Add to collection(s) Add to saved
  1. Social Science
  2. Psychology
  3. Conformity

OAIC Releases New Guidance on Australian Privacy Principles

27 August 2013
Practice Group(s):
OAIC Releases New Guidance on
Australian Privacy Principles
Consumer Financial
Services
By Andrea Beatty and Abhishek Bansal
Commercial
Transactions and
Outsourcing
The Office of Australian Information Commissioner (OAIC) has released the draft Australian Privacy
Principles (APPs) Guidelines for public consultation. The guidelines outline how the OAIC will
interpret and apply the APPs. To access the draft guidelines, click here.
The APPs set out the rules for collection, use, disclosure, access and correction of personal
information and replace the National Privacy Principles from 12 March 2014. The APPs will apply to
private and public sector organisations.
The OAIC expects to release the guidelines for interpreting the APPs in three tranches. At this stage,
the OAIC has released draft guidelines for APPs 1 - 5. Further draft guidance is expected to be
released in coming weeks.
Organisations are encouraged to review the draft guidelines and provide feedback to the OAIC within
the consultation period which ends on 20 September 2013.
Bundled Consents
The draft guidelines include a chapter setting out "Key Concepts" which outlines the OAIC’s
interpretation of some key words and phrases that are used in the Privacy Act 1988 (Cth) (Privacy
Act) as amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth).
In that chapter, the OAIC states that the key elements of consent are:
 it must be provided voluntarily
 the individual must be adequately informed of what they are consenting to
 it must be current and specific, and
 the individual must have the capacity to understand and communicate their consent.
Bundled consent is where an organisation gets an individual to consent to a wide range of collection,
uses and disclosure of personal information through a single affirmation consent. The draft guidelines
raise some concerns about organisations' use of bundled consents. Paragraph B.33 of Chapter B states
that the bundled consents have "the potential to undermine the voluntary nature of the consent" as the
individual is not given the opportunity to choose which collections, uses and disclosures they agree to
and which they do not. This could mean that bundled consents may not satisfy the key elements of
consent as set out above.
There may well be practical IT difficulties in refining the use of bundled consents.
Organisations may wish to provide feedback to the OAIC to seek further clarity about the use of
bundled consents.
OAIC releases new guidance on Australian Privacy
Principles
Privacy Commissioner Reviews Website Privacy Policies
On 14 August 2013, the OAIC released the results of its review of privacy policies listed on over 50
websites. In its review, the OAIC assessed the privacy policies for their accessibility, readability and
content.
The review found that over 65% of the privacy policies provided information that was not relevant to
the handling of personal information, and was potentially confusing.
Organisations are reminded that under APP 1, they are required to have a clearly expressed and up-todate privacy policy about how the organisation manages personal information. APP 1.4 contains a
non-exhaustive list of information that must be included in the privacy policy such as how the
organisation collects, uses and discloses personal information.
As the privacy policy is going to be made available on public websites, organisations should ensure
that their information handling practices are correctly reflected in their privacy policy. This will not
only avoid confusion and consumer complaints, but also any claims of misleading or deceptive
conduct.
Starting the Privacy Project
The changes to the Privacy Act commencing in March 2014 require organisations to not only update
their policies and procedures before the start date but also impose additional ongoing commitments.
The Privacy Commissioner has further commented that organisations should make a commitment to
conducting a Privacy Impact Assessment for any new projects in which personal information will be
handled.
Organisations can obtain a better understanding of their information handling practices by completing
a simple questionnaire developed by K&L Gates. This survey will identify the information flows and
any privacy hot spots within the organisation. This questionnaire can also form part of a Privacy
Impact Assessment for any new project.
K&L Gates has developed a Privacy Compliance Checklist which organisations can use to assess their
readiness for the privacy reforms and review compliance with the amended Privacy Act on an ongoing
basis post March 2014.
If you would like a copy of the information handling questionnaire or the Privacy Compliance
Checklist, please contact us.
Authors:
Andrea Beatty
andrea.beatty@klgates.com
+61 2 9513 2333
Abhishek Bansal
abhishek.bansal@klgates.com
+61 2 9513 2368
2
OAIC releases new guidance on Australian Privacy
Principles
Other Contacts:
Jim Bulling
jim.bulling@klgates.com
+61 3 9640 4338
Anchorage Austin Beijing Berlin Boston Brisbane Brussels Charleston Charlotte Chicago Dallas Doha Dubai Fort Worth Frankfurt
Harrisburg Hong Kong London Los Angeles Melbourne Miami Milan Moscow Newark New York Orange County Palo Alto Paris Perth
Pittsburgh Portland Raleigh Research Triangle Park San Diego San Francisco São Paulo Seattle Seoul Shanghai Singapore Spokane
Sydney Taipei Tokyo Warsaw Washington, D.C.
K&L Gates includes lawyers practicing out of 46 fully integrated offices located in North America, Europe, Asia,
South America, Australia, and the Middle East, and represents numerous GLOBAL 500, FORTUNE 100, and
FTSE 100 corporations, in addition to growth and middle market companies, entrepreneurs, capital market
participants and public sector entities. For more information about K&L Gates or its locations and registrations, visit
www.klgates.com.
This publication is for informational purposes and does not contain or convey legal advice. The information herein should not be used or relied upon in
regard to any particular facts or circumstances without first consulting a lawyer.
©2013 K&L Gates LLP. All Rights Reserved.
3
Related documents
New Patient Information Form
New Patient Information Form
Acknowledgement of Privacy
Acknowledgement of Privacy
“Contrasting the early 19th versus early 21st Centuries”
“Contrasting the early 19th versus early 21st Centuries”
Central Missouri Cardiovascular Associates P
Central Missouri Cardiovascular Associates P
Privacy Confidentiality Minor
Privacy Confidentiality Minor
11. Code of Fair Information Practices Code of Fair Information Practices
11. Code of Fair Information Practices Code of Fair Information Practices
Download