On Wednesday 26 October 2022, Australia’s Attorney-General Mark Dreyfus introduced the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 (Cth) (Bill) into Federal Parliament.
The Bill includes amendments to the Privacy Act 1988 (Cth) (Privacy Act), including:
- Maximum penalties of $50 million and more for serious or repeated interferences with privacy;
- Enhanced powers (including new information gathering and sharing powers) for the Office of the Australian Information Commissioner (OAIC); and
- Broader extra-territorial application of the Privacy Act.
Many of the proposed amendments to the Privacy Act were foreshadowed by the previous Government’s release of the Exposure Draft to the Online Privacy Bill last year (see our briefing here). However, the increase to the penalties is especially significant, with the previous proposal at $10 million rather than $50 million.
The introduction of the Bill this week was undoubtedly accelerated by recent high-profile data breaches in Australia. Whether a data breach occurs as the result of a malicious actor, internal error or the failings of a third-party service provider, the Government had clearly signalled its increased focus on enforcing privacy compliance with stronger financial consequences for failures to do so.
Key contacts
Disclaimer
The articles published on this website, current at the dates of publication set out above, are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action.