Significant changes to the Privacy Act: Is your business ready?

A number of significant changes to the Privacy Act 1988 (Cth) will come into force on 12 March 2014. It is important that businesses ensure that their privacy practices, procedures and systems are reviewed to ensure continuing compliance with the Privacy Act. The changes also give the Information Commissioner greater enforcement powers against non-compliant businesses, including civil penalties of up to $1.7 million.


Two of the most significant changes are:

  1. a general obligation to take reasonable steps to implement practices, procedures and systems that ensure compliance with the Australian Privacy Principles, which will replace the National Privacy Principles (APP 1.2) and
  2. more prescriptive requirements for privacy policies, including a requirement to disclose whether a business is likely to disclose personal information to overseas recipients and their location (APP 1.4).

These changes will affect businesses in all industries, and it is crucial that businesses prepare for these changes immediately.