Peter A Clarke

On 10 June 2025 Australia will have a statutory tort of serious invasion of privacy.  It fills a yawning gap in the law.

The impact of the law is an unknown but businesses who collect and use use data which includes personal information should evaluate their operations to prioritise data security and data minimisation.  Given that Privacy Commissioner has enhanced powers to issue infringement notices such an exercise would also minimise exposure to intrusions from the regulator. This could involve modifying ways to deliver personalised services without unnecessary data collection. It should also involve a proper privacy training for employees, making sure data protection policies and compliant with best practice, and having adequate technical measures to safeguard personal information.

Organisations that contact or take footage of individuals as part of their activities in particular will need to consider their policies and procedures so as to avoid a claim of intrusion upon seclusion.  APPs already require organisations to have processes, procedures and systems in place to ensure compliance.