The 6th – 12th May 2024 is Privacy Awareness Week in Australia.

Run by the Office of the Australian Information Commissioner (OAIC), Privacy Awareness Week is designed to raise awareness of privacy through themed communications and events. 

The theme this year is “power up your privacy” and is focussed on privacy and technology and the key principals of transparency, accountability, and security.

About the Privacy Act 1988

The Privacy Act 1988 was introduced to promote and protect the privacy of individuals and to regulate how Australian Government Agencies and organisations with turnover of more than $3 million handle personal information.

The act contains 13 Australian Privacy Principals (APPs) which apply to some private sector organisations as well as most Australian Government agencies, collectively known as ‘APP entities’. The Privacy Act also regulates the privacy component of the consumer credit reporting system, tax file numbers, and health and medical research.

Overview of the APPs

APP 1 — Open and transparent management of personal information

Ensures that APP entities manage personal information in an open and transparent way. This includes having a clearly expressed and up to date APP privacy policy.

APP 2 — Anonymity and pseudonymity

Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.

APP 3 — Collection of solicited personal information

Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of ‘sensitive’ information.

APP 4 — Dealing with unsolicited personal information

Outlines how APP entities must deal with unsolicited personal information.

APP 5 — Notification of the collection of personal information

Outlines when and in what circumstances an APP entity that collects personal information must notify an individual of certain matters.

APP 6 — Use or disclosure of personal information

Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.

APP 7 — Direct marketing

An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.

APP 8 — Cross-border disclosure of personal information

Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.

APP 9 — Adoption, use or disclosure of government related identifiers

Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier or use or disclose a government related identifier of an individual.

APP 10 — Quality of personal information

An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.

APP 11 — Security of personal information

An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances.

APP 12 — Access to personal information

Outlines an APP entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.

APP 13 — Correction of personal information

Outlines an APP entity’s obligations in relation to correcting the personal information it holds about individuals.

Privacy Reform

The Australian government is currently undertaking a major review of the Privacy Act 1988 to align with global standards and reflect the changes in ways data is collected and managed in the digital age.

Privacy reforms will provide better clarity for businesses on how to protect personal information, improve trust and foster greater international competitiveness. 

Why should you care?

As part of the review, the OAIC surveyed Australian consumers. Their feedback was crystal clear.

• 90% of Australians have a clear understanding of why they should protect their personal information
• After quality and price, data privacy is the third most important factor when choosing a product or service
• 92% would like businesses to do more to protect their personal information

This is clear advice from the consumer market that they want businesses to take their privacy seriously. The best way to do that is to have a well-structured and relevant privacy policy presented to your potential customers to demonstrate that your business takes personal information and privacy seriously.

We can help

At EC Credit Control, we provide expert guidance, policy documentation and website terms of use.

Get in touch with your local EC Credit Control Business Support Specialist if you would like a free no obligation review.