Privacy reforms are on their way
Australian privacy law is facing a period of dramatic change. The Privacy Act is under review, with significant proposals for reform being considered by the Australian Government. The first tranche passed in 2022, while the Government has committed to introducing further reforms in 2024.
Let Salinger Privacy know-how guide you through.
The latest news
28 November 2023 – Our Principal Anna Johnston was a guest panelist on the Tech Mirror podcast to share her thoughts on the Government’s response to the Privacy Act Review Report. See Episode 35: Privacy: Move fast and regulate it.
9 October 2023 – To reflect the proposals for law reform to which the Government has now agreed, we have updated our fast guide for busy people: The Privacy Act in a Nutshell – An Executive Briefing Paper.
We also have a free handout: Seven Steps to Prepare for Law Reforms.
28 September 2023 – Of the 116 proposals in the Privacy Act Review Report from February 2023, the Attorney General has today agreed and committed the Government to act on 38, and to introduce a Bill to Parliament in 2024. Another 68 proposals are agreed to ‘in principle’, while 10 have been shelved.
Here is our analysis: Glass half empty, or glass half full? How to read the Privacy Act reform proposals, plus a run-down of the 16 most impactful reforms.
19 April 2023 – Our April blog takes a deeper dive on the proposed new definition of ‘personal information’.
4 April 2023 – We ran a webinar to understand the Privacy Act Reforms – what’s proposed, what’s next, and how to prepare. The 90 minute recorded presentation, and a copy of the associated handouts, is now available as part of our Privacy Act Reforms Bundle.
31 March 2023 – We have made a detailed submission to the Department on the Privacy Act Review Report.
28 March 2023 – In a long-form blog, we have teased out some of the surprising proposals from the Final Report into the review of the Privacy Act.
16 February 2023 – The final report by the Attorney-General’s Department into their Review of the Privacy Act is out today! The report has 116 recommendations, including a strengthened definition of ‘personal information’, specific tests to be met when relying on consent as the basis for handling personal information, the introduction of a ‘fair and reasonable’ test, mandatory Privacy Impact Assessments of high-risk activities, and a right to erasure. Attorney-General the Hon Mark Dreyfus KC MP will embark on another round of consultations, with responses to a 42-question survey due 31 March. Join our webinar on 4 April to understand the Privacy Act Reforms – what’s proposed, what’s next, and how to prepare.
20 December 2022 – The final report by the Attorney-General’s Department about their Review of the Privacy Act has been handed to the Attorney-General, the Hon Mark Dreyfus KC MP. Dreyfus announced on Twitter today that he will now “carefully consider” the report over the summer as he prepares “to overhaul the Act next year”. Dreyfus has previously stated that he is committed to bringing forward the reforms arising from that review within the current term of government.
12 December 2022 – The amendments to the Privacy Act, brought about by the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, commenced today, upon the Bill receiving Royal Assent. The key effect is to increase the maximum civil penalties which relate to ‘serious or repeated’ breaches of the 13 APPs, or the notifiable data breach scheme. The maximum penalty for a serious or repeated breach by a body corporate will increase (from what was a maximum of $2.22M) to whichever is the greater out of $50 million, 30% of turnover, or three times the benefit obtained from the breach. For individuals (e.g. sole traders), partnerships and other unincorporated entities, the penalty will increase from the current maximum of $440,000 to $2.5 million.
This amendment did not change the fact that the OAIC has to ask the Federal Court to levy these fines, and that the fines are only for serious or repeat conduct. We expect further reforms in the second tranche in 2024, including possibly a tiered scheme to include lower penalties for less serious conduct.
The amendments also extend the extra-territorial reach of the Privacy Act, and expanded the powers of the OAIC.
What to expect
As well as the significantly higher penalties for breaches already enacted, when a Bill is ready in 2024 we can also expect a tightening of the rules for when and how personal information can be collected, used and disclosed, with an overarching ‘fair and reasonable’ test proposed. Also expect more emphasis on accountability for privacy risk management when designing new products, services or systems. New definitions of ‘personal information’ and ‘consent’ are expected to bring Australian law closer to the tougher European model. The small business exemption is going to go (but timing is an issue), and new obligations will be imposed. See below for more details on what we know of the reform proposals thus far, and how to prepare.
How we can help
We offer a number of resources and services, to help you understand and prepare for the coming reforms, and uplift preparedness across your enterprise.
- Privacy Act Reforms – what’s proposed, what’s next, and how to prepare – a recorded presentation
Between the proposals for tough new privacy rules, already beefed-up penalties, and the fallout from massive data breaches continuing to rattle Boards and senior execs alike, privacy law and practice is likely to dominate the legislative, political and business agenda through 2023 and beyond. Based on the Attorney-General’s Department Final Report, we can see the likely legal reforms start to take shape. This 90 minute webinar explains where the review of the Privacy Act is at, what is likely to come next, and what you can do to prepare.
- The Privacy Act in a Nutshell – An Executive Briefing Paper
Australian businesses, non-profits and federal government agencies need guidance on the law as it is now, as well as where it is headed in the near future. A plain language primer for busy executives, in a succinct 28-page download, The Privacy Act in a Nutshell describes the law as it is today, with sidebars offering additional explainers of key topics, and the more significant law reform proposals currently being considered. Updated October 2023, to reflect the final set of law reform proposals released in September 2023.
Our Privacy Act compliance online training module has a fresh contemporary design, and the content is constantly updated to reflect the latest legal developments. (It was most recently updated in December 2022, to reflect the new penalties now in force.)
Co-designed by privacy and learning & development experts for an approach to learning which is fun, interactive and effective, our eLearning module is available off-the-shelf, or we can brand or customise it for you further. SCORM-compliant to integrate with your LMS, or enjoy instant access via our hosted environment, which includes regular reporting to you on staff progress.
Guidance for small to medium-sized businesses about privacy compliance and marketing rules, plus tools and templates to get the basics right: a Privacy Policy which complies with the Australian Privacy Act, a Data Breach Response Plan, a checklist of common privacy risks (and how to fix them), template language to use on webpages and in forms and contracts, and what to tell staff about their privacy obligations.
We can also offer executive briefings, webinars and other short-form presentations to explain the reforms to your team. Contact us to find out more.
Wondering where to start building a privacy compliance program, or worried about where your gaps might be? Download your free copy of The Privacy Officer’s Handbook to help you get started, and link you to other resources you might find useful along the way.
Navigate your way through your privacy obligations with resources tailored to your needs. Whether you want just the basics for a start-up, advice about a particular risk area, or a complete privacy management program, we have a Compliance Kit to suit. Crafted by our team of privacy specialists, each Compliance Kit offers expert guidance and pragmatic tools, such as templates, checklists and briefing papers.
Get the good stuff in your inbox: subscribe to our email newsletter to receive a regular dose of privacy news and our award-winning blogs.
Further information
The review of the Privacy Act commenced in 2019, with a number of reports and proposals being subject to public consultation in that time. Salinger Privacy has been actively involved in the review process, monitoring the progress of proposals and assessing how various reforms will impact on our clients.
- Our analysis of the Government’s Response, September 2023
- The Government’s Response to the Privacy Act Review Report, September 2023
- See our detailed explanation of the 116 proposals from the Attorney-General’s Department, March 2023
- Salinger Privacy submission on the Privacy Act Review Report, March 2023
- The Final Privacy Act Review Report from the Attorney-General’s Department, February 2023
- See our detailed explanation of the 2021 Discussion Paper’s proposals
- Salinger Privacy submission on the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, November 2022
- Salinger Privacy submission in response to the Privacy Act Review Discussion Paper, January 2022
- Salinger Privacy submission in response to the exposure draft Online Privacy Bill, December 2021
- Salinger Privacy submission in response to the Privacy Act Review Issues Paper, November 2020
- Attorney-General’s Department main page for the Review of the Privacy Act 1988