If your business has a turnover of more than $3 million, you may be affected by important changes to the Privacy Act 1988 that commenced on 12 March 2014.

The changes include a new set of privacy principles that regulate the handling of personal information by Australian Government agencies, businesses with a turnover of more than $3 million or those trading in personal information and all private health service providers.

There are also changes to the credit reporting provisions of the Privacy Act and new regulatory powers for the Office of the Australian Information Commissioner (OAIC), including the power to conduct a privacy performance assessment, accept an enforceable undertaking and, in the case of serious or repeated breaches, seek civil penalties.

“These are the most significant changes to privacy laws in over 25 years and affect a large section of the community. The world has changed remarkably since the late 1980s when the Privacy Act was first introduced, and so the changes were required to bring our laws up to date with contemporary information handling practices, including global data flows,” said Australian Privacy Commissioner Timothy Pilgrim.

The new laws require businesses and Australian Government agencies to be more transparent about how they handle personal information. Entities need to have a clearly expressed and up to date privacy policy about the way they handle personal information.

For fact sheets and further details on these changes, visit the OAIC website.