
  • Update all privacy collection statements
  • Review direct marketing activities and make necessary changes
  • Review whether only relevant personal information is used or disclosed
  • Provide training to staff to ensure they understand the APPs and how they are to be incorporated into business practices

About the Author

Charith Cooray

Charith holds a Bachelor of Commerce with a major in Accounting from Monash University, Clayton. While studying, Charith worked part time in the retail industry for two major department stores where he developed a strong customer focus.



This article was produced by Zimsen Partners. It is intended to provide general information only in summary format on accounting, business advisory and taxation issues. It does not constitute accounting advice, and should not be relied on as such.

03 7065 5555