Attorney General receives the review of the Privacy Act by the Attorney General’s Department after three long years.

December 21, 2022 |

The reviews, as in many, of the Privacy Act 1988 have been a lesson in what not to do when reviewing legislation.  The Federal Government’s response to the 2008 Australian Law Reform Commission Report was modest, selective, incomplete and largely a failure of public policy.  The amendments to the Act, which took effect in 2014, did not go very far.  The Government commissioned yet another  review in 2013, which reported in 2014, did not materially advance the findings contained in the 2008 Report.  The Government did not accept the recommendations but rather, in 2019, commenced yet another review, this time by the Attorney General’s Department.    

Innovation AU in Privacy Act Review complete after three years reports that the Attorney General has the product of the Review.  It appears that the Government is on track to release the Report with a view to amending the Privacy Act some time in 2023.    

The article provides:

After three years, the Privacy Act Review commissioned under the Coalition government has been completed and the final report handed to Attorney General Mark Dreyfus.

The Attorney General will now consider the review over the summer and is expected to release it publicly alongside the government’s response in the first half of 2023.

The completion of the review comes a full year after the Attorney General’s Department originally expected to finish.

In July, Mr Dreyfus promised the final report would be presented to the government by the end of the year.

InnovationAus.com understands the review was completed at the end of last week and handed to Mr Dreyfus on Tuesday.

During a press conference on Friday, Mr Dreyfus told InnovationAus.com that he was about to be handed the final report.

“I’ve made sure that it’s going to completed by the end of this year, which is fast approaching. I’ll have more to say about the review and reform, large scale reform of the Privacy Act that we expect to occur next year,” Mr Dreyfus said last Friday.

Confirming the review had been handed to him on Tuesday, Mr Dreyfus said on Twitter that “the former government left Australia’s privacy laws out of date and not fit-for-purpose in our digital age”.

The former Coalition government kicked off the Privacy Act Review in December 2019 in response to the Australian Competition and Consumer Commission’s report on digital platforms as an alternative to accepting its recommendations.

The review considered whether current laws effectively protect personal information, whether individuals should have direct rights of action to enforce their privacy protections, whether a statutory tort for serious invasions of privacy is needed, and the effectiveness of enforcement powers and feasibility of an independent certification scheme to monitor compliance with privacy laws.

An issues paper was released in October 2020, although a promised follow up issues paper was never released. In October 2021, a discussion paper was released.

In response to the massive Optus data breach, the government fast-tracked some of the review’s recommendations, passing legislation in November to create one of the toughest data breach penalty regimes in the world.

This raised the maximum penalty for serious or repeated privacy breaches to the greater of $50 million, three-times the value of any benefit obtained through the misuse of information, or 30 per cent of a company’s adjusted turnover in the relevant period.

Labor’s amendments also expanded the remit of the Privacy Act to cover breaches of Australian data that may be stored or processed outside of the country.

Next year’s reforms will arrive as Australia’s privacy watchdog, the Office of the Australian Information Commissioner (OAIC), continues to struggle under an increased workload. Last year, it met less than two thirds of its key performance indicators.

The OAIC received $5.5 million in the budget over two years to “investigate and respond to the Optus data breach,” according to Information Commissioner Angelene Falk.

Leave a Reply





Verified by MonsterInsights