12 March 2014 was when changes to the Privacy Amendment Act 2012 (Cwlth) commenced. This replaces the existing National Privacy Principles with the 13 Australian Privacy Principles (APPs), in which they list out information that organisations must have in their privacy policy, which includes:
- The reason, the purpose, the method and what personal information the business collects and hold
- Stating whether the entity might disclose any personal information to overseas parties, and should that happen, the entity should try to specify the countries of the recipients.
So what would be defined as personal information? They should be data that identifies, or could reasonably identify an individual. These could range from the name, address, date of birth, to more confidential data like bank account details, photos or videos.
It is required that a business’ privacy policy must be readily available without charging any fees, and that it should be presented appropriately, and also include contact details should an individual wish to complain about a breach. The business must also describe how the complaints will be dealt with.
Should you have cloud data stored outside Australia; i.e. with servers located overseas, the country where the server is located should be disclosed to customers or clients. Your cloud service provider should be able to provide this information to you.
To find out more, visit
http://www.oaic.gov.au/images/documents/privacy/privacy-guides/comparison_guide_APP_NPP.pdf