On Wednesday 26 October 2022, Australia’s Attorney-General Mark Dreyfus introduced the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 (Cth) (Bill) into Federal Parliament.

The Bill includes amendments to the Privacy Act 1988 (Cth) (Privacy Act), including:

  1. Maximum penalties of $50 million and more for serious or repeated interferences with privacy;
  2. Enhanced powers (including new information gathering and sharing powers) for the Office of the Australian Information Commissioner (OAIC); and
  3. Broader extra-territorial application of the Privacy Act.

Many of the proposed amendments to the Privacy Act were foreshadowed by the previous Government’s release of the Exposure Draft to the Online Privacy Bill last year (see our briefing here). However, the increase to the penalties is especially significant, with the previous proposal at $10 million rather than $50 million.

The introduction of the Bill this week was undoubtedly accelerated by recent high-profile data breaches in Australia. Whether a data breach occurs as the result of a malicious actor, internal error or the failings of a third-party service provider, the Government had clearly signalled its increased focus on enforcing privacy compliance with stronger financial consequences for failures to do so.

Read more here

Kaman Tsoi
Kaman Tsoi
Special Counsel
+61 3 9288 1336
Julian Lincoln
Julian Lincoln
Partner
+61 3 9288 1694
Christine Wong
Christine Wong
Partner
+61 2 9225 5475
Peter Jones
Peter Jones
Partner
+61 2 9225 5588
Cameron Whittfield
Cameron Whittfield
Partner
+61 3 9288 1531
Tania Gray
Tania Gray
Partner
+61 2 9322 4733
Merryn Quayle
Merryn Quayle
Partner
+61 3 9288 1499
Phillip Magness
Phillip Magness
Partner
+61 3 9288 1395