The changes to the Privacy Act were effective 12 March 2014, and to assist entities affected the Office of Australian Information Commissioner (OAIC) has published 13 Australian Privacy Principles (APPs) representing the most significant change to privacy laws in Australia since they were first introduced in 1988. The privacy principles apply to all entities unless they have annual revenues of less than $3m and do not provide a health service. A useful checklist to determine if the new privacy charges apply to you can be found here.
Key changes include stricter rules on the security of personal information, sending personal information overseas, the use of personal details for direct marketing, the treatment of unsolicited information and complaints handling.
The new laws also, for the first time, permit the Privacy Commissioner to issue fines of up to $1.7m for companies and $340,000 for individuals for breaches of the Privacy Act. Another change occuring at this time also broadens the definition of credit providers from the usual banks and financiers to organisations that provide goods or services on credit for payment after 7 days or more. Such organisations will also be impacted by the credit privacy rules.