Significant changes to the Privacy Act 1988 (Cth) came into effect on 12 March 2014. In particular, there are 13 new Australian Privacy Principles (APPs) which regulate the handling of personal information by Australian organisations with an annual turnover of $3 million or more, and some other organisations such as health service providers and government agencies. For private sector organisations, the APPs replace the National Privacy Principles (NPPs).
The APPs cover the collection, use, disclosure and storage of personal information. They allow individuals to access their personal information and have incorrect information corrected. Some of the APPs differ substantially from the NPPs. For example, there are now separate APPs that deal with the use and disclosure of personal information for the purpose of direct marketing (APP 7), and cross-border disclosure of personal information (APP 8).
The Office of the Australian Information Commissioner (OAIC) has released a number of publications and guidelines [PDF, 690 KB] about the new privacy regime.