This year has marked a new focus on privacy regulation in Australia. It is vital for businesses to comply with their privacy obligations under the new laws.

In March the Australian privacy regulation landscape changed with the old National Privacy Principles replaced with the Australian Privacy Principles (APPs). This now provides a unified national system regulating the collection, use, disclosure, storage and destruction of personal information. The APPs set out the minimum privacy standards for entities covered by the Act – such as businesses with a turnover of more than $3 million a year, entities providing a 'health service' and any smaller businesses that have opted into the Privacy Act.

Fundamentally, the APPs are concerned with the regulation of 'personal information'.

The Privacy Act defines personal information as “…information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.”

If you collect, hold or use personal information – and you haven't already reviewed your privacy management practices in response to the introduction of the APPs – then it is vitally important that you do so.

Some of the questions businesses should be asking are:

1. Do we handle personal information (including information stored in visual formats, such as CCTV footage)?

Please note, nearly all businesses handle some form of personal information.

2. What systems do we have in place to manage and protect personal information?

3. Do we have an up-to-date privacy policy? If not, are we required to have one?

4. Do we have a system in place for handling privacy inquiries and complaints?

5. Do we engage in direct marketing using personal information?

6. Do we send personal information overseas?

7. Do we have a clear system for securing, storing and destroying personal information?

Bringing your privacy practices up to date will not only ensure you comply with the applicable laws, it will instil confidence in your customers that they can deal with you safe in the knowledge that you adopt best practice measures to keep their personal

information secure.

The Privacy Commissioner (who is responsible for enforcing the APPs) has been granted expanded powers to investigate and assess the privacy performance of businesses. The Privacy Commissioner can impose civil penalties in the case of serious

or repeated breaches of privacy, with potentially significant penalties ranging up to fines of $1.7 million for companies.