Sweeping changes to Australia’s privacy laws that took effect on March 12, 2014, make the country a global standard-setter in protecting its citizens’ personal data. A comprehensive update of Australian privacy laws, the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (PAA), imposes specific requirements regarding the collection, storage and use of consumers’ personal information on companies that do business in Australia and have revenue of over $3 million. The Office of the Australian Information Commissioner (AIC) is empowered to enforce the PAA’s mandates by imposing fines of up to $1.7 million for serious or repeated invasions of privacy.
At first blush, the requirements imposed by the PAA may seem of a piece with those imposed by the European Union and other privacy-centric jurisdictions, and with the privacy principles promulgated by the Obama Administration. Indeed, the thirteen new Australian Privacy Principles (APPs) established by the PAA (which replace the existing National Privacy Principles and Information Privacy Principles) strike many of the same notes as the Consumer Privacy Bill of Rights proposed by the White House in February 2012: transparency, access, accuracy, security, and so forth, the “usual suspects” in privacy regulation.