Changes to the Australian Privacy Act of 1988: An Update
The proposed amendments to the Privacy Act 1988 will require Australian businesses and organisations to be well in control of their data. Getting an early start on determining what the proposed changes mean for your business and the resulting impact of these changes, will stand you in good stead.
Changes to the Australian Privacy Act of 1988: An Update
The Australian Privacy Act of 1988 is poised for significant updates, with the draft legislation slated to be tabled later this year. These reforms are a key part of the Federal Government’s commitment to bolstering online safety.
Anticipated changes include a tiered civil penalty structure, enhanced transparency in privacy policies, particularly regarding automated decision-making, and the establishment of a Children’s Online Privacy Code.
The Federal Government has also highlighted the introduction of a statutory tort for serious invasions of privacy and expanding data subject rights beyond access and correction, to include a right of erasure, and a right to de-index certain online search results.
The impact on organisations and businesses that manage customers’ private details could be significant. The reforms are likely to change the way businesses manage their customer’s data and require them to have a process to deal with new privacy concepts.
They may need to devote significant resources to implement some of the obligations. The reforms are also expected to improve data governance and transparency, consent, and control mechanisms for individuals, enhance Privacy Impact Assessments (PIAs) for high privacy risk activities, and refine security, particularly in respect of destruction and de-identification.
These reforms aim to strengthen data governance, individual consent, and security protocols, ensuring a higher standard of privacy protection.
What do the proposed penalties for non-compliance look like?
In light of the impending updates to the Australian Privacy Act of 1988, it’s crucial for businesses to understand the increased penalties for non-compliance.
Corporations could face fines up to AUD 50 million, triple the contravention benefit, or 30% of their domestic turnover.
Individuals and smaller entities are not exempt, with penalties soaring to AUD 2.5 million.
The Act also introduces new powers for information-gathering, infringement notices, and criminal charges for repeated non-compliance.
While these changes are still proposals, the final legislation could have significant implications. Adopting a proactive stance will help dealing with these new measures once introduced. We highly recommend organisations start reviewing their data management practices and processes and to consult with experts like TIMG for a robust data protection plan. Staying informed and prepared will help ensure compliance with the evolving privacy landscape.
For a detailed consultation on managing your data compliantly, reach out to our experts via the contact form below.
Source(s)
oaic.gov.au | aph.gov.au | legislation.gov.au | alrc.gov.au | ag.gov.au