Federal Government releases response to Privacy Act recommendations

Stage one of reforms outlined, but sensitive topics like data breach disclosure not included

on

The Federal Government has released its first response to a comprehensive review of Australia's privacy laws in the digital age.

In February 2006, the Federal Government announced the major review of the Privacy Act 1988 would be undertaken by the Australian Law Reform Commission (ALRC).

In August last year the ALRC launched the results of its review in a report titled, For Your Information: Australian Privacy Law and Practice, which recommends a re-write of the nation's 20-year-old privacy laws to keep pace with the information age.

The three-volume, 2700 page report recommended 295 changes to privacy laws and practices that will be implemented in two stages over the next three years.

In the Government's response, cabinet secretary and special minister of state, Joe Ludwig, said the government was responding to the challenge of ensuring adequate privacy in the digital age by "embarking on the most significant reforms of privacy law since the Privacy Act’s inception".

"These reforms respond to 197 of the Australian Law Reform Commission’s 295 recommendations for improving privacy protection, which were made in its report: For Your Information: Australian Privacy Law and Practice," Ludwig wrote in the government's response. "When the report was released in August 2008, the Australian Government committed to responding in two stages."

Notably, however, the first stage does not deal with the sensitive issue of serious data breach notifications and the proposal to remove some exemptions.

"Due to the complexity and sensitivity of the remaining recommendations, the Government will consult extensively with the public and private sectors before responding to the stage two recommendations. This consultation will be undertaken once the first stage of the response has been progressed," the document reads.

According to the response document the government has committed itself to several undertakings including:

Read more: Industry calls for more proportional limits to metadata retention

  • Redrafting the Privacy Act to include an "objects clause to guide interpretation and the exercise of relevant powers and functions". It will also update and clarify definitions;
  • Supporting a "renewed role" for the Privacy Commissioner while also respecting sector-specific privacy codes;
  • Including biometric information in the definition of sensitive information;
  • Continuing to "consider the impact of other laws on the protection of privacy on an ongoing basis";
  • Enacting a single set of privacy principles;
  • Increasing the range of discretionary powers the Privacy Commissioner has to include the ability to force agencies to conduct privacy impact assessments and seek "civil penalties for serious or repeated breaches of the Privacy Act" among others;
  • Introducing a credit reporting system that includes five positive datasets while also "prohibiting direct marketing using credit information", forcing industry to develop a mandatory and binding reporting code, and "emphasising industry-led complaint resolution";
  • Enacting new rights for individuals to transfer their health records between providers.

Once all the reforms have been implemented the government will then address the remaining ALRC recommendations, Ludwig wrote. Draft legislation to implement the first stage changes will be available in early 2010 for consultation.

However, out of the 197 recommendations being addressed the government has not accepted 20, accepted 34 with qualification, and accepted 141 fully. It noted the remaining two.

Of those not accepted significant recommendations included all those dealing with the privacy of deceased individuals.

The full response from the Government can be read here.

The original report by the ALRC can be found here.

Tags privacyfederal governmentAustralian Law Reform Commission

Show Comments