Important Changes to the Privacy Act - Effective 12 March 2014

Amendments to the Privacy Act 1988 (the “Act”) come into force on 12 March and will affect all businesses.

The amendments to the Act impose significant new obligations on any entities that collect, hold, use or disclose personal information about individuals and provide for potentially severe penalties for breach of those obligations - penalties can be up to $340,000 for natural persons and $1.7 million for companies.

Virtually any organisation or business that engages in trade and commerce in Australia will be caught by the amended Act and are bound to comply with the Australian Privacy Principles.

All businesses are obliged to have an APP Privacy Policy in order to comply with the requirements of the amended Act from 12 March.

A credit provider is basically any business that extends credit to its customers – e.g. greater than 7 day terms.

If a business is a credit provider, then the privacy obligations imposed by the amended Act are even more onerous and such businesses are not only required to have an APP Privacy Policy but must also have a Credit Reporting Policy and a policy for complaints handling procedures.

If a credit provider wishes to exchange information with credit reporting agencies (e.g. VEDA) then the credit provider must be a member of a recognised External Dispute Resolution scheme (such as FOS or COSL).

The amended Act requires significant changes to be made to credit providers’ Privacy Declarations in their credit account application and guarantee documentation.

Most businesses are unaware of these changes and will not be Privacy Act compliant as at 12 March. We can ensure your business and policies are compliant by 12 March.
For assistance please contact one of our Privacy Act Team below:


Lance Pollard is a Managing Director at Bennett & Philp Lawyers
Michael Coates is a Director at Bennett & Philp Lawyers
Andrew Lambros is a Director at Bennett & Philp Lawyers