If your answers to the above questions are “I don’t know” or “no”, then you have some catching up to do.
The 13 Australian Privacy Principles (APPs) commenced on 12 March 2014. They regulate the handling of personal information by Australian government agencies and private sector organisations with an annual turnover of $3 million or more (“APP Entity”). The 13 APPs are contained in schedule 1 to the Privacy Act 1988.
An APP Entity must have a clearly expressed and up to date policy about its management of personal information. The policy must include the following information (amongst other things):-
- the kinds of personal information that the entity collects and holds;
- how the entity collects and holds personal information;
- the purposes for which the entity collects, holds, uses and discloses personal information;
- how an individual may access personal information about the individual that is held by the entity and seek the correction of such information;
- how an individual may complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds the entity, and how the entity will deal with such a complaint.
- a statement that personal information is collected pursuant to section 118 of the Strata Schemes Management Act;
- the reasons why personal information is collected;
- how personal information is used;
- when personal information will be disclosed, including that it may be disclosed to third parties under s 108 and 109 of the Act;
- what to do about updating personal information, or correcting inaccurate personal information.
This list is not exhaustive.
We suggest you obtain professional advice and assistance when it comes to reviewing and updating your privacy policies and privacy statements. For strata managers, such assistance should come from a lawyer familiar with strata law, practice and procedure.