On 12 March 2014, significant changes to the Privacy Act 1988 took effect. The changes included:
the introduction of a more comprehensive credit reporting system; and
the introduction of a set of Australian Privacy Principles, which set out the standards, rights and obligations in relation to the collecting, handling, holding, access and correction of personal information.
Need for Credit Reporting Policy
Credit Providers and Credit Reporting Bodies are required to have a clearly expressed and up-to-date Credit Reporting Policy.
It is important to realise that the definition of “Credit Provider” has been expanded to include an agency, organisation or small business that carries on a business or undertaking that involves providing credit. This includes the provision of goods or services on deferred payment terms of 7 days or more. Thus, even a small business may be subject to the reforms.
an annual turnover of more than $3 million; or
a provider of health service (regardless of turnover); or
in receipt of payment for collecting or disclosing personal information (regardless of turnover); or
a provider of contractual services to the Commonwealth, including all Federal Government contractors (regardless of turnover).
The Privacy Act allows small business operators who would otherwise not be covered by the Privacy Act to choose to be treated as an organisation for the purposes of the Privacy Act and therefore subject to the Australian Privacy Principles.
What You Need to Do
There are significant penalties for those businesses that breach the Privacy Act. Accordingly, if you have not already done so, it is important that you:
review and update practices, procedures and systems relating to the way in which you organise collect, manage and use personal information and credit-related personal information which you collect during the course of business; and
educate your staff on the privacy obligations imposed upon the business and ensure that they are familiar with, and comply with, your polices.
T: 03 5225 5209