Privacy Business OnlineCustomer enquiries, online sales and newsletter sign ups are all great ways of collecting information on customers or potential customers.

Does your business comply with the new privacy laws and do you need to update your procedures?

Small Business

The new Australian Privacy Principles (sometimes called APPs) apply to many kinds of organisations and businesses. However, save for certain exceptions, businesses with a turnover of $3 million dollars per year or less are not obliged to comply.

However, even if your business is not obliged to comply, it may be good practice or good customer relations to institute a privacy policy.

Changes to the Australian Privacy Principles

The new APPs replace the previous National Privacy Principles and relate to the collection, use, disclosure and maintenance of personal information.

Full details of the APPs can be read here, but following is a summary of some of the more important changes:

  • Open and Transparent Management of Information – businesses need to include more information in their privacy policies, including whether any information is likely to be disclosed overseas (including storage on information on the cloud if those servers are overseas) and making the policy publically available.
  • Overseas disclosure – if information is being sent or stored outside of Australia (eg, cloud based applications using servers outside of Australia) then the business must take reasonable steps to ensure that the offshore recipient complies with the APPs.
  • Anonymity – a business may be obliged to give a person the right to deal with it anonymously
  • Unsolicited Information – Even if the business has not sought the information, the APPs apply to its storage and management and you may be required to destroy the information so received.
  • The privacy principles relating to direct marketing have been rewritten and apply to a broader range of communications.


The Privacy Commissioner does not have to wait for a complaint to be made and now has a full range of powers which can be exercised on the Commissioner’s own initiative and include accepting undertakings, ordering redress or compensation and seeking penalties of up to $340,000 for individuals and up to $1.7m for companies.


The content of this article is intended to provide a general guide to the subject matter.  Specialist legal advice and business advice should be sought about your specific circumstances. For specific Legal Advice please contact us.


photo credit: FutUndBeidl via photopin cc