28 September 2023

The Office of the Australian Information Commissioner (OAIC) today welcomed the Australian Government’s response to the Attorney-General’s Department’s (AGD) review of the Privacy Act 1988 as a crucial step in ensuring Australia’s privacy framework is strengthened for the future.

“This is a vital set of proposals that will deliver significant gains for the Australian community,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said.

“With increasing use of high impact technologies, it is critical that these reforms proceed as a priority alongside other key initiatives that rely on a strong privacy foundation such as the Australian Cyber Security Strategy and Digital ID framework.”

The OAIC's Australian Community Attitudes to Privacy Survey makes clear the high priority Australians place on having the right legislative framework in place to hold regulated entities to account for the way they handle personal information. The survey found 89% of Australians would like to see government pass more legislation that protects their personal information.

“As the privacy regulator, it is pleasing to see support for the positive obligation that personal information handling is fair and reasonable, as a new keystone of the Australian privacy framework,” Commissioner Falk said.

“This is the most significant change to the Privacy Act in decades, and will require organisations to ensure that their practices are fair and reasonable in the first place.

“This will provide confidence to the Australian community that like a safety standard, privacy must be built into products and services from start.

“Key developments include enabling individuals to exercise new privacy rights and take direct action in the courts if their privacy is breached. These initiatives reflect the baseline privacy rights expected by our community.”

Reforms will also provide a greater range of enforcement powers to the OAIC, establish stronger privacy protections for children and enhance requirements in relation to the security of personal information and its destruction when it is no longer needed.

“As privacy regulator, the provision of tools and support will increase the OAIC’s ability to take regulatory action on behalf of the Australian people in a flexible and proportionate way, and to identify systemic privacy issues,” Commissioner Falk said.

There are a number of proposals that are subject to consultation and developing sufficient impact strategies before legislation is finalised, including changes to the small business exemption and the employee records exemption.

“We support the removal of these exemptions and acknowledge that it is important to engage with the business community so that we can fully understand and assist with their transition. The OAIC stands ready to support small businesses to make their compliance with privacy requirements easy,” Commissioner Falk said.

The Australian Government will consult with stakeholder groups before drafting further legislation to go before Parliament in 2024. The OAIC is well prepared and committed to lending its expertise to the next phase of this ambitious reform.

The proposed privacy reforms follow the passing in November 2022 of the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, which introduced significantly increased penalties for serious and repeated privacy breaches and greater powers for the OAIC to resolve breaches.