Home > News > Review of the Privacy Act 1988 (Cth)

Review of the Privacy Act 1988 (Cth)

Spread the love

The Australian Law Reform Commission released a comprehensive report on their review of the Privacy Act 1988 (Cth) on 30th May 2008 (Report). This Report was instigated due to concerns raised by the business community that the existing framework for privacy law was overly complex and costly to comply with.

The key recommendations made by the Report include:

  • the introduction of a single set of Unified Privacy Principles (UPPs) which will apply to both the private and public sectors
  • the introduction of industry specific Privacy Codes in areas such as health, research and credit reporting
  • the establishment of a national privacy law framework to ensure legal consistency across state jurisdictions
  • the removal of the small business exemption so that all companies will be required to comply with the UPPs
  • the introduction of civil penalties for serious breaches of privacy
  • the introduction of a statutory cause of action for serious breaches of privacy

At this point in time it is unclear exactly how many of the Report’s recommendations will be enacted into law. The relevant Government Minister, Senator Faulkner, has proposed a two stage legislative response to the Report’s recommendations. The first of these stages will likely see the introduction of the UPPs and the industry specific Privacy Codes. No precise timeline has been released for this process, but it is expected that the first legislation could be passed as early as August 2009.

All companies should be aware of the potential impact that this new legislation could have on their businesses. In particular:

  • Companies with a turnover of less that $3 million a year should be aware of the possibility that they may soon be exposed to obligations under the Act
  • Companies with existing privacy policies should be aware of the possibility that these documents will need to be updated in order to comply with the requirements of the UPPs
  • Companies that operate in the health, research or credit reporting industries should be aware of the possibility that they will need to comply with industry specific Privacy Codes
  • All companies should be aware of the possibility that failing to comply with their obligations under the Act could result in the imposition of civil penalties.

We will endeavour to keep you informed as to which of the recommendations contained in the Report are adopted into law. At this stage it is a simple matter of watch this space.

Author: Laughlin Nicholls