The world was a different place when the current Privacy Act was put in place in 1993, and it is no longer fit for purpose in the information age. The Privacy Bill currently before Select Committee aims to provide a number of much needed updates. It is important for employers, as collectors of their employee's personal information, to be aware of the planned changes and to take the opportunity to have their say on the practicalities of the new regime.
The core of the current Act, including the privacy principles, will remain intact (albeit with some modernisation). The new aspects of the Bill focus on strengthening privacy protection laws, and giving the Office of the Privacy Commissioner greater enforcement powers. This includes:
- Mandatory reporting of privacy breaches – to the Commissioner and affected individuals
- Compliance notices – issued by the Commissioner – requiring an agency to comply with privacy law
- Strengthening cross-border data flow protections – agencies will need to ensure that information going overseas will be sufficiently protected
- New criminal offences – including making false or misleading statements to the Commission, or destroying information that is the subject of a request
- Giving the Commissioner the power to make binding decisions on access requests, which would compel an agency to make information available
- Strengthening the Privacy Commissioner’s information gathering powers.
There are a number of elements missing from the Bill that can be found in its Australian or European counterparts, such as data portability and the "right to be forgotten". Also missing is the ability for the Commission to issue fines for non-compliance, similar to other regulators such as the Commerce Commission. The Privacy Commissioner has flagged his intention to ask for these matters to be considered by Parliament.
The Commissioner has urged businesses to have their say (through the Select Committee process) on what they want the new regime to look like, with a particular emphasis on what affect the changes will have on their current systems, and whether unnecessary compliance costs can be avoided. Submissions on the Bill close on 24 May 2018.