Search 
Mallesons Stephen Jaques
Who does this affect?

All organisations doing business in Australia will be affected by proposed changes to the Privacy Act.

What do you need to do?

Review the ALRC's recommendations and see how they will affect your organisation. Be ready to make submissions on draft legislation.

Author
James Moore  
Special Counsel
Katherine Forrest  
Partner
T +61 3 9643 4129
Andrea Beatty  
Partner

Sydney
Patrick Gunning  
James Moore  

Melbourne
Katherine Forrest  
Lisa Huett  
Cheng Lim  

Perth
Nicholas Creed  

Brisbane
Nicole Heller  

Canberra
Adam Bartlett  

Major privacy reforms proposed by ALRC - 11 August 2008

The Australian Law Reform Commission has today recommended major changes to privacy laws, affecting all private sector entities. Within 12 to 18 months, the Federal Government will replace the National Privacy Principles, changing how organisations can collect and use personal information. Special requirements will apply to health and credit information, with enhancements to the scope of credit reporting. The Privacy Commissioner will also be given new enforcement powers. After these reforms are implemented, further major reforms (such as mandatory breach reporting and the implementation of a statutory cause of action for invasion of privacy) would be considered.

ALRC report

The reforms were proposed in the long-awaited Australian Law Reform Commission (ALRC) Report, For Your Information - Australian Privacy Law and Practice (ALRC Report).

The ALRC Report makes 295 recommendations designed to simplify Australia’s privacy laws, and to respond to technological developments and changing community standards.

First stage of reforms

The Cabinet Secretary and Special Minister of State, Senator John Faulkner, confirmed that the Government would seek to legislate for a first stage of reforms within 12 to 18 months, including the following:

  • unified privacy principles the existing national privacy principles would be replaced with unified privacy principles, covering both private sector and public sector entities throughout Australia
  • more comprehensive credit reporting the information that can be included in credit reports would be expanded to include the kinds of credit facilities held by a borrower, the current credit limits, and possibly repayment history
  • Privacy Commissioner’s powers the Privacy Commissioner will be given additional powers, including to undertake compliance assessments, issue compliance notices, seek civil penalties and accept enforceable undertakings
  • cross border data flows an organisation that sends personal information offshore will usually continue to be responsible for all uses and disclosures of the information offshore.

Proposals to be implemented in a second stage of reforms

In a second stage of reforms, the Government will consider implementing other recommendations, such as:

  • a statutory cause of action for invasion of privacy
  • mandatory reporting of privacy breaches
  • removing exemptions for small business, employee information and political parties
  • a general redrafting of Part 13 of the Telecommunications Act 1997 and other privacy-related changes to the Act.

We will continue to keep you informed about these important developments in further alerts and seminars.

This publication is only a general outline. It is not legal advice. You should seek professional advice before taking any action based on its contents.