LISTEN NOW

LATEST PODCAST EP

1800 874 949

We’re here to help

Call us
Podcast
Resources

Privacy Principles

Picture of Catherine Henry Lawyers
Catherine Henry Lawyers

We put people first

Share this: 

On 12 March 2014, 13 new Australian Privacy Principles (APPs)[1] were created with the aim of greater uniformity and greater transparency in the federal privacy sphere. At the same time, the Office of the Privacy Commissioner was brought under the same banner as the Office of the Australian Information Commissioner (OAIC). The OAIC is now the body responsible for ensuring organisations are complying with the law and advising both government and businesses about how the laws operate. It also manages privacy complaints and enforcement.

The OAIC’s powers were significantly enhanced in the reforms so that it now has the power to:

  • Conduct performance assessments, investigations and monitor compliance with privacy obligations.
  • Accept Court-enforceable undertakings from APP entities to act or refrain from certain activities.
  • Apply to the Federal Court for a civil penalty order (up to $340,000 for individuals and $1.7million for a body corporate).

The OAIC routinely publishes outcomes of assessments and determinations on its website, particularly where it believes to do so is in the public interest.   In time, these published decisions will provide further guidance about the changes implemented by the APPs.

To whom do the APPs apply?

APP Entities

The 2014 reforms introduced the concept of “APP Entities”, which encompass either Australian government organisations or agencies including:

  • Public hospitals
  • Medicare
  • NSW Health Care Complaints Commission (HCCC)
  • Australian Health Practitioner Regulation Agency (AHPRA), which governs the national registration and regulation of health practitioners.

Non-APP entities

Private organisations which would otherwise be regarded as non-APP Entities, are subject to the APPs if they are providing a health service. “Health service” is widely defined under the Privacy Act 1988 and (according to guidance provided by the OAIC) would include:

  • Traditional health service providers, such as private hospitals, day surgeries, medical practitioners, pharmacists and allied health professionals.
  • Complementary therapists, such as naturopaths and chiropractors.
  • Gyms and weight loss clinics.
  • Childcare centres, private schools and private tertiary educational institutions.

 

What kinds of complaints are likely to be made about health services?

Health information is afforded greater protection under the regime and it extends not only to information about health services provided but also opinions about health or disabilities and individuals’ wishes about future provision of health services including organ donation. The OAIC provides the following as examples of health information:

  • Information about an individual’s physical or mental health.
  • Notes of an individual’s symptoms or diagnosis and the treatment given.
  • Specialist reports and test results.
  • Appointment and billing details.
  • Prescriptions and other pharmaceutical purchases.
  • Dental records.
  • Records held by a fitness club about an individual.
  • Information about an individual’s suitability for a job, if it reveals information about the individual’s health.
  • An individual’s healthcare identifier when it is collected to provide a health service.
  • Any other personal information (such as information about an individual’s date of birth, gender, race, sexuality, religion), collected for the purpose of providing a health service.

 

How to make a complaint

If you have a complaint about an APP Entity concerning:

  • The way in which your health information has been collected, handled, stored or used;
  • Access to your health information;
  • Mistakes in your recorded health information;

And you are unsatisfied with the organisation’s response to your complaint you can make a complaint to the Privacy Commissioner (Mr Timothy Pilgrim) via the OAIC.

12 months on from the Federal Privacy changes, what’s changed?

Many government agencies and organisations appear to have taken the initiatives on board with updated privacy policies on their websites stating what kinds of information they collect and how it is held. These policies now appear to be more comprehensive and specific regarding types of information and in that regard are a welcome move towards the greater transparency heralded by the APPs.

On the first anniversary of the APPs being introduced, the OAIC reported[2] that in the first 12 months of the regime, it had:

  • Received 4016 privacy complaints (a 43% increase on the previous 12 months).
  • Received 14,064 privacy enquiries.
  • Received 104 voluntary data breach notifications.
  • Commenced 13 privacy assessments.

 

Until such time as further data becomes available, it is difficult to see whether the new regime has delivered what it promised, although it is clear from the above report that the OAIC is at least using its new powers to conduct assessments.

The monumental increase in privacy complaints is a clear sign that those entities dealing with personal and health information need to take a considered and targeted approach to implementing compliant privacy policies and procedures.

 

[1] as set out in schedule 1 of the Privacy Act 1988

[2] http://www.oaic.gov.au/news-and-events/media-releases/privacy-media-releases/privacy-law-reform-report-card

Latest Information Resources

View more information resources

We are here to help you

Looking for expert legal help but do not know where to start?
We can help you find the information you need. 

Make an enquiry
Facebook Instagram Linkedin

Catherine Henry Lawyers acknowledges the traditional owners of country. We pay our respects to elders past and present and will play our part to ensure equal access to quality legal representation for all Australians.

PRIVACY POLICY   /   PRIVACY COLLECTION NOTICE – (COVID-19)   /   GENERAL TERMS OF BUSINESS   /   DISCLAIMER   /   SUBSCRIBE   /   CAREERS   /    CONTACT US

Awabakal Country, Level 1, 133 King Street, Newcastle, NSW 2300   
Call us on 1800 874 949    TEL 02 4929 3995    FAX 02 4927 2444    Email us at info@chlawyers.com.au
© Copyright Catherine Henry Lawyers Pty Limited ABN 90 623 704 209

Liability limited by a scheme approved under Professional Standards Legislation.

Back To Top
Search

Stay Informed

Would you like to hear from us with the legal issues and news that matters most to you?

Subscribing to Catherine Henry Lawyers monthly e-newsletter will provide you with access to expert articles, client stories, information resources, downloadable content and relevant updates on law changes that affect you and your loved ones.

Subscribe: