Australian privacy law has undergone significant changes over the past few years but 2022 in particular saw increased scrutiny of Australia’s current privacy law framework. In the wake of high-profile cyber attacks on companies such as Optus and Medibank, the government came under increasing pressure to boost funding to the Office of Australian Information Commissioner (OAIC). This resulted in the introduction of new regulatory changes including increases to maximum penalties for serious or repeated interferences with an individual’s privacy, expanded powers for the OAIC, and a revision of the test for extra-territorial application of the Privacy Act 1988 (Cth). All of these changes indicate how the area of privacy law is one which is constantly evolving, meaning privacy lawyers need to keep up-to-date with all of the latest laws and regulations.
The main pieces of legislation privacy lawyers need to know in order to assist their clients are the Privacy Act 1988 (Cth), the Australian Privacy Principles, the Notifiable Data Breaches Scheme, the My Health Records Act 2012 (Cth), and the Spam Act 2003 (Cth). Knowledge of the APPs are important for privacy lawyers when drafting and reviewing privacy policies, as these 13 principles set out how personal information is collected, used, and disclosed, as well as an individual’s right to access personal information.
This year will see potentially even more significant changes following the federal government’s release of the Attorney General’s Privacy Act Review Report on 16th February 2023. The 116 proposals in the report include an amended definition of consent, a broader definition of personal information, a direct cause of action for individuals to enforce their rights in the Federal Court and the Federal Circuit and Family Court of Australia, and an introduction of a right to erase data. Notably, it also proposes the concept of processors and controllers, which would bring Australian privacy law in line with the General Data Protection Regulation (GDPR) in the EU. The introduction of a statutory tort of privacy for serious invasions of privacy is also proposed by the report.
Whilst it is not yet known which proposals will be adopted, it is critical now more than ever for businesses to ensure they have the necessary measures in place to safeguard the data they hold and stay compliant with privacy laws. At Arnotts Technology Lawyers, our privacy expert lawyers can help you conduct privacy impact assessments to identify potential privacy risks, as well as drafting and reviewing privacy policies, security policies, data breach response plans and data processing agreements. Get in touch with us today or call us on 1800 749 294.