Most Read Contributor in Australia, September 2016
On 12 June 2013, the Attorney-General called on the Australian
Law Reform Commission (ALRC) to make a further enquiry into the
protection of privacy in the digital era.
In an earlier ALRC report into privacy in 2008, the ALRC
considered broadly the legal rights that individuals might have to
protect and to sue for breach of privacy. The 2008 ALRC report made
it clear that there was very little consensus on how such a right
should operate, if at all. A number of submissions were made
including whether there should be a tort or there should be a
statutory right to damages. In the light of the conflicting views,
the Attorney-General has now issued new terms of reference to the
ALRC to consider serious invasions of privacy in the digital era,
and to make recommendations regarding:
innovative ways in which the law may reduce serious invasions
the necessity of balancing the value of privacy with other
fundamental rights of expression and open justice; and
to provide a detailed legal design for a statutory cause of
action for a serious invasion of privacy, which would outline all
of the key elements.
It is clear then that while a number of reforms recommended by
the ALRC in 2008 will take effect in March 2014, including changes
to credit reporting, the introduction of a unified set of
Australian Privacy Principles and possibly mandatory notification
of significant breaches of privacy as set out in the current bills
it is likely that any right of action for damages for breach of
privacy would be deferred well into the future.
Notwithstanding the lack of ability for individuals to sue for
damages under the Privacy Act there have been a number of class
actions in the United States where individuals have sued companies
under the equivalent of the "misleading and deceptive
conduct" provisions of their consumer protection law. While
such a claim has not been made yet in Australia, in the event that
there were sufficient damages such as identity theft and credit
card fraud that an individual could not recover from the credit
card company, it is possible that damages actions for misleading
and deceptive conduct may be made.
Currently there is a class action in Ontario, Canada, against a
hospital that did not keep patient records secure. In that
instance, the claim is based partly on misleading and deceptive
conduct, and partly on breach of implied contract terms by the
hospital, which had established and published a charter for
security of patient rights and is said to have breached that
charter by not keeping the patient records secure.
We look forward to hearing what the ALRC has to say not only
about remedies for breaches of privacy but if any legal safeguards
can be put in place to prevent breaches. The report is due to be
provided to the Attorney-General by June 2014.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Those types of personal disclosure may still be permitted under the Privacy Act as long as your house is in order.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).