On 23 May 2012, the Commonwealth Government introduced its
legislation to implement the first stage of its reforms to
Australia's privacy laws. The Privacy Amendment (Enhancing
Privacy Protection) Bill was introduced into Parliament after
a lengthy consultation and review process, by the Australian Law
Reform Commission, the government and a number of Senate
committees. We have previously written about the
proposals for change.
This is the first stage of the Government's responses to 197
of the ALRC's 295 recommendations on changes to Australian
privacy law and practice.
The Bill if implemented will do the following:
Create a unified set of Australian Privacy Principles (APPs)
that will act as a single set of rules applying to Commonwealth
agencies and private sector organisations. The APPs will replace
the National Privacy Principles (NPPs) for the private sector and
the Information Privacy Principles (IPPs) for the public
Improved privacy protections in the credit reporting provisions
to ensure greater logical consistency, simplicity and clarity
throughout the Act. A key feature of the provisions will allow
credit providers access to additional personal information to
assist them in establishing an individual's credit
Greater powers granted to the Privacy Commissioner to create
and register codes that are in the public interest in relation to
privacy and credit reporting. These codes will be binding on
specified agencies and organisations.
Increase and clarify the functions and powers of the Privacy
Commissioner, including strengthening powers to resolve
Businesses dealing with health related information will also be
held to a higher standard.
An ability to make a complaint directly to the Commissioner,
without first having to complain to the business concerned.
Ultimately, the amendments seek to provide greater clarity in
relation to privacy obligations of organisations and provide
increased safeguards for consumers in relation to the use of
personal information, particularly for direct marketing or
If the Bill is approved by both Houses of Parliament, the
amendments may come into effect in 2013.
The government will then commence on the second phase of
amendments, dealing with some of the more contentious issues raised
by the ALRC, including mandatory reporting of breaches, and a cause
of action for breach of privacy.
Australian ISPs and telcos will be required to retain prescribed consumer metadata for a minimum period of two years.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”