There has been significant debate recently regarding the
adequacy of the Privacy Act 1988 (Cth) (the
Privacy Act), particularly in light of recent high
profile Australian and international privacy breaches and the
impact of new technologies.
An Australian Law Reform Commission (ALRC) report in 2009
recommended significant changes to the Privacy Act.
On 23 May 2012, proposed changes to the Privacy Act were
introduced to Parliament as the Privacy Amendment (Enhancing
Privacy Protection) Bill 2012 (the Bill), which
responded to many of the reforms proposed in the 2009 ALRC
The proposed changes to the Privacy Act in the Bill include:
a single set of privacy principles for both the private sector
and government organisations to comply with, known as the
Australian Privacy Principles (APPs), which will
replace the current Information Privacy Principles (for government
organisations) and the National Privacy Principles (for the private
new obligations regarding the transfer of information overseas,
including where information is stored with a cloud service provider
located overseas and that the liability for a privacy breach will
primarily lie with the transferring organisation (even if
contractual provisions are in place requiring the overseas third
party organisation to meet the Australian Privacy Act
more restrictive provisions regarding the use and disclosure of
personal information for direct marketing purposes;
significantly revised provisions regarding credit reporting
greater powers for the Australian Information Commissioner to
enforce the Privacy Act, including the power to conduct privacy
assessments or investigations on its own accord, to accept
enforceable undertakings by organisations, and to seek civil
penalty orders for breaches of an individual's privacy of up to
These proposed changes will affect most public and private
sector organisations. Affected businesses will need to be aware of
their changing obligations and amend their existing privacy
policies accordingly. In particular, businesses that meet one or
more of the following criteria need to review current privacy
policies in light of the changes:
businesses that use offshore data providers;
businesses that engage in direct marketing; and/or
businesses that collect and use credit information.
The draft Bill is currently before the House of Representatives,
and has been referred to the House Standing Committee on Social
Policy and Legal Affairs and the Senate Legal and Constitutional
Affairs Legislation Committee. The Senate Committee is due to
report on the draft Bill by 14 August 2012 and the House Committee
is due to report back on 21 September 2012.
Hall & Wilcox will monitor the progress of the Bill and
provide further updates.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Those types of personal disclosure may still be permitted under the Privacy Act as long as your house is in order.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).