Changes introduced in the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022

06/08/2024

The Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022, which commenced on 13 December 2022, introduced targeted measures to enhance the Office of the Australian Information Commissioner (OAIC)’s ability to regulate in line with community expectations and protect Australians’ privacy in the digital environment.  

The Amendment includes changes to three different Acts: 

  1. Australian Communications and Media Authority Act 2005; 
  • Australian Information Commissioner Act 2010; 
  • Privacy Act 1988. 

The Amendment introduced significantly increased penalties for serious and or repeated privacy breaches and greater powers for the OAIC to resolve breaches. The OAIC can now request information in relation to an actual or suspected eligible data breach of an entity or an entity’s compliance with the requirements set out in the Notifiable Data Breach (NDB) scheme, and can publish certain information publicly if it is in the public interest to do so. The OAIC and the Australian Communications and Media Authority (ACMA) may also share information with other enforcement bodies, including foreign data protection authorities.  

Companies that fail to take adequate care of customer data now face much higher penalties under the Amendment. The Amendment increases the maximum penalties for serious or repeated privacy breaches from the previous $2.22 million to whichever is the greater of: 

  • $50 million; 
  • three times the value of any benefit obtained through the misuse of information; or 
  • 30 per cent of a company’s adjusted turnover in the relevant period. 

Maximum civil penalty for individuals also increased from the previous $444,000 to $2.5 million. 

The Amendment expands the entities captured by removing the requirement for an entity to collect or hold personal information in Australia to instead capture all entities that have an Australian link. Now, any foreign entity carrying on a commercial activity in Australia will be captured by the Privacy Act to ensure the Privacy Act can be enforced against global technology companies who may process Australians’ information on servers offshore. 

For further information contact us at enquiries@griffinlegal.com.au 

Contact Us

Related Articles

Parental Leave for Casual Employees

For casual employees the unpredictability of their employment can be a major source of stress as often casual employees miss out on many of the entitlements that full-time and part-time employees enjoy. For many, this concern is further exacerbated when they learn that they are about to become a parent. It should therefore be of …
Read more

Purchasing an Off-the-Plan Property

The interest in “off-the-plan” properties is ever increasing and is becoming more popular for buyers. An off-the-plan purchase is one where the Buyer enters into a contract to purchase a property that has not yet been constructed. Due to the prolonged settlement period for an off-the-plan purchase it is imperative for buyers and sellers to …
Read more