Government’s response to Privacy Amendment recommendations

The Commonwealth Government has published its response to the Senate Finance and Public Administration Legislation Committee Reports on privacy amendments.

The response is in 2 parts: Exposure Drafts of Australian Privacy Amendment Legislation: Part 1 – Australian Privacy Principles and Exposure Drafts of Australian Privacy Amendment Legislation: Part 2 – Credit Reporting. (Background: here, exposure draft legislation)

In respect of the Committee’s twenty nine recommendations on the Australian Privacy Principles, 4 have been accepted in full, 14 have been accepted in principle, 1 has been accepted in part, 6 have been supported and 4 have been rejected in full.

In respect of the Committee’s thirty recommendations on credit reporting, 20 have been accepted in full, seven have been accepted in principle and three have been noted.

The Attorney General recently indicated that legislation would be introduced in the Winter Sittings of Parliament.

In respect of credit reporting, credit reporting information will include the following categories of personal information, in addition to those currently permitted in credit information files under the Privacy Act:
(a) the type of each credit account opened (for example, mortgage, personal loan, credit card);
(b) the date on which each credit account was opened;
(c) the current limit of each open credit account; and
(d) the date on which each credit account was closed.

Amongst other things, the changes will allow the Privacy Commissioner to:

• Accept a written undertaking from an organisation that they will take or refrain from a specified action. This will be enforceable in the Federal Court or Federal Magistrates Court.
• Make a determination following an investigation conducted on the Commissioner’s own initiative. Currently, the Act only allows a determination to be made when investigating a complaint from an individual about an act of practice.
• Seek civil penalties in the case of serious or repeated interferences with privacy.
• Conduct performance assessments of private sector organisations handling personal information. Currently the Commissioner can only conduct audits of government agencies and credit reporting agencies.

 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.