The Government has recently announced its intention to reform Australia’s privacy law regime and increase the penalties applicable to entities that breach their obligations under the Privacy Act.
The proposal involves bolstering the resources and powers of the Office of the Australian Information Commissioner (OAIC), and many commentators are expecting this may herald a more aggressive stance from the OAIC as it monitors compliance of entities subject to the Privacy Act.
The amendments that are proposed include:
• an increase to the maximum penalty for serious and repeated breaches to the highest of: $10 million; three times the value of any benefit obtained through the misuse of the personal information; or 10% of the entity’s annual domestic turnover;
• new power for the OAIC to issue infringement notices relating to minor breaches with fines of up to $63,000 for companies and $12,600 for individuals;
• new power for the OAIC to publicise specific breaches and notifying individuals who are affected;
• an obligation for social media and online platform companies to ceases using or disclosing the personal information of individuals upon their request; and
• certain additional rules to protect the personal information of children and other vulnerable groups.
The amendments are scheduled for consultation in the second half of this year. If passed, the tougher penalties together with OAIC’s new power to publicise specific breaches may significantly increase the financial and reputational risks of failing to comply with your privacy obligations.
The Government’s announcement serves as an important reminder for all entities subject to the Privacy Act to ensure appropriate information-handling measures, systems and processes are in place.
At Motus Legal, we have assisted many of our clients in complying with their privacy obligations. Get in touch with us if we can help you too.