How the Australian Privacy Principles affect your organisation

Submitted by communitycrm on

The National Privacy Principles (NPP) that applied to some private organisations and Information Privacy Principles (IPP) that applied to Australian Government Agencies has been consolidated into a single legal framework known as the Australian Privacy Principles (APP). The APP came into effect on 12 March 2014.

The APP outlines how personal information must be handled by government agencies and certain types of organisations (either known as an entity or combined, entities). The “Privacy Commissioner will have much stronger powers, including the ability to seek a civil penalty of up to $1.7 million for a serious or repeated privacy breach” (Smith 2014).

If you are a contracted provider for a Commonwealth contract, private health service provider or a private organisation with turn over than $3 million dollars per year the new APP principles may apply to you.

More information about the changes can be found at http://www.oaic.gov.au/privacy/privacy-resources/privacy-fact-sheets/oth...(link is external)

The APP introduces a new requirement which will make an entity vicariously liable for data disclosure breaches of an overseas third party provider. When an entity collects PI that will be disclosed to an overseas recipient, the individual must be notified at the time of collection of the countries where their disclosure is likely to occur. The entity must also “take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles” (OAIC 2014). When choosing an provider, care should be taken to choose a provider that doesn't outsource your work overseas and disclose it to third parties, unless similar protections exist under the APP. Your privacy policy wil also need to include a note in which countries the disclosure is likely to occur.

CommunityCRM perform all their development inhouse, and our data is hosted within Australia. This ensures you don't need to tell your clients you are storing their data overseas if your current provider outsources their work.