The Privacy Act amendments will take effect on 12 March 2014.
How will current exemptions be affected?
Small business exemption
Currently small businesses (with a turnover of $3 million or less) are exempt unless they are:
- a health service provider
- a trader in personal information
- related to a larger business
- a contractor with Commonwealth
- a reporting entity under the AML/CTF Act
- an operator of a residential tenancy database.
A small business can opt in.
The only change to that exemption is that small businesses will be bound by the CR (credit reporting) Code if they elect to participate in the credit reporting system.
Credit providers and credit reporting agencies that are small businesses will be required to comply with the Privacy Act.
Private Sector Employee records
Employee records directly related to a current or former employment relationship will continue to be exempt. But employment agencies and information about prospective employees will continue to be covered by the Privacy Act.
Spam Act and Do Not Call Register Act
APP 7.8 (direct marketing) provides that APP 7 will not apply if the Spam Act or the Do Not Call Register Act apply. These Acts contain specific provisions regarding a particular type of direct marketing or direct marketing by a particular technology.
But if these Acts do not apply then APP 7 will apply to organisations involved in direct marketing relating to electronic messages and other acts and practices not covered by these Acts.
The Spam Act generally applies to any unsolicited commercial electronic message (“spam”) with an Australian link.
The Privacy Act will apply to emails and other non-commercial electronic messages not covered by the Spam Act when it involves the use of “personal information‟.
The amendments could also therefore apply to non-message based online marketing including Twitter and pop up ads.