All organisations doing business in Australia will be affected by proposed changes to the Privacy Act.
What do you need to do?Review the ALRC's recommendations and see how they will affect your organisation. Be ready to make submissions on draft legislation.
Partner
T +61 3 9643 4129
Andrea Beatty
Partner
T +61 2 9296 2068
Sydney
Andrea Beatty
Patrick Gunning
James Moore
Melbourne
Katherine Forrest
Ros Grady
Lisa Huett
Cheng Lim
Perth
Nicholas Creed
Brisbane
Nicole Heller
Canberra
Adam Bartlett
Author
James Moore
The Australian Law Reform Commission has today recommended major changes to privacy laws, affecting all private sector entities. Within 12 to 18 months, the Federal Government will replace the National Privacy Principles, changing how organisations can collect and use personal information. Special requirements will apply to health and credit information, with enhancements to the scope of credit reporting. The Privacy Commissioner will also be given new enforcement powers. After these reforms are implemented, further major reforms (such as mandatory breach reporting and the implementation of a statutory cause of action for invasion of privacy) would be considered.
ALRC report
The reforms were proposed in the long-awaited Australian Law Reform Commission (ALRC) Report, For Your Information - Australian Privacy Law and Practice (ALRC Report).
The ALRC Report makes 295 recommendations designed to simplify Australia’s privacy laws, and to respond to technological developments and changing community standards.
First stage of reforms
The Cabinet Secretary and Special Minister of State, Senator John Faulkner, confirmed that the Government would seek to legislate for a first stage of reforms within 12 to 18 months, including the following:
- unified privacy principles the existing national privacy principles would be replaced with unified privacy principles, covering both private sector and public sector entities throughout Australia
- more comprehensive credit reporting the information that can be included in credit reports would be expanded to include the kinds of credit facilities held by a borrower, the current credit limits, and possibly repayment history
- Privacy Commissioner’s powers the Privacy Commissioner will be given additional powers, including to undertake compliance assessments, issue compliance notices, seek civil penalties and accept enforceable undertakings
- cross border data flows an organisation that sends personal information offshore will usually continue to be responsible for all uses and disclosures of the information offshore.
Proposals to be implemented in a second stage of reforms
In a second stage of reforms, the Government will consider implementing other recommendations, such as:
- a statutory cause of action for invasion of privacy
- mandatory reporting of privacy breaches
- removing exemptions for small business, employee information and political parties
- a general redrafting of Part 13 of the Telecommunications Act 1997 and other privacy-related changes to the Act.
We will continue to keep you informed about these important developments in further alerts and seminars.