NewsBite

Privacy Act report recommends EU-style personal data laws

The rights of individuals to have more control over their personal data will be one of the major discussion topics to come from the report.

Government needs to ‘get their act together’ on Optus hacking

Toughening up reporting obligations for data breaches and allowing Australians the ‘right to be forgotten’ online are proposed in the review into the country’s Privacy Act.

Federal Attorney-General Mark Dreyfus, who commissioned the review after Labor’s election last May, will release the full 3750-page report on Thursday.

Mr Dreyfus said the review was needed because the Privacy Act 1988 had not kept pace with changes in the digital world, especially given recent major data breaches.

Millions of Optus and Medibank customers had their information stolen by hackers in the largest data breaches ever seen in Australia in September and October last year.

Optus fell foul to a data security breach last year. Picture: NCA NewsWire / Nicki Connolly
Optus fell foul to a data security breach last year. Picture: NCA NewsWire / Nicki Connolly

Improved handling of customer data and reporting of breaches are covered in the review, including how long personal information should be retained.

The report proposes “that entities should determine, and periodically review, the period of time for which they retain personal information”.

It also proposes enhancements to the Notifiable Data Breach scheme to ensure “quick action can be taken to minimise harm to affected individuals” should there be a breach.

The proposed reporting obligations would include notifying the Information Commissioner within 72 hours of becoming aware of a data breach.

Mark Dreyfus commissioned the report as one of his first acts after being sworn into the role in 2022. Picture: NCA NewsWire / Martin Ollman
Mark Dreyfus commissioned the report as one of his first acts after being sworn into the role in 2022. Picture: NCA NewsWire / Martin Ollman

The authors of the report said the 116 proposals were designed to better align Australia’s laws with global standards of information privacy protection and properly protect Australians’ privacy.

Among the proposals will be a shift towards a European Union-style approach to data privacy, such as “rights to object, to request erasure and to have search results de-indexed.”

Erasure, or the ‘right to be forgotten’, allows individuals to force data controllers to delete personal data when it’s no longer needed for the purposes for which it was collected.

It’s expected greater individual rights will form a large part of the debate around changes to the Privacy Act.

Millions of Medibank customers were affected by a data breach on the health insurers’ data last year. Picture: NCA NewsWire/Tertius Pickard
Millions of Medibank customers were affected by a data breach on the health insurers’ data last year. Picture: NCA NewsWire/Tertius Pickard

Following the Medibank and Optus hacks, the government increased penalties for breaches of customer data for serious or repeated privacy breaches from $2.22m to whichever is the greater of $50 million; three times the value of any benefit obtained through the misuse of information; or 30 per cent of a company’s adjusted turnover in the relevant period.

At the time, the government indicated the changes to penalties was just the first step.

Mr Dreyfus said strong privacy laws were essential to Australians’ trust and confidence in the digital economy and digital services provided by governments and industry.

“The Australian people rightly expect greater protections, transparency and control over

their personal information and the release of this report begins the process of delivering

on those expectations,” a statement said.

The government is now seeking public feedback on the 116 proposals.

Submissions on the report are due on March 31. More information available from the Attorney-General’s Department’s website.

Original URL: https://www.news.com.au/national/politics/privacy-act-report-recommends-eustyle-personal-data-laws/news-story/c4ae4f9c97197a642a13052ae82a57ff