Important changes to the Privacy Act

The 2014 amendments to the Act impose significant new obligations on any entities that collect, hold, use or disclose personal information about individuals and provide for potentially severe penalties for breach of those obligations - penalties can be up to $340,000 for natural persons and $1.7 million for companies.

Virtually any organisation or business that engages in trade and commerce in Australia will be caught by the amended Act and are bound to comply with the Australian Privacy Principles.

All businesses are obliged to have an APP Privacy Policy in order to comply with the requirements of the amended Act from 12 March.

A credit provider is basically any business that extends credit to its customers – e.g. greater than 7 day terms. If a business is a credit provider, then the privacy obligations imposed by the amended Act are even more onerous and such businesses are not only required to have an APP Privacy Policy but must also have a Credit Reporting Policy and a policy for complaints handling procedures.

If a credit provider wishes to exchange information with credit reporting agencies (e.g. VEDA) then the credit provider must be a member of a recognised External Dispute Resolution scheme (such as FOS or COSL).

The amended Act requires significant changes to be made to Privacy Declarations in creditors' credit account application and guarantee documentation.

Many businesses remain unaware of these changes and are still not Privacy Act compliant. We can ensure your business and policies become compliant.

Significant/ common law court decisions

In addition to the above legislative provisions, there have been a number of Court decisions in the past decade which appear to be the genesis of the law of invasion of privacy. In handing down its decision in Australian Broadcasting Corporation - v - Lenah Game Meats Pty Ltd, the High Court appeared to lend its support to the establishment of the tort of invasion of privacy.

In the subsequent Queensland District Court decision of Grosse -v- Purvis, Judge Skoien found that an action for invasion of privacy could be established upon proof of four essential elements, namely:

  • A willed act by the Defendant;
  • Which intrudes upon the privacy or seclusion of the Plaintiff;
  • In a manner that could be considered highly offensive to a reasonable person of ordinary sensibilities; and
  • Which causes the Plaintiff emotional or physical harm or distress or which prevents or hinders the Plaintiff from doing an act which he or she is lawfully entitled to do.

For more information on privacy call us today on +61 7 3001 299.