Reforms to Australia’s Privacy Act 1988 (Cth)

What You Need to Know About the New Privacy Law Changes

Changes to Australia’s privacy law have already taken place. These new changes give the Privacy Commissioner a greater authority to seek civil penalties from those in violation. Penalties can total up to $1.7 million, depending on the severity of the privacy violation.

What You Need to Do

If your organisation is one of the many who have not yet done anything in response to the new privacy laws, you should make sure that your company, or organisation, is in compliance, to avoid possible costly penalties.

  • Make sure all of your privacy policies are up to date. Both your website’s privacy policy and the physical document that you hand to clients need to reflect the new changes. These new policies should refer to Australian Privacy Principles (APPs) instead of the National Privacy Principles.

    • New privacy policies should inform your clients that they have the right to register a complaint, if they suspect a violation of the APPs. As well as, how your organisation handles such grievances.
    • These new policies should also disclose the overseas recipients of personal information, and the countries where these individuals are located.


  • Create a company SOP regarding the new changes.
    Creating a standard operating procedure (SOP), for enacting the new privacy policy procedures, will ensure that all employees are well informed of the changes that need to be put in place. The SOP should include:

    • An overview of the current privacy law and how it applies to your institution.
    • Methods in which your company legally collects, stores, and uses the privacy information that is has gathered.
    • Information on which individuals are responsible for compliance to the privacy policies in your organisation.
    • Guidance on how to resolve privacy violation complaints.
    • Direction on how to enter sensitive agreements, where the institution relates personal information to individuals in foreign countries.

    An SOP also allows for all employees to be trained in the same manner. Properly trained staff will minimize the likelihood of privacy violations.


  • Administer an internal investigation on Privacy Act policies.
    An internal investigation of your company’s practices concerning personal information, will give you first-hand information, as to whether or not your organisation is in compliance, with the new additions to the Privacy Act.

    Areas to consider, and may place you at an increased risk of violation of APPs are:

    • If individuals from overseas violate the APPs, your company may be responsible, if it released the personal information to those individuals.
    • Your company may be at an increased risk of violation, if they do not provide an “opt out” statement on all direct marketing means.


If, during the course of the internal investigation, you find areas where your company is in non-compliance, it is best to remedy issues as soon as possible, to avoid penalties.

This is not legal advice and should be considered only as suggestions.