ARTICLE
16 October 2023

Australia's Privacy Framework Set To Be Revamped Following The Government's Response To The Privacy Act Review Report

KG
K&L Gates

Contributor

K&L Gates logo
At K&L Gates, we foster an inclusive and collaborative environment across our fully integrated global platform that enables us to diligently combine the knowledge and expertise of our lawyers and policy professionals to create teams that provide exceptional client solutions. With offices spanning across five continents, we represent leading global corporations in every major industry, capital markets participants, and ambitious middle-market and emerging growth companies. Our lawyers also serve public sector entities, educational institutions, philanthropic organizations, and individuals. We are leaders in legal issues related to industries critical to the economies of both the developed and developing worlds—including technology, manufacturing, financial services, health care, energy, and more.
Explore
Last week the federal Government released its response (the Response) to the recommendations proposed by the AGD's Privacy Act Review Report released in February 2023 (the Report).
Australia Privacy
Person photo placeholder
Person photo placeholder
Photo of Stephanie Mayhew
Person photo placeholder
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

Last week the federal Government released its response (the Response) to the recommendations proposed by the AGD's Privacy Act Review Report released in February 2023 (the Report).

The Response is largely supportive of the significant reforms proposed in the Report, including agreement in-principle to:

  1. Remove the small business exemption (subject to further consultation and an appropriate transition period).
  2. Alter the employee records exemption and to extend enhanced privacy protections to private sector employees.
  3. Strengthen obligations around reporting and responding to data breaches.
  4. Require entities to appoint or designate a senior employee with specific responsibility for privacy within the organisation.
  5. Provide individuals an unqualified right to opt-outof personal information being used or disclosed for direct marketing purposes.
  6. Introduce a distinction between controllers and processors of personal information to reduce compliance burden on processors.
  7. Create a direct right of action for individuals to seek remedies from the court for breaches of the Privacy Act.
  8. Introduce a statutory tort for serious invasions of privacy, based on the Australian Law Reform Commission's recommended model.
  9. Introduce a new, overarching requirement that collections, uses and disclosures of personal information must be fair and reasonable in the circumstances.
  10. Require entities to determine and record the purposes for which they will collect, use and disclose personal information.
  11. Require Privacy Impact Assessments for all high privacy risk activities.
  12. Require additional information to be included in privacy policies.
  13. Investigate the feasibility of an industry funding model for the OAIC.

With all these and more, 2024 is set to be another big year for privacy and cybersecurity. There is still time to get your organisation's affairs in order to prepare for these changes: get a privacy and cybersecurity health check today.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.

Authors
Person photo placeholder
Cameron Abbott
Person photo placeholder
Rob Pulham
Photo of Stephanie Mayhew
Stephanie Mayhew
Person photo placeholder
Maddy Bassal
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More