Proposed reform of data management practices all in the name of productivity

The Federal Government has released the Australian Productivity Commission’s (Commission) final report on data availability, management and use (Report). The Report sets out an ambitious proposal to fundamentally reform the way that data is managed in Australia. The lengthy Report is the product of a 12 month inquiry that involved 335 submissions from a broad range of stakeholders across the private, government and not-for-profit sectors.

In this article we summarise the Commission’s key recommendations regarding the proposed framework for improving the availability and use of data in Australia (New Framework), noting that, if fully implemented, the New Framework would significantly impact the way that data is managed and shared in both the public and private sectors.

Key drivers behind the Commission’s recommendations

A clear theme running throughout the Report is the Commission’s belief that nothing short of major reform is required in order to modernise Australia’s approach to data management. The Commission claims that Australia’s data policies have been developed in a reactive and ad hoc manner, where greater emphasis is placed on risk aversion and avoidance than on transparency and confidence in data processes, such that Australia’s data management processes are ill-equipped to adapt to the rapid changes inherent in digital technology. Accordingly, the Commission believes that fundamental and systematic changes are needed to the way that government, business and individuals handle data in order for Australia to better capitalise on the potential value of data that is at stake.

High level summary of the New Framework

The New Framework intends to recognise and manage the range of risks associated with the various types of data, the data uses and the associated need for different risk controls and approaches to apply. The main facets of the New Framework are set out below.

  1. Comprehensive Right – giving individuals more control over data held on them.
  2. National Interest Datasets – enabling broad access to datasets that are of national interest.
  3. Sharing other publicly funded data – making such data readily available to all.
  4. General data release – releasing non-personal and non-confidential public sector data for widespread use.

As further discussed in the paragraphs below, these elements of the New Framework will be implemented by various legislative and institutional changes, including the creation of a new ‘Data Sharing and Release Act’ (Data Act). Continue reading

One step closer to Australian data breach class actions

The Privacy Amendment (Notifiable Data Breaches) Act 2016 (Cth), which received assent on 22 February 2017, proposes a number of amendments to the Privacy Act 1988 (Cth) that could act as a trigger for Australian class actions in the data breach space.

The proposed amendments, which are yet to be proclaimed, will require entities regulated by the Privacy Act to notify the Australian Information Commissioner and affected individuals of any “eligible data breach”.

In the US, notifications provided under equivalent legislation have tended to closely coincide with the filing of data breach class action complaints.1

Continue reading