Snapshot: After another year in the spotlight, privacy and data
protection is set to be an area to watch in 2016
There is no doubt that Australia's privacy laws, both
Commonwealth and State, continued to be tested in 2015.
Public interest in the balance of privacy regulation versus
personal freedom is not likely to wane in the coming 12 months.
Cyber-security and how organisations deal with data breaches
remains one of the most pressing issues.
Following several high profile privacy breaches in 2015 all
businesses were again reminded that having a data breach response
plan in place is essential.
You can read more about a popular toy brand's woes
here and how two major retail chains were swept up in data
2015 saw the Commonwealth Privacy Commissioner issue his first
two enforceable undertakings: one to telecommunications company
TeleChoice (read more
here) and the other against another telco provider, Optus
here to read our article on this).
Both the Commonwealth Privacy Commissioner and the NSW Privacy
Commissioner issued guidance on Privacy governance, see
here and here.
And there was movement at a legislative level with the Privacy
and Personal Information Protection Amendment (Exemptions
Consolidation) Bill 2015 passing through both houses of the NSW
Parliament. This Bill incorporates into the Privacy and Personal
Information Protection Act 1998 (NSW) a number of public interest
directions made by the NSW Privacy Commissioner.
Two of the main changes are to:
allow public sector agencies to disclose personal information
to interstate persons/bodies or Commonwealth agencies for certain
extend the meaning of investigative agency to include certain
additional public sector agencies with investigative functions or
that conduct investigations on behalf of other public sector
agencies with investigative functions.
What's next for privacy and data protection?
The issue of mandatory notification of serious data breaches has
been put under the spotlight with the release late last year of a
discussion paper, consultation draft explanatory memorandum and
exposure draft by the Commonwealth Attorney-General.
The draft legislation provides that notification is required
when an entity has reasonable grounds to believe that a serious
data breach has occurred.
However, in the event that an entity is uncertain they will have
a period of 30 days in which to assess whether there are reasonable
grounds to consider a serious data breach has occurred and to then
make notification if it has.
In terms of when these proposed changes are likely to come into
effect, the first hurdle is for the legislation to retain its form
after the consultation period, open until 4 March 2016, ends.
To find out more about the proposed changes, read our recent
article 'Mandatory data breach notification exposure draft
legislation – Privacy Act amendments'
This publication does not deal with every important topic or
change in law and is not intended to be relied upon as a substitute
for legal or other advice that may be relevant to the reader's
specific circumstances. If you have found this publication of
interest and would like to know more or wish to obtain legal advice
relevant to your circumstances please contact one of the named
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Privacy issues require a considered strategy where sets of big data come with ever-increasing regulatory obligations.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).