The Senate passed the The Privacy and Other Legislation Amendment Bill 2024 (Cth) (Bill) on the 28 November 2024.
The Bill is currently awaiting Royal Assent and once that occurs it will be an Act of Parliament with the majority of the provisions commencing the day after the Royal Assent.
Updating privacy policies to include automated decision making will commence 24 months after the Royal Assent and the provisions relating to the new tort of serious invasions of privacy will commence within 6 months after the Royal Assent on a date to be advised.
What does this mean for Australian Businesses?
These reforms are significant and build on the change to Australian Privacy Law following the 2014 reforms when the Australian Privacy Principles (APP) were introduced.
These changes give greater enforcement, investigative powers new penalty provisions, to the Office of the Australian Information Commissioner (OAIC) allowing it to investigate and penalise companies that mismanage personal information.
This will apply to all private sector businesses and organisations with an annual turnover of $3 million or more.
However regardless of turnover the following will have to comply with the requirements:
- a health service provider
- trading in personal information
- a contractor that provides services under a Commonwealth contract
- an operator of a residential tenancy database
- a credit reporting body
- a reporting entity for the purposes of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006
- employee associations registered or recognised under the Fair Work (Registered Organisations) Act 2009
- a business that conducts protection action ballots
- a business accredited under the Consumer Data Right system
- related to a business the Privacy Act covers
- a business prescribed by the Privacy Regulation 2013
- a business that has opted in to be covered by the Privacy Act
What is new with the privacy laws?
The key reforms that are being introduced:
- Privacy policies must include information about any automated decision-making processes
- Technical and organisational measures must be implemented to show that reasonable steps have been taken to protect the security of personal information
- A new tort of ‘serious invasions of privacy’
- a new criminal offence of ‘doxxing’ which is the releasing of personal data using a carriage service in a manner that would reasonably be regarded as menacing or harassing
- New civil penalty provisions for interfering with the privacy of individuals
- The power for the OAIC to issue infringement notices and compliance notices
- The OAIC must develop a Children’s Online Privacy Code
- New Ministerial powers to ‘whitelist’ countries that provide substantially similar privacy protections, in order to assist entities disclosing personal information overseas.
Federal Court of Australia and Family Court of Australia will have the power to issue any order it sees fit, including orders directing:
- any reasonable act to be performed to redress the loss or damage suffered
- damages to be paid by way of compensation
- a statement regarding the contravention to be published or communicated.
The Penalties are significant and range from $660,000 for individuals to $3.3 million for bodies corporate, depending on the severity and nature of the breach.
How can FC Lawyers help?
Our team can assist with ensuring your businesses is ready for the changes and your policies and procedures comply with the impending changes.
If you would like to discuss any of your privacy issues or concerns, contact our team of business and commercial lawyers today.
The information provided in this article is for general information and educative purposes in summary form on legal topics which is current at the time it is published. The content does not constitute legal advice or recommendations and should not be relied upon as such. Whilst every care has been taken in the preparation of this article, FC Lawyers cannot accept responsibility for any errors, including those caused by negligence, in the material. We make no representations, statements or warranties about the accuracy or completeness of the information and you should not rely on it. You are advised to make your own independent inquiries regarding the accuracy of any information provided on this website. FC Lawyers does not guarantee, and accepts no legal responsibility whatsoever arising from or in connection to the accuracy, reliability, currency, correctness or completeness of any material contained in this article. Links to third party websites or articles does not constitute any endorsement or approval of those sites or the owners of those sites. Nothing in this article should be construed as granting any licence or right for you to use that content. You should consult the third party’s terms and conditions of use in relation to any third-party content. FC Lawyers disclaims all responsibility and all liability (including liability for negligence) for all expenses, losses, damages and costs you might incur as a result of the information being inaccurate or incomplete in any way. Appropriate legal advice should always be obtained in actual situations.
Prefer to get in touch?
With offices in Brisbane, Sunshine Coast, North Queensland and Sydney, our team is well equipped to provide both advice and support across a broad range of legal areas.