Privacy Guidelines
The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Privacy Amendment Act) made changes to the Privacy Act 1988 (Privacy Act) which commenced on 12 March 2014. The Privacy Regulation 2013, made under the Privacy Act, also commenced on 12 March 2014.
The Australian Privacy Principles (APPs) regulate the handling of personal information by Australian government agencies and some private sector organisations.
The APPs cover the collection, use, disclosure and storage of personal information. They allow individuals to access their personal information and have it corrected if it is incorrect. There are also separate APPs that deal with the use and disclosure of personal information for the purpose of direct marketing (APP 7), cross-border disclosure of personal information (APP 8) and the adoption, use and disclosure of government related identifiers (APP 9).
The APPs generally apply to Australian government agencies and also to private sector organisations with an annual turnover of $3 million or more. These entities are known as ‘APP entities’. In addition, the APPs will apply to some private sector organisations with an annual turnover of less than $3 million, such as health service providers.
For a summary of the APPs, see the APP quick reference tool. For more detail, see the full text of the APPs . Additional information on complying with the APPs can be found in the APP guidelines.
Who has responsibilities under the Privacy Act?
Most Australian Government agencies and some private sector organisations have responsibilities under the Privacy Act. The types of private sector organisations that are covered by the Privacy Act include:
- all businesses and not-for-profit organisations with an annual turnover greater than $3 million
- private sector health service providers, including child care centres, private schools and private tertiary educational institutions
- businesses that sell or purchase personal information
- participants in the credit reporting system (such as, credit providers (which includes energy and water utilities and telecommunication providers), credit reporting bodies and certain other third parties)
- contracted service providers for a Commonwealth contract
- small business operators that either:
- have opted-in to the Privacy Act
- are reporting entities under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 or
- are an association of employees registered or recognised under the Fair Work (Registered Organisations) Act 2009
Your club may need to comply with the Privacy Act. If you are not sure if you need to comply, CCV suggests you seek legal advice.
Not-For-Profit Law have developed a Privacy Guide that may assist clubs better understand how privacy issues should be handled.