Over the last three years, the Attorney-General’s Department has conducted a Review of the Privacy Act 1988 (Cth). On 28 September, the Government Response to the Privacy Act Review Report was published. This Government Response comes eight months after the Attorney-General’s Department published the Privacy Act Review Report 2022, a 320-page document outlining 116 recommendations and proposals resulting from extensive stakeholder, academic, and public consultation.
With the rise of the digital economy, Australians have embraced technological advancements for work, health, education, and connecting with loved ones. While innovation and productivity have soared, we’ve also witnessed significant data breaches, putting many at risk. Thus, the Government Response to the Privacy Act Review Report, addressing each of the 116 proposals, is a timely update, highlighting Australia’s determination to overhaul domestic privacy laws and to remain relevant in today’s digital landscape.
In looking more closely at the proposals the Government is considering, we would like to draw specific attention to just a few. Pleasingly, the Government has agreed in principle to amend the information protected by the Privacy Act to ensure that the ‘personal information’ has a more appropriate and detailed definition, including technical and inferred information (proposal 4.1). The Government has also agreed in-principle to explore further how the concept of de-identification should be defined in the Privacy Act (proposal 4.5).
One area of the Privacy Act that has been debated over the years has been the small business exemption, where businesses with an annual turnover of less than AUD$ 3 million were exempt from the Act’s scope (proposal 6.1). Notably, the Government, in their Response, has agreed in-principle that this exemption should be “removed in light of the privacy risks applicable in the digital environment”.
To improve information management governance processes and systems, the Government has agreed in-principle that entities should be required to appoint or designate a senior employee who will have specific responsibility for privacy compliance within the organisation (proposal 15.2). The Government also agreed that entities should be required to take reasonable steps to ensure personal information collected by third parties was legally collected (proposal 13.4).
🌐 Other Key Highlights of this Response include:
- Digital Evolution: Privacy reforms will modernise the Privacy Act for the digital age.
- Enhanced Protections: There will be an uplift in protections, focusing on handling information within community expectations and enhanced security measures.
- Clarity & Simplicity: The reforms aim to provide clearer guidelines for entities and reduce inconsistencies across different legal frameworks.
- Increased Control for Individuals: Improved transparency and consent mechanisms will be introduced, along with new rights concerning personal information.
- Strengthened Enforcement: The OAIC will receive augmented enforcement powers, and courts will have an extended scope in civil penalty proceedings.
As the Government Response outlines, the next phase promises meticulous analysis and further consultation with stakeholders to ensure the best outcomes for both consumers and businesses.
Stay tuned as the Government is set to introduce new legislation to protect personal information in 2024! 🛡️