Finally, the Privacy Amendment (Enhancing Privacy Protection) Bill 2012 (Bill) passed yesterday (29 November). As noted in an earlier update, these amendments will toughen the Privacy Act 1988 (Cth) and significantly increase the obligations on organisations (both government agencies and businesses) that collect or deal with personal information in Australia or from Australian residents.
The Privacy Commissioner, Mr Timothy Pilgrim, said of the amendments:
'From the commencement of the new laws, I will be able to accept enforceable undertakings and seek civil penalties… I will not shy away from using these powers in appropriate cases.'
While the journey to enactment has seen a number of changes to the Bill along the way, including last-minute changes originating in the Senate, the essence of the amendments passed are as noted in our earlier update. The most obvious late change to the Bill was the extension of the transition period (the time in which to comply with the new amendments) from nine months to 15 months (ie until March 2014).
However, even with 15 months to comply (ie until March 2014), we caution that this time will fly by. We suggest that, early in the New Year, you start the process of considering, reviewing and revising your existing procedures and policies in order to ensure compliance with the new amended privacy law well before March 2014.
To assist you with this, we will prepare a further update confirming all of the changes and provide you with our top practical tips to ensure you comply with the 'new laws' early in the New Year. Of course, we would be happy to hear from you if you would prefer a more detailed briefing or like to attend one of our seminars next year on the changes and how to comply.
In the meantime, Merry Christmas and Happy New Year from all of us at the Privacy Team at DLA Piper Australia.