Reading time: 6 minutes

The government is in the process of conducting a review of Australia’s national Privacy Act. The review is broad and to date has considered a wide range of issues. At the time of writing, the review is still in the process of identifying issues and accepting submissions on how to address such issues. A key contributor to the dialogue is the Office of the Australian Information Commissioner (OAIC). This article looks at some of the key changes expected as a result of the anticipated reforms to the Privacy Act in Australia. It will then consider how they may impact your business’ privacy obligations.

Current Exemptions

Currently, the majority of Australian businesses are exempt from compliance with the Privacy Act because of the small business exemption. The small business exemption is a monetary threshold that exempts businesses with an annual turnover of $3 million or less from the Privacy Act. The issue with the exemption is that in the current data-driven world, many small businesses are collecting and handling a lot of personal data. Therefore, it does not make sense for individuals’ privacy to be at risk because a small business is handling the data. This also does not align with other similar jurisdictions which do not have this exception. For this reason, the OAIC has submitted that the exemption should be scrapped as one of many privacy reforms in Australia. 

The Privacy Act also includes an exemption for employers handling employee records. The OAIC has suggested this exception be removed. This exemption exempts certain acts of employers by reducing the burden of dealing with employee information. However, businesses collect more employee information now than ever. This is due to things like GPS tracking of corporate vehicles and biometric scans for secure entry to workplaces. Furthermore, there has been an increase in the monitoring of employee health information, including as a result of COVID-19. 

If this exemption is removed and you currently fall under the $3 million-plus threshold, your privacy obligations will change. You will need to upgrade your privacy processes and policies. If your business is currently subject to the Privacy Act, then you may rely on the employee records exemption. The removal of this exemption will require that you reassess how you handle employee personal information. Indeed, you will likely be required to introduce new steps for collecting information in a compliant fashion.

What Are the Expected Reforms to the Notice and Consent Requirements?

Another of the privacy reforms being considered by the review in Australia is notice. In particular, the concept of how and when businesses give notice under the Privacy Act. The OAIC is pushing for the use of a standardised form when notifying an individual about data collection. 

There is also discussion about legislating the requirements for consent. These proposed changes would ensure it is clearer when consent is required. They would also define what amounts to true consent. For example, the review submits that the Privacy Act should define consent as a clear and affirmative act. Therefore, the act would define consent as informed, specific, voluntarily given and unambiguous. 

The suggested changes to notice and consent are driven by a desire to give individuals more control of their personal information. These suggested changes will hopefully fulfil the aim of better aligning the Privacy Act with privacy laws in other jurisdictions. 

Changes to notice and consent requirements will require an update of your privacy notices. You will also need to undertake a review of your current consents to ensure they are compliant. 

What New Remedies Are on the Table?

Two major items form part of the review. These items are intended to update the remedies available where there is a breach of privacy under the Privacy Act. The first is an increase in the maximum fine. The second is a right for an individual to bring a direct action for breach of their privacy.

In March 2019 by the Digital Platforms Inquiry announced an increase in the maximum penalty. The increase aims to provide a greater incentive for businesses to comply with the Privacy Act. Part of the review is considering whether the current balance between investigating and mediating complaints and enforcement is effective. If penalties are increased, you are at increased risk as a business. Therefore, you should reassess your risk profile for each activity or function in which your business handles personal information.

Currently, there is no right under the Privacy Act for a person to bring a direct action for breach of their privacy. Instead, they have to complain to the OAIC. It is then up to the OAIC to investigate and decide what steps are appropriate. Therefore, the review considers whether individuals should have direct access to courts to enforce their privacy. The review considers how to provide this right while curtailing the risk of ill-considered claims tying up the courts’ resources. Introduction of a right to bring a direct action for a privacy breach would significantly impact the risk to your business in the event of a security incident or other incorrect handling of personal information. As a result, it would be prudent for your business to enhance its privacy policies and processes and run updated training for staff.

Key Takeaways

The current review of the Privacy Act in Australia is broad and is considering a range of reforms. Some of the key updates the report considers are scrapping exemptions to compliance with the Privacy Act, changes to the notice requirements, a better definition of consent, higher fines and a direct right for an individual to take your business to court for breaching their privacy.

Changes to the Privacy Act will impact your risk profile and, therefore, will require that you reassess your privacy policies, both internal and external, and processes. In updating such documentation, you should also run staff training to ensure they are also up to speed with the changes.


For more help with privacy in your business, call LegalVision’s privacy lawyers on 1300 544 755 or fill in the form on this page. 

Frequently Asked Questions

What changes can I expect to the Privacy Act?

The current exemptions for small businesses and employees may be scrapped. There may also be changes to the notice and consent requirements. In terms of remedies, the maximum penalty may increase and individuals may have increased rights to take matters to court.

My privacy has been breached. Can I go to court?

Currently, there is no right under the Privacy Act for a person to bring a direct action for breach of their privacy. Instead, they have to complain to the OAIC. It is then up to the OAIC to investigate and decide what steps are appropriate. However, this may change.

Webinars

Australia’s Global Talent Visa: How to Attract Top Talent

Thursday 7 October | 11:00 - 11:45am

Online
Understand how to navigate Australia’s complex migration system to attract top overseas talent with our free webinar.
Register Now

5 Essential Contracts for your Online Business

Thursday 14 October | 11:00 - 11:45am

Online
Learn which key contracts will best protect your online business with our free webinar.
Register Now

Key Considerations When Buying a Business

Thursday 11 November | 11:00 - 11:45am

Online
Learn which questions to ask when buying a business to avoid legal and operational pitfalls, so you can hit the ground running. Join our free webinar.
Register Now

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

Our Awards

  • 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year - Australasian Law Awards
  • 2019 Most Innovative Firm - Australasian Lawyer