Receive all the latest news and insights straight to your inbox
Subscribe
Subscribe
On 25 March 2019, the Morrison Government announced their plan to introduce tougher penalties to protect Australians’ privacy and personal information.
The draft legislation for consultation in the second half of 2019 includes the following key changes to the Privacy Act 1988 (Cth) (Privacy Act):[1]
- for all entities subject to the Privacy Act, increased maximum penalty for serious or repeated breaches from the current maximum penalty of $2.1 million to $10 million, OR three times the value of any benefit obtained through the misuse of information or 10 per cent of a company’s annual domestic turnover – whichever is the greater;
- additional enforcement and remedial powers, including infringement notice powers, given to the Office of the Australian Information Commissioner (OAIC), to enforce new penalties of up to $63,000 for bodies corporate and $12,600 for individuals for failure to resolve minor privacy breaches;
- a requirement for social media and online platforms to cease using or disclosing an individual’s personal information upon request; and
- specific rules to protect the personal information of children and other vulnerable groups.
Attorney-General, Christian Porter and Minister for Communications and the Arts, Mitch Fifield, emphasised the importance of social media companies introducing more transparent practices in relation to data sharing and obtaining specific consent of users when companies collect, use and disclose personal information.
It was also announced that the OAIC will be provided with an additional $25 million over 3 years under the new privacy regime to respond to privacy breaches and administer privacy rules.
These proposed changes are consistent with our forecast that changes to Australia’s current privacy regime are inevitable, given the ongoing privacy reforms around the world following the introduction of the General Data Protection Regulation (GDPR) in March 2018. For more information on the GDPR, visit our article “What is a GDPR compliant privacy policy?”
If you are unsure whether your privacy policy is compliant, or require a thorough review of your data handling practices, our team can assist.
This article was written by Commercial and Tech Lawyer Zuong Dang.
