By Cameron Abbott, Rob Pulham and Stephanie Mayhew
Under proposals 4.1-4.4 of the Report, changes to broaden the definition of Personal Information are on the horizon. Under the proposed amendments, the word “about” in the definition of Personal Information will be amended to “relates to”. That is – “information or an opinion that relates to an identified individual…”. This brings the definition in line with other legislative frameworks that regulate privacy and ensures consistency with the language used in the GDPR definition of ‘Personal Data’.
Amendment of the definition of ‘collection’ is also proposed to expressly cover information obtained by any means, including inferred or generated information. The Report also states that ‘reasonably identifiable’ should be supported by a non-exhaustive list of circumstances to which APP entities will be expected to have regard to in their assessment of what is ‘Personal Information’.
What does this mean for my organisation?
With such a broader interpretation, APP entities will need to have regard to a larger set of information that could fall within the definition. This will see information such as mobile location data, IP addresses, social media handles, mobile advertising IDs and other technical information more clearly fall within the definition.