Likewise, many businesses provide credit accounts to their customers, while some will look to market their product to both existing and potential customers.

If you are a business owner who is turning over more than $3,000,000 annually (APP entities)  and you fall into one or more of the above categories, it is important that you familiarise yourself with the recent amendments to the Privacy Act 1988 (Cth) and specifically, new privacy principles referred to as the Australian Privacy Principles (APP).

The aim of the APPs is to provide more protection for individuals when their personal information is collected, used, disclosed, secured or provided to an APP entity.

While there are 13 APPs, of significant importance for APP entities, are the new principles that are likely to affect the way in which the business owner conducts their business. For example, all APP entities must take further steps when disclosing their privacy policies and procedures because simply having a privacy policy in place is no longer satisfactory. 

APP entities must also ensure they have well-documented policies and procedures in place which govern how the APP entity manages the personal information of their clients. 

These policies must outline points such as:

the reason why the information is being collected;

how the individual can access and correct the information; and

whether the information will be shared with any other business within or outside of Australia.

Further, for APP entities providing credit to their clients for a period of more than seven days, the relevant entity must ensure it updates documents such as its:

terms and conditions of trade; 

credit application documentation; and

privacy statement.

Likewise, if your business is considered an APP entity and you have previously supplied your client's personal information for direct marketing purposes to other businesses or third parties, the APPs now require your business to first give your client the ability to opt out of receiving any marketing material. 

Importantly, the changes to the act also saw the Office of the Australian Information Commissioner (OAIC)  granted more enforcement powers against APP entities that fail to comply with the APPs. 

For example, the OAIC can now impose penalties of up to $1,7000,000  for business that fail to comply with the APPs.

Therefore, businesses that are considered APP entities are encouraged to familiarise themselves with the APPs.

Failing to do so could leave your business subject to an investigation by the OAIC. 

Disclaimer: Readers should seek independent legal advice as this article is for information purposes only. Nick McConnell is a graduate lawyer at at Beck Legal, Bendigo.