Substantial Privacy Act Reform??
Recent Developments
As released on the 28th September 2023.... all Australian businesses are set to be impacted by the Federal Government’s commitment to stronger data privacy protections in its response to the review of the Privacy Act.
The review by the federal government, held after several high-profile data breaches last year, considered how to respond to the breaches and strengthen the Privacy Act 1988, which was created well before the technological advancements of the 21st century.
The Federal Government has responded and agreed in-principle with many of the proposals, one of which includes reversing the exemption of small businesses (turnover less than $3 Million) from the Privacy Act.
As Attorney-general, Mark Dreyfus, reported
..."Privacy reform will complement other critical reforms being progressed by the Government, including;
- Digital ID,
- The 2023-2030 Australian Cyber Security Strategy,
- The National Strategy for Identity Resilience, and
- Supporting Responsible AI in Australia".
What’s next?
The proposals in the Report are not new legislation; there is more consultation to go before we have a Bill to digest. The Government is seeking feedback on the proposals in the Report before deciding how to proceed. Feedback on the Report is due by 31 March 2023.
What the proposals will mean for businesses
If enacted as law, the proposals will have substantial impacts on Australian businesses, In particular;
- The removal of the small business exemption.
- Information which is not currently protected (eg. IP addresses, device identifiers, other online identifiers, geolocation information and genomic information), may soon be protected by the Privacy Act.
- Businesses may face increased penalties and disputes/litigation due to the introduction of new civil penalty provisions and increased personal rights.
- Businesses will have to respond to data breaches faster (they will have to notify the OAIC of a suspected eligible data breach within 72 hours).