Changes to the Privacy Amendment Act 2012 (Cwlth) commence on 12 March 2014. These changes establish 13 Australian Privacy Principles (APPs), which replace the existing National Privacy Principles. These principles identify the information that must be contained in an organisation’s privacy policy, including:

How, what, why and for what purpose the business collects and holds personal information

Whether the entity is likely to disclose personal information to overseas recipients

If the entity is likely to disclose personal information to overseas recipients, the countries in which such recipients are likely to be located, if it is practicable to specify those countries in the policy.

Personal information is defined as information that identifies or could reasonably identify an individual. That might include a person’s name, address and date of birth, but it can also include bank account details, photos and videos.

The business’s privacy policy must be available free of charge and in an appropriate form and include information about how an individual can complain about a breach. It must also outline how the business will deal with any complaints.

For cloud data stored outside Australia – on computer servers outside Australia – the country where the cloud service provider’s servers are located will need to be disclosed to clients.

For more information go to:

http://www.oaic.gov.au/images/documents/privacy/privacy-guides/comparison_guide_APP_NPP.pdf