Say it three times, spoken unbroken: Privacy Reforms, Privacy Reforms, Privacy Reforms. 

13/09/2024

reforms

Today the long awaited first tranche of amendments to the Privacy Act 1988 (Cth) (Privacy Act) entered parliament. The Privacy and Other Legislation Amendment Bill 2024 (Bill) was introduced and read for a first time today in the House of Representatives.  

In the Explanatory Memorandum to the Bill, the Attorney-General conceded that to date, the Privacy Act has not kept pace with the widespread adoption and reliance on digital technologies here in Australia, acknowledging that this has lead to significant online harms including data breaches, fraud, identity theft unwanted surveillance and even doxing. 

The Bill will implement 23 of the 25 legislative proposals that were agreed in the Government Response to the Privacy Act Review released almost a year ago.  

Among these 23 reforms are: 

  • Enhanced enforcement powers of the Office of the Information Commissioner (OAIC) including powers of investigation and public inquiry, power to develop APP Codes at the direction of the Minister and powers to tailor civil penalties to the seriousness of a privacy breach 
  • Requirement for OAIC to develop a Children’s Online Privacy Code within the first two years of the Bill’s commencement 
  • Statutory cause of action (tort) for serious invasions of privacy 
    • Amendments to the Criminal Code Act 1995  (Cth) to introduce new offences targeting the release of personal data using a carriage service in a manner that would be menacing or harassing – a practice known as ‘doxxing’ 
  • Creation of a civil penalty provision for “serious” interferences with privacy and a list of factors to determine seriousness which include the sensitivity of the information involved, consequences, vulnerability of the affected individuals, whether it was a repeated interference and the number of individuals affected. 

However, one of the biggest changes to the Privacy Act which has made its way into this first suite of reforms is an update to APP 1 – Open and transparent management of personal information regarded automated decision making. The Bill introduces a new requirement for APP entities to include information in their Privacy Policy which addresses: 

  • the kinds of personal information used in the operation of computer programs and  
  • the kinds of decisions or parts that inform a decision made solely by the operation of a computer program  

In practical terms this means if you use AI or other automated tools to process information and make decisions that affect your customers you need to be transparent about it. 

OAIC have released a statement saying they “welcome” the Bill as a “first step” in privacy reforms. Australian Privacy Commissioner Carly Kind has said the Bill contains “important initiatives that will have benefits for the Australian community” but noted “much more needed to be done”. 

Please get in touch with our experienced privacy team to discuss what these reforms mean for you and your agency or business. 

Parental Leave for Casual Employees

For casual employees the unpredictability of their employment can be a major source of stress as often casual employees miss out on many of the entitlements that full-time and part-time employees enjoy. For many, this concern is further exacerbated when they learn that they are about to become a parent. It should therefore be of …
Read more

Purchasing an Off-the-Plan Property

The interest in “off-the-plan” properties is ever increasing and is becoming more popular for buyers. An off-the-plan purchase is one where the Buyer enters into a contract to purchase a property that has not yet been constructed. Due to the prolonged settlement period for an off-the-plan purchase it is imperative for buyers and sellers to …
Read more