2018 will be a busy year for organisations across the country in terms of ensuring compliance with several legal developments relating to privacy, starting with the amendments to Part IIIC of the Privacy Act 1988 (Cth) (‘Privacy Act’) which have already commenced as of 22 February 2018 and followed by the upcoming changes that are set to occur later on in the year by way of the General Data Protection Regulation (‘GDPR’) and the Privacy (Australian Government Agencies – Governance) APP Code 2017 (‘Privacy Code’) respectively.
The changes to the Privacy Act now require that particular types of defined data breaches mandate notification by the organisation to both the Australian Privacy Commissioner and the individual(s) affected by the breach. Failure to comply with the requirement can attach severe financial penalties. These developments have an impact on almost all organisations in Australia including all entities that are already required to comply with Australian Privacy Principles, all organisations with tax file numbers, credit providers and credit reporting bodies.
The GDPR on the other hand will introduce a host of new requirements for dealing with privacy or data protection. Although the framework is based in the European Union, its operation will regulate any organisation around the world which provides goods or services or monitors the behaviour of people in the EU. Australian organisations dealing with any of the member states of the EU including the United Kingdom will be required to assess their future practices and determine whether they lie within the ambit of the new laws and then proceed accordingly.
Finally, the Privacy Code will usher in a new era of privacy measures required of all government agencies with the exception of Ministers. The Privacy Code will bring accountability to the forefront of government agencies’ management of privacy and will require the said agencies to establish effective privacy management programs in order to ensure appropriate handling of personal information.
These new changes to privacy laws could potentially have profound impacts on the requirements for handling of personal information by organisations.