Individuals may have new privacy rights under proposed Privacy Act reforms. This article explains the potential changes and offers guidance on how your business can prepare for them.
What are the proposed amendments?
The Attorney General’s Office has released a report proposing 116 recommendations for reform to the Privacy Act 1988 (Cth). The recommendations include six new rights for individuals, including:
- Right of Access and Explanation: the right to know what information is held about them, its sources, and what is being done with it;
- Right to Object: the right to challenge whether the APP entity’s handling of their personal information complies with the Privacy Act;
- Right to Erasure: the right to require that personal information about them is deleted;
- Right to Correction: the right to require that personal information about them is relevant, accurate, complete, up to date, and not misleading;
- Right to De-index internet search results: the right to require that internet search results about them is de-indexed in certain circumstances; and
- Direct Right of Action: the introduction of a right of action for individuals who have suffered loss or damage because of an interference with their privacy.
What will happen if these reforms are enacted?
If enacted, the Privacy Act reforms will impact how businesses regulated under the Privacy Act may lawfully collect, use, and disclose personal information. Businesses must ensure that they review their current data collection and storage processes to ensure compliance with the Act.
How should my business prepare for these changes?
Businesses will need to re-evaluate and improve their Privacy Act compliance. You may wish to consider the following:
- Do you know where personal information is held and how it can be permanently deleted? If not, you should map out where data is stored, ensure it can be erased and map the flow of data to third parties.
- Do you need to improve your privacy practices to avoid violating the amended Privacy Act? Is it necessary to update or notify insurances? If not, you should reassess current privacy practices considering increased liability risk.
Even if you don’t meet the turnover requirements, privacy policies can be beneficial to your businesses as they demonstrate your commitment to keeping customer’s privacy safe. It helps to show your consumers that you are serious about protecting the privacy of personal data, especially in the age of data breaches.
- New rights for individuals have been proposed as changes to the Privacy Act
- Businesses should review their current privacy practices to ensure legal compliance