Following on from the Australian Law Reform Commission’s Report 108: “For Your Information: Australian Privacy Law and Practice” released on 11 August 2008, the Cabinet Secretary and Special Minister of State, Senator Joe Ludwig, yesterday released the Australian Government’s first stage response to the ALRC’s privacy law review, proposing significant changes to the law on privacy. Whilst the proposed reforms are the first step towards full national consistency in privacy legislation and have been welcomed by the Office of the Privacy Commissioner, they may in time require organisations to update and enhance their privacy processes and procedures to ensure compliance with the law and potentially expose them to civil penalties for serious or repeated breaches of privacy law.

How has the Government responded?

In responding to the ALRC’s 28-month review of the effectiveness of the Privacy Act and related laws, and the recommendations set out in the ALRC Report, the Government has recognised that Australian privacy laws have not kept pace with changes in technology and how personal information is dealt with in our society. In accepting the majority of the 197 ALRC recommendations it has responded to, the Government has taken the first steps in reforming Australian privacy law to meet the following objectives and goals:

  • Harmonisation of the Privacy Principles to create a single set which apply across both the public and private sectors
  • Updating the Privacy Act to reduce complexity and increase clarity and ease of compliance
  • Creation of a comprehensive credit reporting framework to improve individual credit assessments which complements the Government’s reforms to responsible lending practices
  • Ensuring that organisations continue to protect an individual’s right to privacy where personal information is sent outside Australia
  • Improvement of health sector information flows to give individuals better access to and control of their health records, and
  • Increasing the powers of the Office of the Privacy Commissioner in dealing with complaints, conducting investigations and promoting compliance with privacy law.

Credit reporting and health services and research

Parts G and H of the Government’s first stage response will be of particular interest respectively to organisations in the Financial Services and Health sectors.

Part G details the Government’s acceptance of the ALRC recommendations to introduce comprehensive credit reporting in Australia, including acceptance of the ALRC’s recommendation that the use and disclosure of credit reporting information for electronic identity verification to satisfy obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act) should be authorised expressly under the AML/CTF Act. The proviso to this is that adequate privacy protections are put in place, and the Attorney-General’s Department has undertaken consultations as to how to implement the recommendation whilst enhancing privacy.

Part H deals with the Government’s response to the ALRC’s recommendations addressing a range of health privacy issues including in respect of access to and transfer of health records, and the interaction between health research which is in the public interest and the community expectations of personal privacy.

What happens next?

The acceptance of many of the recommendations will require amendments to the Privacy Act. The Government now intends to prepare exposure draft legislation to implement the proposed changes to the Privacy Act and related laws. The exposure draft will be released in early 2010 for further consultation.