The Office of the Australian Information Commissioner (OAIC) today released the Australian Privacy Principles (APP) guidelines, an important step toward preparing public and private sectors for major changes in privacy law to be implemented in March this year.
“March 12 will see the biggest change in privacy law in 25 years, and the APP guidelines are an essential tool for the implementation of this change,” shared Australian Information Commissioner, Professor John McMillan.
The introduction of the APPs is one of the significant changes under the privacy reforms. The APPs are a single set of privacy principles that will regulate the handling of personal information by both Australian public and private sectors, when amendments to the Privacy Act 1988 come into place. Currently, Australian Government agencies are covered by the Information Privacy Principles, while the private sector is covered by the National Privacy Principles.
The APPs will regulate the collection and use of personal information, and require entities to manage personal information in an open and transparent way. The 13 new principles are significantly different from existing ones, including the principles on the use and disclosure of personal information for direct marketing and on cross-border disclosure of personal information.
The APP guidelines will be a key resource for entities covered by the Privacy Act in assessing their compliance with the new principles. The guidelines outline the mandatory requirements of the APPs, how the OAIC will interpret the APPs, and matters that the OAIC will take into account when exercising functions and powers under the Privacy Act.
“We have put a lot of work into producing the APP guidelines, including extensive public consultation, so that we can maximise their usefulness to business and government,” said Professor McMillan. “The APP guidelines not only outline minimum compliance requirements, but also provide practical examples of best practice.”
The new privacy laws from 12 March will mean that Australians can more easily ask an organisation where they collected their personal information from and find out if it will be sent overseas. They will also be able to request access to their personal information held by an organisation or government agency or request a correction to their information held.