Australia’s Privacy Act 1988 has lagged that of the European Union, the United States and several other countries for some time. The Australian Government lead by the Attorney General Mark Dreyfus, has proposed significant changes including individual rights modeled on GDPR such as the right to request to erasure and notification of data breaches to the OAIC within 72 hours. The proposal has been accelerated by the high-profile data breaches in Australia in 2022 where Personal Information and Sensitive Data belonging to millions of Australian citizens was exposed to risks of identify fraud and scams.
Australia is moving in the right direction in regards to rights of individuals and the requirements of businesses to comply with new legislation. In relation to security of privacy data, retention vs destruction of personal data and notifiable data breaches, the report states that ‘recent large scale data breaches have highlighted the vast amounts of personal information that is collected and retained by entities, and the need for entities to put in place stronger protections to prevent unauthorised access to Australian’s information. The best way to protect personal information is for entities to minimise the amount of personal information they collect and retain.’
Other proposed privacy reforms include the giving Australians an unqualified right to opt-out of targeted advertising, prohibit targeted advertising to children except where it is in their ‘best interests’, enabling litigation for ‘serious invasions of privacy’, new safeguards for the use of personal data by political parties such as requiring them to publish a privacy policy and not target voters ‘based on sensitive information or traits’, abolish the exemption of small businesses from the Australian Privacy Act 1988 (provided the Government conducts an impact assessment first) and a suggestion that consent should be required for collection and use of precise geo-location tracking data.
Talk to us at DataBench to understand how we can support your business in all aspects of personal data security, retention/destruction, data breach prevention and automation of compliance to the Australian Privacy Principles.
For full details of the news breaking story, please click here.