• The Privacy Amendment (Enhancing Privacy Protection) comes into force on 12 March this year.
• Under the reforms, the Australian Privacy Principles (APPs) will replace the current National Privacy Principles.
• The APPs are a single set of privacy principles applicable to government agencies and organisations with a turnover of more than $3 million. Organisations were defined as individuals, body corporate, partnership, unincorporated association or trust that is not a small business operator.
• Personal information is defined as information or an opinion about an identified individual, an individual who is reasonably identifiable, whether the information or opinion is true or not, regardless of how it is stored.
• Critical to this definition is whether the information, either alone or combined with other datasets, can reasonably be used to identify individuals.
• The reforms apply to all personal information held including that collected prior to 12 March this year.
The data breach notification is the teeth in the upcoming privacy amendments. It forces organisations to own up to breaches. Formally known as the Privacy Amendments (Privacy Alerts) Bill 2013, the legislation was shelved last June ahead of the federal election.
It would force organisations defined in the Privacy Act to notify customers and the privacy office whenever their personal or financial information was compromised, and in severe cases require organisations to notify via national and state newspapers.
Not surprisingly, the bill received stiff opposition from industry groups, which said it would be too costly for businesses and that it lacked clarity around which breaches should be reported. But subsequent polls have found it has wide support in the general public and also received unconditional support from a parliamentary committee, which recommended it be passed by Senate.