The Office of the Australian Information Commissioner (OAIC) today welcomed the first tranche of reforms to the Privacy Act 1988 as an important first step in strengthening Australia’s privacy framework.
The Bill to be introduced to Parliament today will:
- strengthen the OAIC’s enforcement toolkit, which will include a new mid-tier civil penalty for interferences with privacy and a low-level civil penalty provision for specific administrative breaches of the Act with attached infringement notice powers
- require the OAIC to develop a new Children’s Online Privacy Code to enhance privacy protections for children in the online environment, particularly when using digital platforms
- introduce a statutory tort for serious invasions of privacy, which would be an important addition to the suite of regulatory measures needed to address gaps in the existing privacy protection framework and address current and emerging privacy risks and harms (such as doxing).
“These are important initiatives that will have benefits for the Australian community,” Australian Privacy Commissioner Carly Kind said.
“The enhanced civil penalty regime will add significantly to our enforcement toolkit, providing the OAIC with greater discretion and flexibility to apply a risk-based approach to enforcement that is proportionate and also supportive of a growing digital economy.
“The statutory tort would also fill a gap in our privacy landscape by providing people with the ability to seek redress through the courts for serious invasions of privacy without being limited to the scope of the Act.”
However, Commissioner Kind said much more needed to be done.
“We are eagerly awaiting the second tranche of privacy reforms, dealing with much needed reforms including a new positive obligation that personal information handling is fair and reasonable,” Commissioner Kind said.
“The coverage of Australia’s privacy legislation lags behind the advancing skills of malicious cyber actors. Further reform of the Privacy Act is urgent, to ensure all Australian organisations build the highest levels of security into their operations and the community’s personal information is protected to the maximum extent possible.”