2019---03---27---Pigott-Stinson---Homepage_02

This Article was first published in Club Life

Why does your club need to pay attention to the upcoming amendments to the Privacy Act? Coming into force on 12 March, 2014, the Privacy Amendment (Enhancing Privacy Protection) Act 2012 brings with it what has been heralded as the greatest reforms in the Privacy Act’s 25 year history. Amongst other reforms, the National Privacy Principles will be replaced by a new set of Australian Privacy Principles and the Privacy Commissioner will be given much greater powers.

Almost all clubs understand the importance of privacy on a basic level. They have a privacy policy, they store personal information securely, and they seek advice if someone is asking for a copy of information held by the club. However, come 12 March, 2014 and this basic compliance will no longer be sufficient (if it ever was). So, will your club be covered? The Australian Privacy Principles will apply to all organisations. There is an exemption for small businesses with an annual turnover of less than $3 million however this exemption won’t apply to a club if it operates gaming machines. Why? This is because the club is providing “designated services” for the purposes of the Anti-Money Laundering & Counter-Terrorism Financing Act.

Why should your club be concerned about the amendments? Firstly, (as the Privacy Commissioner will tell you) it’s good for business. Patrons certainly don’t take kindly to their personal information being disclosed or misused, and a problem could mean considerable negative publicity for the club. Furthermore, dealing with a complaint is not only costly but time consuming. Secondly, the Privacy Commissioner will have new enforcement powers including the ability to apply for civil penalty orders of up to $340,000 for individuals and up to $1.7 million for companies.

In a speech earlier this year, the Australian Privacy Commissioner, Timothy Pilgrim, made clear his position, stating “I will not be taking a softly softly approach to these new powers.” Accordingly, clubs need to be ready by the commencement date.

Privacy by Design

The term ‘Privacy by Design’ isn’t mentioned in the Act or the Amendment. However, if a club can apply the concept, it’s much more likely to avoid being in breach of its privacy obligations. Essentially, privacy by design is the idea that privacy is considered at the design stage of, and throughout, all practices and procedures as opposed to merely being considered once a complaint has been made.

The concept of privacy by design is captured in the new Australian Privacy Principle 1.2 which provides that a club must take such steps as are reasonable in the circumstances to implement practices, policies, and procedures that:

  • Ensure the club complies with the Australian Privacy Principles; and,
  • Enables the club to deal with inquiries or complaints regarding compliance with the Australian Privacy Principles.

This requires a club to be proactive in its approach. Instead of thinking, “This is what we’ve always done, so do we need to change?” ask yourself, “If we are starting a new club and one of our greatest concerns is privacy, what systems, procedures, and practices should we put in place?” These are not easy questions and considering the amount of regulation that clubs need to traverse, it’s vital that clubs commence their privacy audits now.

This may all sound a bit over the top but clubs are used to regulation – whether it be under the Registered Clubs Act, Corporations Act, Liquor Act, or Gaming Machines Act. Now, with the Privacy Commissioner’s new powers, the Privacy Act may well be brought to the front of the queue.

For more information contact Matt Goodwin on m.goodwin@pigott.com.au

This article is intended to provide general information in summary form on a legal topic, current at the time of publication.  The contents do not constitute legal advice and should not be relied on as such. Formal legal advice should be sought in specific circumstances.