Lawyers prepare for major privacy law reform

Dealing with impending privacy law reform is the top priority in 2013 for Corporate lawyers, according to a survey of about 160 in-house council at Allens.

The Privacy Amendment (Enhancing Privacy Protection) Bill 2012 was passed through Parliament on 29 November 2012 and will come into force in March 2014, the Senate having extended the projected nine-month transition period to 15 months. According to Allens’ media & telecommunications partner Michael Pattison, despite the legislation not taking effect until next year, there is a great deal of privacy-related work to be carried out by in-house counsel prior to its commencement.  

“Companies need to get cracking on investigating the impact the changes will have on their business as soon as possible.”

He added that the privacy principles affecting direct marketing, offshoring and cloud computing have been subject to particularly extensive change, and will require all current arrangements to be examined prior to March 2014. In light of the upcoming changes, businesses will need to initiate an overall update of procedures to promote privacy compliance including a review and update of their privacy policies, collection statements, direct marketing procedures and procedures for dealing with unsolicited information. Businesses should additionally identify any relevant cross-border disclosures and assess relevant arrangements.

Amendments to the Privacy Act 1988 (Cth) were listed by approximately 31 per cent of survey respondents as a significant issue for their legal team this year.

Significant regulatory impacts for businesses include:

• major new pecuniary penalties for breaches of the Privacy Act by companies

• substantially increased powers of the Office of the Australian Information Commissioner

• consolidated and redrafted National Privacy Principles (NPPs) and Information Privacy Principles (IPPs) as new Australian Privacy Principles (APPs) which will apply to both private and public sector organisations

• a fresh credit reporting regime in which credit reporting bodies will be able to collect 'positive' data about individuals, including repayment history information

• substantial new safeguards for individuals regarding their credit information, including a strengthened complaint procedure

Under the amendments, almost all entities that handle personal information, including most Australian companies, will need to comply with the new regime. Of particular concern for in-house lawyers, according to Pattison, are the increased penalties, which consist of fines of up to $1.7 million for a breach by a company: “It is not surprising that these privacy reforms lead the agenda of so many of our clients,” he said, also highlighting the amendments award considerably augmented powers to the Office of the Australian Information Commissioner. Under the new laws the Commissioner will have augmented powers, including the ability to accept enforceable undertakings, seek civil penalties in the case of serious or repeated breaches of privacy, and conduct assessments of privacy performance for both Australian government agencies and businesses.

Other highly ranked areas of substantial concern include crisis management, mergers and acquisitions, changes to contract laws, and workplace and employment regulation.

Read the full article here.

Looking for reliable and convenient access to all Australian legislation and case law? Ask for a free trial to TimeBase LawOne today.