How Counting on U is transforming accounting
The origin of the Counting on U Project stems from the CEO of the IPA, Andrew Conway – who said “The biggest issue...
READ MORE
The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Amending Act) was passed on 12 December 2012 and takes effect on 12 March 2014. The Amending Act will bring significant changes to the Privacy Act 1988 (Cth) (Privacy Act) including:
The reforms will have a significant impact on private sector businesses and government agencies that handle personal information. It is important for businesses to understand their obligations and rights in the lead up to the introduction of the new laws.
Overview - privacy principles which govern business and government
Currently, there are different sets of privacy principles that apply to businesses and to Australian government agencies. The Amending Act creates a single set of privacy principles by replacing the current National Privacy Principles (NPPs) with the APPs.
The APPs will regulate the handling of personal information by both Australian government agencies and certain private sector organisations, collectively known as 'APP entities'.[1] While the APPs apply to all APP entities, in some cases, they impose specific obligations that apply only to agencies or only to organisations.
The Amending Act also introduces what has been described as a more 'comprehensive' [2] credit reporting system, allowing credit reporting bodies to collect a more extensive list of data about individuals.
The changes to the Privacy Act will be supplemented by regulations and a credit reporting privacy code.
There continues to be a conditional exemption for small businesses from the APPs
Currently under the Privacy Act, small businesses (defined as businesses with an annual turnover of $3 million or less)[3] do not generally need to participate in the NPPs unless they opt in. This exemption will continue under the APPs. However, small businesses which meet this definition and are not exempt include:
Small businesses must also comply with the new credit reporting requirements if they participate in the credit reporting system.
Key messages for businesses
Given that the reforms will soon take effect, businesses must ensure that their information collection and handling practices and procedures comply with the new privacy requirements.
For example, businesses should:
Australian Privacy Principles
Most of the APPs are based on the existing NPPs. There are, however some important changes, for example:
How is the credit reporting system more comprehensive?
In addition to the APPs, the Amending Act will completely replace the existing Part IIIA of the Privacy Act with a new Part IIIA, which provides for more comprehensive credit reporting. Credit-related personal information will be grouped into new categories. The requirements relating to the new categories are determined by the type of entity that holds the information and the purpose for which the entity uses the information.
The credit regime will continue to regulate the collection, use and disclosure of personal information by credit providers and credit reporting bodies. A mandatory credit reporting privacy code will also apply to the credit reporting system.
New types of information
Currently, credit reporting bodies can only handle personal information that could be adverse to an individual's creditworthiness (such as defaulting on a payment). From March, credit reporting bodies can collect 'positive' data about individuals, namely:
To balance the increased access to information, the Amending Act will also introduce new protections for individuals, including an improved complaint process and increased ability for individuals to correct their credit information.
Repayment history information
Repayment history information (RHI) is probably the most important new type of information available for collection under the credit reforms. It includes information about whether an individual has made a payment on time or has missed a payment.
Under the reforms, access to RHI is limited to credit providers who hold Australian credit licences and who are subject to responsible lending obligations under Chapter 3 of the National Consumer Protection Act 2009 (Cth).
More information from Maddocks
For more information, contact Philippa Hore, Special Counsel, or Tara Agoston, Lawyer, Maddocks on 61 3 9258 3555.
More Cleardocs information on related topics
You can read earlier ClearLaw articles concerning the privacy reforms and a wide range of other topics.
Order Cleardocs company packages
Source: This article was first published by Cleardocs and Maddocks in the ClearLaw legal bulletin. To subscribe to ClearLaw, or for more information, please: see www.cleardocs.com; or contact the Cleardocs helpline on 1300 307 343 or at support@cleardocs.com.
[1] The reforms will not apply to Australian Capital Territory government agencies so the existing Information Privacy Principles that currently apply to all Australian Government agencies will continue to apply to those agencies.
[2] Australian Government, Privacy Amendment (Amending Privacy Protection) Bill 2012, Explanatory Memorandum.
[3] See 6D(1) Privacy Act 1988 (Cth).
[4] Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).