As the final quarter of 2024 begins, the local privacy sector finds itself in an interesting period of quiet and contemplation.
The first tranche of amendments to Australia's Privacy Act 1988, following a review of the act, have now been presented to Parliament and practitioners have been busy examining the amendments, comparing them to what was expected and hoped for, and then going back for a second round of diligence to drill down and get a better understanding of the wins, losses and implications for businesses and ordinary Australians.
There have certainly been a vocal minority who feel the government has missed its window for meaningful privacy reform with this suite of amendments. Not for what it is proposing, but for what it is missing.
There are many though who seem satisfied that the government has begun the reform process and put forward some practical and meaningful legislative changes and updates to address matters which were not properly covered under the original act that pre-dates the digital era.
One of the updates made in the first portion of amendments empowered the privacy commissioner to issue codes with respect to the Australia Privacy Principles — where the attorney-general directs and approves for such a code to be made. This change came with an explicit order to start with making a Children's Online Privacy Code. The Office of the Australian Information Commissioner will have 24 months to develop and issue the code and will be required to consult with a broad stakeholder cohort, including the eSafety commissioner.
In addition, the OAIC has wasted no time and this past week issued a Credit Reporting Code, which will supplement Part IIIA of the Privacy Act 1988 relating to credit reporting. This code is intended to strengthen privacy protections for Australians’ credit information and provides greater clarity for industry on their obligations.
"The Credit Reporting Code sets out strict rules about how credit providers and credit reporting bodies must handle Australians' credit information," Privacy Commissioner Carly Kind said. "Credit information can have a major impact on an individual's life, such as affecting their ability to get a loan for a house or car. It is critical that credit information is handled with care and the right balance is struck between credit providers' need to access credit information and making sure Australians' privacy is protected."
Given these codes carry the same weight and enforcement outcomes as the Privacy Act, it will be interesting to see how the OAIC chooses to make use of the new code-making powers and whether the attorney-general supports or mandates further code-making as a continuation of the Privacy Act reform process.
We now find ourselves just six weeks out from the IAPP ANZ Summit 2024, being held in Melbourne 26-27 Nov. The event will be a rich opportunity to do further diligence on these and other changes to the Privacy Act and to network with Australia and New Zealand regulators, other keynote guests and the ANZ privacy, artificial intelligence governance and digital responsibility community. If you are still considering attending or want to inquire further, please reach out to me directly.
I'm looking forward to reconnecting with many of you at the ANZ Summit and can't wait to share the program of content and community we've curated for you and with you.
Adam Ford is the managing director, Australia, New Zealand, for the IAPP.
