Australian Privacy Laws Need Overhauling

The Australian Law Reform Commission (ALRC) has released a blueprint of more than 300 proposals for overhauling Australia’s complex and costly privacy laws – describing the review as the largest public consultation process in ALRC history.

ALRC President Prof David Weisbrot says the review received over 300 submissions and held over 170 meetings including with business, consumers, NGOs, health officials, technology experts and privacy advocates and regulators.

Prof Weisbrot says the clearest message from the community is that the unnecessarily complex system needs streamlining.

The federal Privacy Act sets out different principles for private organisations and for government agencies. On top of that, each state and territory has its own privacy laws or guidelines and some also have separate laws on health privacy.

The ALRC is proposing there be a single set of privacy principles for information-handling across all sectors, and all levels of government.

Prof Weisbrot says this will make it easier and less expensive for organisations to comply, and much more simple for people to understand their rights.

He says the protection of personal information stored or processed overseas, as is now routine, is another serious concern. The ALRC wants to ensure that such information has at least the same level of protection as is provided domestically.

The Review proposes that a government agency or company that transfers personal information overseas without consent should remain accountable for any breach of privacy that occurs as a result of the transfer.

Commissioner in charge of the Inquiry, Prof Les McCrimmon, says that the ALRC also is proposing a new system of data breach notification.

Prof McCrimmon says there is currently no requirement to notify individuals when there has been unauthorised access to their information, such as when lists of credit card details are inadvertently published. Where there is a real risk of serious harm to individuals, the review says those affected must be notified.

Other key proposals include:
– introducing a new statutory cause of action where an individual’s reasonable expectation of privacy has been breached;
– abolishing the fee for ‘silent’ telephone numbers;
– expanding the enforcement powers of the Privacy Commissioner;
– imposing civil penalties for serious breaches of the Act; and
– introducing a more comprehensive system of credit reporting.

Review of Australian Privacy Law is available at no cost from the ALRC website, www.austlii.edu.au/au/other/alrc/publications/dp/72/ (Note this is a huge 17MB document but can be downloaded in sections if required)

The ALRC is seeking community feedback on these proposals before a final report and recommendations are completed in March 2008. Submissions close on 7 December 2007. Go to www.alrc.gov.au