Catagory:Australian Privacy Law Reforms

1
Australian Privacy Law Reform – The Wait is (Almost!) Over
2
Privacy Reform Bill Just Around the Corner
3
Australian Privacy Reform Series Refresher: What Are These Reforms?
4
Disclosure Obligations for Cyber Ransom Payments: A New Cyber Security Act is Coming

Australian Privacy Law Reform – The Wait is (Almost!) Over

By: Cameron Abbott, Stephanie Mayhew, and Rob Pulham

The long-awaited privacy reform has finally been introduced into the Australian Parliament today with the introduction of the Privacy and Other Legislation Amendment Bill 2024. Described as ‘Tranche 1’ of the reforms, the Bill introduces significant uplifts to several aspects of Australia’s privacy laws.

The proposed changes include:

  • The long-touted statutory tort for serious invasions of privacy;
  • As we predicted, new ‘tiered’ penalty provisions which will apply as soon as the law comes into force, allowing the Commissioner to issue infringement notices of up to US$66,000 for specific breaches of the Australian Privacy Principles (APPs), including:
    • Not having a privacy policy, or not having a fully compliant privacy policy;
    • Not allowing individuals to remain anonymous or use a pseudonym (unless it is impracticable to do so);
    • Not keeping written records of certain disclosures;
    • Not complying with the direct marketing provisions in APP 7;
    • Not dealing with correction requests; and
    • Not providing compliant notifications about data breaches.
  • Introduction of an ‘adequacy’ recognition mechanism into APP 8, to make it easier for organisations to disclose personal information to third parties outside Australia – specific permitted countries or binding schemes will be specified for these purposes in the regulations, and disclosures to third parties in those countries or subject to those binding schemes will be permitted without the disclosing organisation being required to take additional steps to ensure the recipient complies with the APPs in relation to that information;
  • Additional notice requirements in entities’ privacy policies regarding use of automated decision-making (the transitional provisions allow for a period of 24 months before this takes effect);
  • Additional protections for minors, by paving the way for the introduction of a Children’s Online Privacy Code, which must be developed and registered by the Commissioner within 24 months of the law coming into force;
  • A new criminal offence for malicious release of personal data online, known as ‘doxxing’, with jail terms for publishing private details with the intent of causing harm, including up to 7 years’ imprisonment if the person or group is targeted on the basis of their race, religion, sex, sexual orientation, gender identity, intersex status, disability, nationality or national or ethnic origin;
  • Additional entry, search and seizure powers to the Commissioner; and
  • Additional orders which may be made by the Federal Court for contraventions of the Privacy Act.

Although the changes are yet to be passed, now is most certainly the time to ensure your organisation has at least the most basic (and visible) privacy compliance measures in place, and to start considering the make-up of your organisation’s privacy reform project team.

Privacy Reform Bill Just Around the Corner

By: Cameron Abbott, Rob Pulham, and Lauren Hrysomallis

There appears to be a further delay to the long-anticipated privacy law reform legislation, most recently expected to be unveiled this month. But even with this delay the wait won’t be long; we could see a draft bill introduced in as little as three weeks’ time.

Read More

Australian Privacy Reform Series Refresher: What Are These Reforms?

By Cameron Abbott, Rob Pulham, and Stephanie Mayhew

In 2023 the Attorney-General’s Department released the “Privacy Act Review Report” (Review Report), which considered whether the Australian Privacy Act 1988 (Cth) and its enforcement mechanisms are fit for purpose in an environment where Australians now live much of their lives online and their information is collected and used for a myriad of purposes in the digital economy.

Read More

Disclosure Obligations for Cyber Ransom Payments: A New Cyber Security Act is Coming

By Cameron Abbott, Rob Pulham, Stephanie Mayhew, Dadar Ahmadi-Pirshahid and Lauren Hrysomallis

A new Cyber Security Act is set to be unveiled in Parliament’s next sitting from 12 August, as reported by the ABC. The proposed Act would require Australian businesses and government bodies to disclose when they make a ransom payment to cybercriminals in the event of a hack, or face penalties of up to AU$15,000 for failing to notify.

Read More

Copyright © 2024, K&L Gates LLP. All Rights Reserved.