Are you in Breach of the Privacy Act?
You will be aware from our previous Alerts that on 12 March 2014, significant changes to the Privacy Act 1988 took effect. The changes included:
the introduction of a more comprehensive credit reporting system; and2.
the introduction of a set of Australian Privacy Principles, which set out the standards, rights and obligations in relation to the collecting, handling, holding, access and correction of personal information.
Need for Credit Reporting Policy
Credit Providers and Credit Reporting Bodies are required to have a clearly expressed and up-to-date Credit Reporting Policy.
It is important to realise that the definition of “Credit Provider” has been expanded to include an agency, organisation or small business that carries on a business or undertaking that involves providing credit. This includes the provision of goods or services on deferred payment terms of 7 days or more. Thus, even a small business may be subject to the reforms.
Need for Privacy Policy
If your business has one of the following characteristics, you are subject to the new Australian Privacy Principles and must have a clearly expressed and up-to-date Privacy Policy:
an annual turnover of more than $3 million; or
a provider of health service (regardless of turnover); or
in receipt of payment for collecting or disclosing personal information (regardless of turnover); or
a provider of contractual services to the Commonwealth, including all Federal Government contractors (regardless of turnover).
The Privacy Act allows small business operators who would otherwise not be covered by the Privacy Act to choose to be treated as an organisation for the purposes of the Privacy Act and therefore subject to the Australian Privacy Principles.
What You Need to Do
There are significant penalties for those businesses that breach the Privacy Act. Accordingly, if you have not already done so, it is important that you:
consider whether you are required to have a Privacy Policy and/or Credit Reporting Policy
review and update your Privacy Policy and/or Credit Reporting Policy or have new policies drafted for you;
review and update practices, procedures and systems relating to the way in which you organise collect, manage and use personal information and credit-related personal information which you collect during the course of business; and
educate your staff on the privacy obligations imposed upon the business and ensure that they are familiar with, and comply with, your polices.
Further Assistance
If you would like more information about your obligations under the Privacy Act, or would like us to prepare a Privacy Policy and/or a Credit Reporting Policy for you, please contact
Joanne D’Andrea
Principal
03 5226 8567
jdandrea@harwoodandrews.com.au