What are the proposed Privacy Act reforms? 

Individuals may have new privacy rights under proposed Privacy Act reforms. This article explains the potential changes and offers guidance on how your business can prepare for them. 


What are the proposed amendments?

The Attorney General’s Office has released a report proposing 116 recommendations for reform to the Privacy Act 1988 (Cth). The recommendations include six new rights for individuals, including: 

  1. Right of Access and Explanation: the right to know what information is held about them, its sources, and what is being done with it; 
  2. Right to Object: the right to challenge whether the APP entity’s handling of their personal information complies with the Privacy Act; 
  3. Right to Erasure: the right to require that personal information about them is deleted; 
  4. Right to Correction: the right to require that personal information about them is relevant, accurate, complete, up to date, and not misleading; 
  5. Right to De-index internet search results: the right to require that internet search results about them is de-indexed in certain circumstances; and 
  6. Direct Right of Action: the introduction of a right of action for individuals who have suffered loss or damage because of an interference with their privacy. 


What will happen if these reforms are enacted?

If enacted, the Privacy Act reforms will impact how businesses regulated under the Privacy Act may lawfully collect, use, and disclose personal information. Businesses must ensure that they review their current data collection and storage processes to ensure compliance with the Act. 


How should my business prepare for these changes?

Businesses will need to re-evaluate and improve their Privacy Act compliance. You may wish to consider the following: 

  1. Do you know where personal information is held and how it can be permanently deleted? If not, you should map out where data is stored, ensure it can be erased and map the flow of data to third parties.  
  2. Do your processes accommodate the new request types? Does your privacy policy reflect these changes? If not, you should update information request processes and related privacy documents. 
  3. Do you need to improve your privacy practices to avoid violating the amended Privacy Act? Is it necessary to update or notify insurances? If not, you should reassess current privacy practices considering increased liability risk.  


What is a Privacy Policy and how can it help my business?

A privacy policy is a written statement outlining how your business manages personal information of customers, clients or users. It sets out how your business collects, stores, uses and discloses personal information. Businesses operating in Australia with over $3 million in annual turnover are legally required to have a privacy policy.  


Even if you don’t meet the turnover requirements, privacy policies can be beneficial to your businesses as they demonstrate your commitment to keeping customer’s privacy safe. It helps to show your consumers that you are serious about protecting the privacy of personal data, especially in the age of data breaches. 


Key takeaways

  • New rights for individuals have been proposed as changes to the Privacy Act 
  • Businesses should review their current privacy practices to ensure legal compliance 
  • Businesses may need to implement a privacy policy if they do not already have one 

Gladwin Legal are experts in privacy law and have extensive experience in advising businesses. If you require assistance in understanding your legal obligations please contact us at or 1300 033 934.