Federal Government releases response to Privacy Act recommendations

Stage one of reforms outlined, but sensitive topics like data breach disclosure not included

The Federal Government has released its first response to a comprehensive review of Australia's privacy laws in the digital age.

In February 2006, the Federal Government announced the major review of the Privacy Act 1988 would be undertaken by the Australian Law Reform Commission (ALRC).

In August last year the ALRC launched the results of its review in a report titled, For Your Information: Australian Privacy Law and Practice, which recommends a re-write of the nation's 20-year-old privacy laws to keep pace with the information age.

The three-volume, 2700 page report recommended 295 changes to privacy laws and practices that will be implemented in two stages over the next three years.

In the Government's response, cabinet secretary and special minister of state, Joe Ludwig, said the government was responding to the challenge of ensuring adequate privacy in the digital age by "embarking on the most significant reforms of privacy law since the Privacy Act’s inception".

"These reforms respond to 197 of the Australian Law Reform Commission’s 295 recommendations for improving privacy protection, which were made in its report: For Your Information: Australian Privacy Law and Practice," Ludwig wrote in the government's response. "When the report was released in August 2008, the Australian Government committed to responding in two stages."

Notably, however, the first stage does not deal with the sensitive issue of serious data breach notifications and the proposal to remove some exemptions.

"Due to the complexity and sensitivity of the remaining recommendations, the Government will consult extensively with the public and private sectors before responding to the stage two recommendations. This consultation will be undertaken once the first stage of the response has been progressed," the document reads.

According to the response document the government has committed itself to several undertakings including:

Read more: Industry calls for more proportional limits to metadata retention

  • Redrafting the Privacy Act to include an "objects clause to guide interpretation and the exercise of relevant powers and functions". It will also update and clarify definitions;
  • Supporting a "renewed role" for the Privacy Commissioner while also respecting sector-specific privacy codes;
  • Including biometric information in the definition of sensitive information;
  • Continuing to "consider the impact of other laws on the protection of privacy on an ongoing basis";
  • Enacting a single set of privacy principles;
  • Increasing the range of discretionary powers the Privacy Commissioner has to include the ability to force agencies to conduct privacy impact assessments and seek "civil penalties for serious or repeated breaches of the Privacy Act" among others;
  • Introducing a credit reporting system that includes five positive datasets while also "prohibiting direct marketing using credit information", forcing industry to develop a mandatory and binding reporting code, and "emphasising industry-led complaint resolution";
  • Enacting new rights for individuals to transfer their health records between providers.

Once all the reforms have been implemented the government will then address the remaining ALRC recommendations, Ludwig wrote. Draft legislation to implement the first stage changes will be available in early 2010 for consultation.

However, out of the 197 recommendations being addressed the government has not accepted 20, accepted 34 with qualification, and accepted 141 fully. It noted the remaining two.

Of those not accepted significant recommendations included all those dealing with the privacy of deceased individuals.

The full response from the Government can be read here.

The original report by the ALRC can be found here.

Join the CSO newsletter!

Error: Please check your email address.

Tags Australian Law Reform Commissionfederal governmentprivacy

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Trevor Clarke

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts