March 2014: New Data Privacy laws for Australia from 12th March, 2014

The Office of Australian Information Commissioner (OAIC) has released new Data Privacy laws under the Data Privacy Act today, the 12th of March, 2014. The new requirements will regulate the handling of personal information by Australian Government agencies, businesses with a turnover of more than $3 million or those trading in personal information and all private health service providers.

The changes will include the ability of the OAIC to “conduct a privacy performance assessment, accept an enforceable undertaking and, in the case of serious or repeated breaches, seek civil penalties”. Breaches of the Privacy Act will be deemed an interference with privacy, and substantial fines, up to $340,000 for individuals, and $1.7 million for entities, are now established.

The OAIC  now has the ability to institute investigation of an organisation without any prior complaints having been received, in such instances the OAIC has documented guidelines against which it will review the data privacy of organisations. There is an expectation from OAIC that organisations will have these steps and implementing strategies to manage the following:

• governance
• ICT security
• data breaches
• physical security
• personnel security and training
• workplace policies
• the information life cycle
• standards
• regular monitoring and review.

The Guide to Information Security document can be found at:

The Australian Privacy Principles guidelines can be found at:

For further information on how Certitude can assist you in ensuring compliance with the new Act, please contact us.