Privacy Act Review: Coming Soon Privacy and data security 16th August 2022 Author Cecelia Irvine-So The much-anticipated review of the Privacy Act 1988 (Cth) (Privacy Act) may be happening very soon. After announcing the Privacy Act Review on 12 December 2019, and conducting consultation in 2020 and 2021, the new Attorney-General Mark Dreyfus has pledged to bring in sweeping reforms in the coming months. Privacy Act Review: Looking back The Privacy Act Review was part of the government’s response to the Australian Competition and Consumer Commission’s Digital Platforms Inquiry. The purpose of the Review was to ensure privacy settings: empower consumers;protect consumers’ data; andbest serve the Australian economy. Concurrent measures During the Review, there have been other amendments to the Privacy Act, notably: the introduction of the Consumer Data Right;Expanded powers of the eSafety Commissioner; andthe Online Privacy Bill. You can read more about eSafety here. The Online Privacy Bill is a separate reform to the Privacy Act Review. It proposes to introduce an Online Privacy Code for social media platforms. Privacy Act Review: Looking ahead Proposed changes to the Privacy Act include: strengthening individuals’ privacy rights by:strengthening consent requirements; andintroducing a person’s right to erasure;creating a direct cause of action or statutory right for breaches of privacy laws; a recommendation of the Australian Law Reform Commission in 2014;introducing specific codes for certain industries, such as the Online Privacy Code for social media platforms, and other distinct industries; andincreasing maximum penalties which are significantly out of step with international jurisdictions. Strengthening consent The principle manner to strengthen consent requirements is with pro-consumer defaults – also known as the principle of privacy-by-design – and accessible privacy settings that give individual obvious, clear ways to set privacy controls. The inherent policy idea underpinning privacy is the rights of individuals to control their information, and by result, their identity. It is possible that the consent reforms will focus on requiring pro-privacy default settings when information about children and vulnerable people is involved. This is also a part of the Online Privacy Bill, proposing explicit parental consent to use social media platforms for children under the age of 16. What your organisation can do now As we await the introduction of a Privacy Bill 2022 to Parliament, we recommend organisations: ensure they have a privacy policy in place, even if they are a “small business” with an annual income of less than $3 million. The Privacy Act Review has considered scraping the small business exemption; andplan – and budget – for needing to refresh how they handle personal information. Replacing or upgrading software or client management systems can be expensive, time-consuming and critical to business infrastructure. How we can help With expertise in privacy and safeguarding, Moores can support your organisation to you achieve your mission by helping you: optimise how you use personal information in a lawful way, andavoid costly and embarrassing breaches of privacy. When was the last time your team had privacy training?For more information about your organisation’s current privacy obligations, see Moores’ Privacy Toolkit – a free online resource you can download here. Contact us Please contact us for more detailed and tailored help. Subscribe to our email updates and receive our articles directly in your inbox.
Cecelia Irvine-So Practice Leader Email cirvine-so@moores.com.au Mobile +61 402 202 133 Phone (03) 9843 2121 Connect LinkedIn