In November of 2022, the Australian Parliament approved Privacy Legislation Amendments that aim to increase penalties and provide greater powers to the Office of the Australian Information Commissioner (OAIC) in order to strengthen privacy protections. This is particularly pertinent given the data breaches of Optus and Medibank late last year which exposed the fallibility in privacy protection systems. Read on to discover what these amendments are, and how they may impact your business or personal information.
The most prominent change is the dramatic increase in penalties for serious or repeated privacy breaches by a corporate body. The maximum penalty for this crime has increase from $2.22 million to the greater of the following:
This significantly increased fine is intended to enforce greater accountability for organisations who we rely upon for secure and effective privacy management. This is particularly important given the new complex ways in which our personal information is being handled, and thus the difficulty for everyday citizens to properly evaluate how their data is being utilised.
Another significant change actioned by the Amendment is giving the OAIC enhanced powers of enforcement and information collection. Notably, these greater powers include:
These greater enforcement powers provide OAIC with the capacity to obtain tangible material and thus provide greater recommendations to enforcement authorities. However, none of these new powers allows for OAIC to take action in resolving breaches.
The other notable change is the provision allowing for greater sharing powers between the OAIC and ACMA. These include the ability to:
This new power allows OAIC to more effectively integrate with other organisations in obtaining information necessary in developing an understanding as to what has occurred in a particular scenario, and what should be done to resolve it.
Ultimately, the enormous data breaches of Optus and Medibank in tandem has accentuated the necessity for strong privacy laws in Australia. These amendments at least partially increase the accountability of businesses toward their clients insofar as they place the emphasis on the business to implement appropriate processes for managing sensitive data and potential breaches of this data. In doing so, the government is hopeful that personal information breaches may be more infrequent, and those responsible are brought to account.
If you have any questions or wish to discuss your circumstances with a lawyer, please contact the BAL Lawyers Business & Commercial team on 02 6274 0999.