The first tranche of reforms to the Privacy Act 1988 (Cth) were recently tabled in Parliament with the objective to promote the protection of privacy and personal information in an everchanging digital age.
Now is the time for businesses to ensure they have appropriate privacy and data security policies and procedures in place in the lead up to the anticipated changes to the Privacy Act.
The Privacy and Other Legislation Amendment Bill 2024 (Cth) was recently introduced to Parliament following a review by the Attorney General’s Department (AGD) that emphasised the need for an enhanced privacy framework fit for a digital age.
The recommended reforms target two key areas: digital environment and anti-social behaviours.
Key reforms include:
- Greater transparency for automated decision-making: Organisations will be required to provide reasoning to individuals on how they use their personal information to substantially and directly make decisions using automated programs such as AI.
- Mechanisms for cross border data sharing: Simplifying the flow of data from Australia to an overseas recipient who is subject to a similar prescribed law or binding scheme. Currently Australian entities may be liable for any act or practice by the recipient that would breach the Australia Privacy Policy (APP) from the disclosure of that information.
- Broader enforcement powers to privacy regulator: The Office of the Australian Information Commissioner (OAIC) will gain increased authority to investigate breaches, enforce compliance and impose penalties on organisations that violate privacy regulations, enhancing regulatory oversight and accountability.
- Streamline information sharing in case of emergency or data breach: Efficient exchange of information during emergencies or after significant data breaches.
Other reforms include: - Criminal offences for ‘doxxing’ activities: Two new criminal offences will be created if it is found that an offender has published or otherwise distributed personal data in a way that could be regarded as menacing or harassing.
- Statutory Tort for invasion of privacy: Individuals will be able to seek legal redress if it is believed that their privacy was seriously invaded without consent.
- Children’s online privacy code: A creation of a Children’s Privacy Code that will enhance protections surrounding the collecting, use and disclosure of children’s personal information.
Key takeaways:
While the proposed bill has excluded a significant portion of the proposed recommendations produced by the Attorney-General’s report, it does provide groundwork for substantial future changes.
It can be anticipated that more reforms will be tabled in the forms of Tranche 2 and 3, however timing of these changes is unknown given the upcoming Federal Election.
To ensure you don’t get ‘logged out’ of your personal information, organisations will need to begin reviewing and updating their privacy policies. Businesses are encouraged to have correct processes in place when handling personal information, in particular determining how much they rely on personal information for automated decision making. We also recommend being across the new statutory torts and criminal offences and begin implementing changes to comply with the upcoming Children’s Privacy Code and updated security and transfer protocols.
Material in this article is available for information purposes only and is a high level summary of the subject matter. It is not, and is not intended to be, legal advice. Hazelbrook does not guarantee the accuracy of the information provided. You should first obtain professional legal advice prior to taking any action on the basis of any information contained in this article. This article is copyright. For permission to reproduce this article please email Hazelbrook Legal: enquiry@hazelbrooklegal.com