Narelle Smythe talks to BRR Media about the Federal Government's first tranche of privacy reforms.
Hello and welcome to BRR Legal Brief where we bring you the latest legal issues affecting corporate Australia. I'm Kate Ritchie and today we're looking at privacy reform, with the Attorney-General, Nicola Roxon introducing a bill into Parliament this week which aims to strengthen privacy protection in Australia.
Joining me to discuss the bill and of course what it will mean for the business community is Narelle Smythe, who is a partner at Clayton Utz. Thank you so much for joining us in the studio.
Well Narelle before we look at what it will mean for the corporate community, what are the major changes being introduced?
Well the main changes are firstly, it introduces a single set of principles called Australian privacy principles. They'll apply both to Commonwealth public agencies and also the private sector and they set obligations in relation to personal information covering things like privacy policies, collection of information, how you deal with the information, storage of information, security of information, access to information. Essentially, the principles cover the life cycle of the handling of personal information so they're very extensive.
Secondly, the second major change is in relation to credit reporting. The current system has limits on the information that can be allowed into the system. Those limits have been expanded – so there will now be more information that's permitted to go into the credit reporting system with the objective of enabling credit providers to be able to make better assessments of credit risk.
Thirdly, there are new provisions relating to the powers of the Privacy Commissioner and other provisions relating to privacy codes. So all in all there are fairly extensive and significant changes.
Do you think it's a big development in terms of protecting privacy in Australia?
Certainly it's a milestone and it's been the culmination of a long process. This process started in 2006 with the Australian Law Reform Commission being asked to conduct an inquiry, so as I said it's been a very long process and a very significant milestone to have the Bill finally released.
Narelle you mentioned that there were quite a few changes to the credit reporting scheme. Are they positive changes?
In my view, yes. They will give credit providers more information to enable them to assess an individual's creditworthiness. It dovetails in with amendments to some credit legislation of a few years ago which required lenders to make responsible lending assessments so they now will have under this Bill greater information to be able to make those credit assessments and better assess credit risk, with the benefit being that hopefully to reduce over-indebtedness in the community.
You've mentioned that it's aimed at strengthening privacy protection – what happens if the Act is breached? What kind of penalties might be imposed?
The Bill imposes quite a range of civil penalties – that's been one of the big changes and it essentially reflects the view that significant breaches of privacy should attract significant penalties.
The Bill also indicates that the court must take into account a range of factors when determining a penalty, so it will look at things like the seriousness of the breach, any loss or damage that's been suffered by people affected by the breach and also things like how many previous breaches and organisations may have been involved in. So effectively the seriousness and significance of the penalty will reflect the seriousness of the significance of the breach and the number of any previous breaches.
Finally, obviously it's still in Bill form. If the changes do come through should corporates be getting ready now and what are your top tips for preparing?
As I said the Bill covers information collection and handling practices so the number one thing is obviously for businesses to look at their information collection and handling practices, what is it that they're doing. There's a range of matters that will affect them – for example, there are prohibitions on things like direct marketing, requirements for people to be able to deal with you under a pseudonym or anonymously – so they're the sorts of things that organisations have to look at, look at the information collection and handling processes and assess the degree to which they're compliant and obviously take steps to achieve compliance where they're not.
Well some good advice for business there. Thank you so much for joining us today.
And viewers thank you for joining us as well. We hope that you can join us next week for our Legal Brief.
You might also be interested in...
- Introduction of Privacy Bill to Parliament
- Proposed changes to Australian privacy laws
- Privacy reforms: Government releases draft of new Australian Privacy Principles
- A right to sue for invasion of privacy? The Australian Government's privacy Issues Paper
Clayton Utz communications are intended to provide commentary and general information. They should not be relied upon as legal advice. Formal legal advice should be sought in particular transactions or on matters of interest arising from this bulletin. Persons listed may not be admitted in all states and territories.