It’s 2023 and Three Years Later, Review of Australia’s Privacy Act is now Complete

personal information privacy act

Your Personal information – The Privacy Act Review, which was ordered by the Coalition government, has now been finished. The final report has been given to Attorney General Mark Dreyfus. The evaluation will now be considered by the Attorney General throughout the Australian summer, and in the first half of 2023, it is anticipated that both the review and the government’s reaction will be made public.


In December, Dreyfus held a press conference where he stated the following.  “I’ve made sure that it’s going to be completed by the end of this year, which is fast approaching. I’ll have more to say about the review and reform, large scale reform of the Privacy Act that we expect to occur next year.”


As an alternative to adopting the suggestions made in the Australian Competition and Consumer Commission’s report on digital platforms, the former Coalition government launched the Privacy Act Review in December 2019.


The review looked at a number of issues. These include, whether current laws effectively protect personal information, whether people should have direct legal recourse to enforce their privacy rights, whether a statutory tort for serious privacy invasions is necessary, the efficacy of enforcement powers, and the viability of an independent certification program to ensure that privacy laws are being followed. Dreyfus previous posted on Twitter saying, “the former government left Australia’s privacy laws out of date and not fit-for-purpose in our digital age”.


Laws passed following the Privacy Act review

With an increase in data incidents, including the significant recent Optus and Medibank data breaches, the government expedited several of the review’s recommendations and passed laws in November to establish one of the strictest data breach penalty regimes in the world. Due to this, the maximum fine for major or persistent privacy violations is as follows:


  •  AUD$50 Million
  • or 3 times the value of any benefits gained from the abuse of information
  • or 30% of the company’s adjusted turnover for the relevant period.


DataBench will continue to follow all privacy updates for Australia and share updates with you. If you would like to learn how DataBench can help you comply with Australian privacy laws, please Get In Touch.


What is the personal information privacy act ?

In Australia, the Personal Information Privacy Act is the Privacy Act 1988. This act regulates the handling of personal information by organizations and individuals that are covered by the Privacy Act. The Privacy Act applies to most private sector organizations and Commonwealth government agencies.


The Privacy Act sets out principles for the collection, use, and storage of personal information. It also gives individuals the right to access and correct their personal information. The act gives individuals the right to make a complaint if they believe that their privacy has been breached. Additionally, organizations are required to have a Privacy Policy and to handle sensitive information.  Such information includes, health information, credit information and biometric information with additional protection.


There are also sector-specific laws that may apply to certain organizations such as the Privacy (Credit Reporting) Code, Privacy (Tax File Number) Rule 2011 and Privacy (Healthcare Identifiers) Rule 2010.


The Privacy Act is enforced by the Office of the Australian Information Commissioner (OAIC).

More Blog Posts