The Australian Law Reform Commission has released its Report "For Your Information: Australian Privacy Law and Practice".
The 3 volume report covers most areas of privacy law and makes 295 recommendations for reform, including the recommendation that the Privacy Act be redrafted and restructured to achieve significantly greater consistency, clarity and simplicity and that the name of the Act be changed to the Privacy and Personal Information Act.
Noteworthy specific recommendations deal with data breach notification and credit reporting including that:
- the Privacy Act be amended to require an agency or organisation to notify the Privacy Commissioner and affected individuals when a data breach has occurred that may give rise to serious harm to any affected individual.
- the credit reporting provisions of the Privacy Act (Part IIIA) be repealed and credit reporting regulated under the general provisions of the Act (including the new credit reporting regulations), and the model Unified Privacy Principles (UPPs).
-
there should be some expansion of the categories of personal information that can be included in credit reporting information held by credit reporting agencies (‘more comprehensive credit reporting’), to include: the type of each current credit account opened (eg, mortgage, credit card, personal loan); the date on which each current credit account was opened; the credit limit of each current account; and the date on which each credit account was closed.
-
the Australian Government should only amend the Privacy Act to allow credit reporting to include information about an individual’s repayment history after it is satisfied that there is an adequate framework imposing responsible lending obligations in Commonwealth, state and territory legislation.
-
credit providers should be prohibited from using or disclosing credit reporting information for the purposes of direct marketing, and may list overdue payment information only where the credit provider is a member of an external dispute resolution scheme approved by the Privacy Commissioner.
Briefing Notes are also available on the following topics:
- Simplifying and harmonising privacy law and practice
- Technology-neutral privacy principles should govern rapidly developing ICT
- New cross-border privacy laws-greater certainty for all Australians
- Rationalisation and clarification of exemptions to the Privacy Act
- Improved complaint handling and enforcement
- Introducing a mandatory data breach notification scheme.
- Reform of the credit reporting system
- Protecting Health Information in the Digital Age
- Children, young people and privacy
- A statutory cause of action for serious invasions of privacy: getting the balance right