Privacy Law Reform

From 12 March 2014 the way Australian organisations are required to handle personal information will change significantly. Will your organisation be ready?

The Privacy Amendment (Enhancing Privacy Protection) Act 2012 introduces many significant changes to the existing Privacy Act. This includes a set of thirteen new, harmonised, privacy principles to regulate the handling of personal information, plus higher penalties for breaches of privacy. The new laws will apply to Australian Government agencies, private sector businesses and not-for profit organisations covered by the Privacy Act 1988.

What’s changing?

While many of the concepts and requirements of the privacy reforms remain the same, there are some additional protections that relate to the privacy of individuals. These include restrictions around the use and disclosure of personal information for direct marketing and an increased emphasis on the security of personal information. All are designed to protect personal information from being mishandled. Specific reforms include:

  • The introduction of the Australian Privacy Principles (APPs) that will regulate the collection, use, storage and disclosure of personal information. The APPs replace the Information Privacy Principles (IPPs) that previously applied to Government agencies and the National Privacy Principles (NPPs) that previously applied to businesses.

  • A mandatory obligation to inform individuals how they may complain about a privacy breach.

  • New civil penalties of up to $340,000 for individuals and $1.7 million for an agency for serious or repeated breaches of an individual’s privacy.

  • Greater enforcement powers for the Office of the Australian Information Commissioner.

What do I need to do?

While the reforms do not commence until 12 March 2014, organisations need to start preparing now to ensure they are ready.

1. Review your privacy policy
Your privacy policy needs to comply with the APPs and clearly set out how your organisation collects, uses, discloses, transfers and stores client, student or other individual’s information. Review it now and make any amendments necessary.

2. Ensure your workers receive adequate training
All your workers, including volunteers, need to be aware of the privacy changes and be familiar with your privacy policy. Ensure your training program covers the collection, security and disclosure of personal information.

3. Evaluate your security measures
The security measures you have in place to protect personal information will need to be reviewed to
ensure they’re up to the task. Measures could include governance, IT security, physical security, workplace training and policies.

4. Review your insurance cover
Review your insurance cover to ensure it’s adequate for all your operations, including your online activities. Your public liability policy may already provide specific cover for privacy claims, however most provide very limited cover for internet liability. You may wish to consider cyber insurance. CCI’s Cyber Insurance can protect you from the fallout of a range of cyber-crime and computer-based activities. Cyber events including computer malware, data breaches, cyber extortion threats and denial of service attacks can all lead to losses and claims being made against you. 

Practical help

The Office of the Australian Information Commissioner has a number of resources which are available from or by calling 1300 363 992. Privacy Awareness Week is a national event coordinated by the OAIC.

CCI’s Essentials of Privacy e-Learning course, available via Learning Manager, is designed to help clients meet their various privacy obligations.

Learning Manager is currently available to archdiocese, diocese and congregations. For an
obligation-free demonstration call 1300 660 827 or email

If you would like more information about Cyber insurance, speak to your CCI Account Executive, visit or call 1800 011 028.

If you would like further information about the Privacy Law Reform, please contact the risksupport Helpdesk on:
1300 660 827

Posted: 3 March 2014

Topic: Online Security

 Related items



Developing an IT Security Policy Fact Sheet an IT Security Policy Fact Sheet
Developing an Internet Usage Policy Fact Sheet an Internet Usage Policy Fact Sheet
Cybercrime: now easier to identify, report, avoid now easier to identify, report, avoid

If you’d like to hear about news and alerts by Risksupport as they're published, subscribe.
Subscribe to News
by CCI
Be the first to find out about the latest news in risk management. Subscribe here to receive email updates when new alerts and articles are published on our website.

Sorry, something went wrong

An unexpected error has occured.