Privacy Amendments & Your Privacy Policy

Privacy Amendments & Your Privacy Policy

The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (“the Privacy Amendments”) came into effect from 12 March 2014, which introduced new Australian Privacy Principles (“the APPs”) applicable to the private sector and government agencies.

The APPs regulate the handling of personal information, and governs the requirement for entities to manage personal information in a transparent way, including the following requirements:

    1. To have an up to date Privacy Policy readily available which sets out how individuals access and seek corrections to personal information, complaints and the disclosure of personal information to overseas recipients;
    2. To only collect personal information that is reasonably necessary for the functions and activities of the business;
    3. To destroy or de-identify unsolicited personal information;
    4. To notify individuals about the collection of personal information, including the purposes for which you collect information and the consequences if it is not collected;
    5. To not use or disclose information other than for the purpose for which it was collected, without the consent of the individual;
    6. To not use or disclose personal information for the purpose of direct marketing (subject to exceptions);
    7. To not disclose personal information to anyone outside Australia without first taking reasonable steps to ensure that the overseas recipient does not breach the APPs;
    8. To ensure that personal information is accurate, up to date and complete and to correct information to ensure it is complete, up to date and not misleading;
    9. To protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure;
    10. To give individuals access to personal information held on the individual on request.


In addition to the Privacy Amendments, the Credit Reporting Privacy Code (“the CR Code”) was registered on 22 January 2014. The CR Code primarily affects financial institutions and other similar businesses that provide credit. However, it can potentially apply to businesses that provide goods or services on terms that allow payment to be deferred by more than 7 days. The CR Code may require amendments to the Privacy Policy to detail how a Company deals with credit information and credit eligibility information, including:-

    1. The types of credit information you collect and the method by which you collect that information;
    2. The purpose for disclosing credit information;
    3. How individuals can seek access and corrections to information;
    4. How credit eligibility information about an individual will be used;
    5. How individuals can complain about the information collected and how these complaints will be handled.


Businesses requiring a Privacy Policy will need to update commercial and credit documentation to ensure it contains a Privacy Statement, Privacy Policy, Credit Reporting Policy and Statement of Notifiable Matters and to ensure the documents comply with the Privacy Amendments and CR Code. Personal Guarantee documents should also be updated for privacy. We also recommend that a dedicated e-mail address be created for all Privacy matters, which is operated by the nominated Privacy Officer (often the Credit Manager).

Training manuals, direct marketing practices and any contracts with subcontractors and service providers, including any arrangements for data storage or processing which may involve the transfer of personal information offshore, will also need to be reviewed.

The consequences for not complying include penalties of up to $1.7 million for body corporates, with the Office of the Australian Information Commissioner having expanded powers to investigate and monitor privacy compliance, so it is imperative that your business has the correct policies and procedures in place.


For more information, contact Natalie Ledlin, Lawyer & Practice Director


Direct Line:        02-8488-3383


Articles and posts by Ledlin Lawyers Pty Ltd are intended as general information and commentary and should not be used or relied on in place of legal advice. Please seek formal advice on particular transactions, circumstances and matters related to any articles, blog posts or case studies posted on this website.
Print This Post

Leave A Comment