If you think that Privacy Act changes that came into effect on 12 March 2014 do not apply to your business, you may be right. The Privacy Act protects personal information handled by large businesses and health service providers of any size.
However the Act may also apply to a small business if it has an annual turnover of more than $3 million and either:
- trades in personal information
- provides services under a Commonwealth contract
- runs a residential tenancy database
- is related to a larger business
- is a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act.
If you’re not sure whether the Privacy Act applies to your business, try the 9 Step Privacy Checklist for Small Business on the Office of the Australian Information Commissioner (OAIC) website.
What has changed?
A new set of privacy principles that covers the handling of personal information by businesses has been introduced. The changes affect how businesses can:
- handle and process personal information
- use personal information for direct marketing
- disclose personal information to people overseas.
The changes also introduced 13 Australian Privacy Principles (APPs) that replaced the existing National Privacy Principles (NPPs). The APPs set out minimum standards for the collection and storage, use and disclosure of information, and require organisations to establish procedures to ensure that they comply with the Act.
To learn more about Australian Privacy Principles and to get some tips for dealing with the changes visit CIElegal