Analysis of National and Overseas Effects of the Privacy Act 1988

Verified

Added on 2020/03/02

AI Summary

This report provides a detailed analysis of the Privacy Act 1988, focusing on its national and overseas effects. It examines key amendments, including the introduction of Australian Privacy Principles (APPs) and changes to credit reporting provisions. The report highlights the impact on organizations, emphasizing legal risks associated with privacy policies and compliance. It discusses the role of the Office of the Australian Information Commissioner (OAIC) and its enhanced powers, including the implications for both domestic and international organizations. Furthermore, the report explores cross-border disclosure of personal information and compares Australian privacy laws with those of other countries, such as the United States and the European Union. The conclusion summarizes the key changes and their implications for data protection and individual privacy.

Running Head: Law 1
Law

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Law 2
Introduction:
The privacy Act 1988 (Privacy Act) provide protection to the personal information. Personal
information is considered as information which can identify the person, such as name, address,
Phone number, date of birth, records related to medical, bank account details, and opinions
related to the person.
There are number of amendments related to the Privacy Act and these amendments are
introduced on 12th March 2014. It states the new set of Australian Privacy Principles (APPs), and
these principles define the procedure through which information is handled by private sector
organizations and Australian Government agencies. It also includes the changes related to the
collection and use of credit information, and imposed various new powers in the Office of the
Australian Information Commissioner (OAIC) for the purpose of resolving privacy complaints
and investigations.
This paper contains the discussion on National and overseas effects of the new privacy Act. In
this, a provision related to privacy Act of other countries is also discussed. Lastly, paper is
concluded with brief conclusion.
National and overseas effects of the new privacy Act:
Key changes:
Amendments made by government in the Privacy Act include various new provisions and
obligations in terms of corresponding compliance. Two parts of the Act are completely changed
by these new amendments. Provisions of Privacy Act in relation to credit reporting are
completely replaced by new credit provisions. Numbers of important changes are introduced in

Law 3
the current framework such as policy related to the credit information, collection and recording
of information related to credit, and disclosure of such information to overseas entities. It is
necessary for those retail businesses that issue credit cards, banks, business organizations which
substantially involve the provision related to the credit, those suppliers which supplies goods and
services on credit payment/terms, equipment lessors, and credit providers to follow this new
framework. This framework was amended on the basis of revised Credit Reporting Privacy Code
developed by Australian Retail Credit Association, and it was registered by the Australian
Privacy Commissioner (Commissioner) (Goblin, 2014).
It must be noted that credit reporting provisions under the privacy Act states various types of
credit providers which includes banks and retailers. However, maximum organization can be
considered as:
 Agent of credit provider which helps the credit provider in processing the application for
credit.
 Organization is considered as credit provider if it allows the client to defer the repayment
of the cost in relation of goods purchased by client or services provided to the client for
the period of seven days.
It is very important for organizations to ensure that their privacy policy, credit reporting policy,
and collection statements provide details of the actual management of the personal information
in context of that organization. Documentation related to privacy compliance must be reflective
in nature for the purpose of collection, uses, storage, disclosures, access and correction of the
personal information.

Law 4
However, the main legal risk related to an organization is occurred because of the statements
included by organization in the privacy compliance document, and these risks arise because there
is misalignment of privacy policy with the actual practices of the organization. Therefore, it is
clear that noncompliance and liability on organization arise because organization fails to fulfill
its promises (Delaney & Davis, 2014).
It must be noted that these key changes are mainly reflected by the APP1 and APP5 that is
privacy policy and notification obligations respectively. These standards impose higher burden
on business organizations to institute practices, procedures and policies which ensure privacy
protection. It also includes procedures related to inquiries and complaints in regards of
organization compliance with the APPs. It must be noted that privacy policy must be transparent,
accessible to the public, and must be available for free of charge. Following are some details
stated below which must be included in the privacy policy of the organization:
 Particular type of personal information which is collected and holds by the organization,
and method for the purpose of collection and holding such information.
 Policy must state the primary and secondary purpose for which such information is
collected, hold, and disclosed by the organization.
 Method through which individual access his personal information and how changes can
be made by the individual in such information.
 Procedure related to the complaint in case of breach of the APPs or an applicable
registered APP code; and how organization deals with complaint made by individual.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Law 5
Other changes:
Some other changes are also stated below which affect the working and obligations of
organizations at both national and overseas:
APP2- this standard provides that when there is no obligation on individual to disclose their
identity then such individual can use a pseudonym. Previously individuals only have option of
anonymity.
APP4- this standard provides that in case organization receives any information through
unsolicited means and it is not possible for organization to receive that information through
solicited means then it is the obligation of organization to destroy that information.
APP7- this standard increases the requirements for consent of informed user in relation to direct
marketing. Organizations must ensure simple ways through which individual can place request
for not receiving direct marketing and also for making request that personal information of the
individual is not given to any third party for the similar purpose (OAIC, 2014).
Overseas effect:
Section 16C and APP8 that is disclosure to overseas entities are considered as the most
controversial and least understood change. It must be noted that above stated changes mainly
impact the organizations working at national level, but this change impacts the organization
working at overseas.
APP8 set out the new principal of accountability and states that if any organization works in
Australia wants to disclose personal information to an overseas entity then it is the duty of
Australian organization to take such steps which ensures that overseas entity to which such

Law 6
information is disclosed must compiled with the APP standards. Personal information disclosures
also include provision related to electronic viewing access, and it is not necessary that there must
be physical transfer of data. In case overseas organization fails to comply with the APP standards
in respect of personal information, then Australian organization is accountable and liable under
section 16C in such manner as Australian organization failed to compile with the Privacy Act.
Therefore, it is necessary for those organizations which provide personal information to overseas
organization to consider contractual binding on those overseas entities for the purpose of
complying with the new legislation and privacy policy of Australian organization. It also
includes implementing the safeguards related to the privacy policy, legal exposure of the
Australian organization in case overseas organization breaches the contract and fails to
implement those safeguards (OAIC, 2015).
This can be understood through example in relation to Foreign IT suppliers, as per this IT
suppliers are also bound by the privacy Act of Australia if they conduct any activity in the
Australia. Even activities conducted by the suppliers outside the Australia then also they are
covered by this Act if (Corrs, 2017):
 Suppliers carry their business in Australia or
 They collect and hold the personal information in Australia or
 They receive personal information from Australian organization.
For the above stated provisions, those organizations which are not physically present in the
Australia but collect information from people through their online presence will be considered as
organization which carries business in Australia. In other words, if any organization working at
overseas collects any personal information from people in Australia through online source are
bound by the Privacy Act of Australia.

Law 7
Powers of commissioner & its effect:
From March 2014, new amendments enhanced the power of the commissioner
in relation to investigation and enforcement. Various new powers are imposed
such as commissioner has right to get injunction from the Court against any
person and organization which contravenes the provisions of the Privacy Act,
obtain enforcement undertakings by that person which breached the privacy
Act. Commissioner can also seek penalty orders from Federal Court of civil if
there is any serious breach. Enhanced powers of commissioner impact both
national and overseas organizations in following manner:
Seeking permission- at the time of privacy reform process, complete banking sector and
especially Australia and New Zealand Banking Group Limited (ANZ) show their concerns in
relation to the changes occurred in principal of cross border disclosure and its impact on
international operations of the banks. After the introduction of APP8 both ANZ and the Reserve
Bank of Australia make application to the commissioner under public interest determinations for
the purpose of allowing them and other authorized deposit taking institutions to disclose the
personal information related to the beneficiary of an IMT to an overseas financial institution
while processing the IMT.
The actual concern in relation to that application was that because of the increased complication
in international transfer system and practices conducted by overseas organizations, it is necessary
to disclose the personal information beyond the permission granted by APP8. In this situation
two determinations are made by Commissioner under public interest, and one determination is
specifically relates with the ANZ and second for remaining banking industry. Commissioner

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Law 8
stated that while disclosing the personal information of the beneficiary in case of IMT, ADI will
not be held responsible for APP breaches on behalf of overseas organizations (Macor, 2014).
Comparison with other country: it must be noted that provisions of privacy law vary country
to country. This can be understood through example; it is very simple for US based companies to
collect data from users in the EU. In EU strict data privacy laws are applicable if any
organization is certified under a program called Safe Harbor. But few years before, safe harbor
program was declared invalid by EU. As per Kate Lucente, attorney of US who works with the
issues of data privacy “it is necessary for companies to ensure some back up mechanism for the
purpose of making data transfer legal”.
It is clear that there is huge difference between the countries privacy law and every country
makes their laws as per issues addressed by them in relation to data privacy.
Conclusion:
This paper states the Key changes of privacy Act and how these changes affect the national and
overseas organization. various important changes are stated in this paper such as Provisions of
Privacy Act in relation to credit reporting are completely replaced by new credit provisions,
enhanced powers of commissioner and how these powers affect the banking industry,
information disclose to overseas organization, etc. This new privacy Act ensures protection of
personal information of individuals and ensures data safety.

Law 9
References:
Corrs, (2017). Major Changes To Australia's Privacy Act: Why They Matter For Foreign It
Suppliers Doing Business In Australia. Viewed at:
http://www.corrs.com.au/thinking/insights/major-changes-to-australias-privacy-act-why-they-
matter-for-foreign-it-suppliers-doing-business-in-australia/. Accessed on 25th August 2017.
Delaney, H. & Davis, M. Privacy Act: Are you compliant. Viewed at:
http://www.findlaw.com.au/articles/5617/privacy-act-are-you-compliant.aspx. Accessed on 25th
August 2017.
Macor, N. (2014). The New Privacy Act: Six Months On. Viewed at:
http://www.austlii.edu.au/au/journals/CommsLawB/2014/16.pdf. Accessed on 25th August 2017.
OAIC, (2014). Privacy fact sheet 24: How changes to privacy law affect you. Viewed at:
https://www.oaic.gov.au/individuals/privacy-fact-sheets/general/privacy-fact-sheet-24-how-
changes-to-privacy-law-affect-you. Accessed on 25th August 2017.
OAIC, (2015). Cross-border disclosure of personal information. Viewed at:
https://www.oaic.gov.au/agencies-and-organisations/app-guidelines/chapter-8-app-8-cross-
border-disclosure-of-personal-information. Accessed on 25th August 2017.
Tobin, G. (2014). Privacy law in Australia: an overview. Viewed at:
https://www.lexology.com/library/detail.aspx?g=f508c927-860b-43a4-832a-aabea4169037.
Accessed on 25th August 2017.