Privacy Act Reform – Their Rights, Your Responsibilities
Privacy is a critical concern for individuals, businesses, and governments in today’s digital age. With increasing amounts of personal data being collected and stored, there is a growing need to update and reform privacy laws to protect the rights of individuals.
Last week, the Attorney-General released the Privacy Act Review Report. The proposals in the Report aim to make the Privacy Act “fit for purpose” to “adequately protect Australians’ privacy in the digital age”.
While it is unlikely that all of the 116 proposals in the Report will be enacted into law, it is certain that the reforms which are passed will mandate significant changes for businesses in how they handle personal information and engage with customers.
These changes are all about giving individuals more rights and businesses more responsibilities.
Let’s look at some highlights.
- Introduction of a right of erasure. This would allow individuals to request the deletion of their personal information. There’s also a proposed right of de-indexation, which would allow individuals to require search engines to de-index online search results where the results are excessive in volume, inaccurate, out of date, incomplete, irrelevant, or misleading.
- De-identification.The Report proposes extending APP 11.1 (obligations to protect de-identified information from unauthorised access or interference) and APP 8 (obligation to take reasonable steps to ensure overseas recipients do not breach the APPs) to apply to de-identified datasets. This may impact organisations that rely on anonymisation and de-identification to perform data analytics.
- Acting fairly and reasonably when collecting, using, and disclosing personal information. This requirement will be judged on an objective standard and will apply regardless of any consent – meaning that tick boxes and privacy policies will not cure inappropriate data collection and use.
- Removing the small business exemption (which under current legislation generally excludes businesses that turnover less than $ 3 million per annum). This would only be done after consultation and with measures to address these organisations’ difficulties in assuming this compliance burden.
Where to from here?
The Government is requesting feedback on the Report by March 31, 2023, and will provide a formal response regarding which 116 proposals will be incorporated into legislative amendments. While it may take some time for the final proposals to be enacted, it is crucial to begin acting now to prepare for the potential changes.
What does this mean for Australian Businesses?
This is a step change for Australian privacy laws, bringing Australia more in line with Europe’s General Data Protection Regulation. Privacy Act reform will impact Australian businesses by introducing several significant changes to the country’s privacy laws. This includes expanding privacy rights for individuals, such as regulating ‘targeting’ of individuals based on information which relates to them but that may not uniquely identify them and enhanced rights to bring legal action against organisations that breach privacy laws. The reforms will also mandate that businesses take greater responsibility for protecting personal information and implementing robust privacy policies and procedures.
Additionally, the Privacy Act reforms will introduce new regulatory powers following on from the significantly increased penalties for non-compliance introduced last year. Businesses must comply with the new regulations or face severe consequences.
Overall, the Privacy Act reforms mean that Australian businesses must adapt and make substantial changes to how they collect, store, and use personal information.
How can Oper8 Global help?
Oper8 Global is an industry leader in data protection and encryption, equipped with a team of experts who are well-versed in the upcoming changes to the Privacy Act and are capable of providing tailored solutions to help prepare your business for compliance with the new regulations.
Want to learn more?
We warmly invite you to register your interest in attending our upcoming event, hosted by Oper8 Global and Thales Cloud Security in Brisbane on the 2nd of March. Featuring a keynote address by Robert Feldman, Director at Gadens Lawyers, who will discuss the Privacy Act reforms and its implications for Australian businesses.