Privacy Act Reform update

The Commonwealth Attorney General has announced details of the next phase of privacy reform. Background.

The Government will bring forward legislation in early August to outlaw the release of private information online with an intent to cause harm (known as doxxing), and overhaul the Privacy Act to give all Australians and particularly women who are experiencing domestic and family violence greater control and transparency over their personal information.

The term ‘doxxing’ encompasses a number of practices, including revealing the identity of someone who was previously anonymous, revealing specific information about someone that allows them to be contacted or located.

The Government is also considering a range of proposals that would entrench Privacy by Design Principles into the Commonwealth framework.

This includes requiring that privacy notices should be clear, up-to-date, concise and understandable.

The introduction of a ‘fair and reasonable’ test would apply to the collection, use and disclosure of personal information by entities.

The Government is also considering options to respond to recommendations in relation to high risk privacy practices, by expanding the range of entities required to conduct Privacy Impact Assessments for activities with high privacy risks.

These include instances involving new or changed ways of handling personal information that have a significant impact on the privacy of individuals – such as certain kinds of facial recognition technology, or the use of biometric information for identification when used in public spaces.

The Government has also agreed that the types of personal information to be used in substantially automated decisions which have a legal, or similarly significant effect on an individual’s rights should be clearly outlined in privacy policies.

There will also be a right for individuals to request meaningful information about how these decisions are made.

The Government has agreed-in-principle that a statutory tort for serious invasions of privacy should be introduced, to complement the Privacy Act protections.

Based on recommendations made by the Australian Law Reform Commission in 2014, the proposed tort would regulate a broader range of privacy harms, such as the physical intrusion into an individual’s private space, and would extend to individuals and entities who are not otherwise required to comply with the Privacy Act.

The proposed tort will be designed so that privacy protection is appropriately safeguarded and balanced with other rights, including freedom of speech and freedom of the media.

The Government has also agreed-in-principle that individuals should have more direct access to the courts to seek remedies for breaches of the Privacy Act through a direct right of action.

The direct right of action would enable individuals who suffer loss or damage as a result of an interference with their privacy to seek compensation.

The Government is also considering requiring entities to develop maximum and minimum retention periods for personal information they hold and specifying these in their privacy policies.

If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.

David Jacobson

Author: David Jacobson
Principal, Bright Corporate Law
About David Jacobson
The information contained in this article is not legal advice. It is not to be relied upon as a full statement of the law. You should seek professional advice for your specific needs and circumstances before acting or relying on any of the content.

Print Friendly, PDF & Email

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.