Privacy Law Reforms

In September 2023, the Office of the Australian Information Commissioner (OAIC) welcomed the Australian Government’s response to the Attorney-General’s Department’s (AGD) review of the Privacy Act 1988 as a crucial step in ensuring Australia’s privacy framework is strengthened for the future.

“This is a vital set of proposals that will deliver significant gains for the Australian community,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said at the time.

“With increasing use of high impact technologies, it is critical that these reforms proceed as a priority alongside other key initiatives that rely on a strong privacy foundation such as the Australian Cyber Security Strategy and Digital ID framework.”

The Government has agreed with 38 of the 116 proposal reforms and “agreed in-principle” to 68 proposals. Key developments and reforms include:

  • Enabling individuals to exercise new privacy rights and take direct action in the courts if their privacy is breached
  • Providing a greater range of enforcement powers to the OAIC
  • Establishing stronger privacy protections for children
  • Enhancing requirements in relation to the security of personal information and its destruction when it is no longer needed
  • The Government is committed to introducing the legislative amendments in 2024

You can read the Government’s Response to the Privacy Act Review here.

Data Breaches

A data breach happens when personal information is accessed or disclosed without authorisation or is lost.
If the Privacy Act 1988 covers your organisation or agency, you must notify affected individuals and the Office of the Australian Information Commissioner (OAIC) when a data breach involving personal information is likely to result in serious harm. This is known as a Notifiable Data Breach.
The notification to individuals must include recommendations about the steps they should take in response to the data breach.
The OAIC has more information on notifiable data breaches including;
+ Further info on the Notifiable Data Breaches Scheme
+ When to report a data breach
+ Report a data breach
+ Data breach preparation and response
+ Preventing data breaches: advice from the Australian Cyber Security Centre
+ Notifiable data breaches statistics
The top 5 industries most affected by Privacy Data Breaches are;
+ Health service providers
+ Finance (including superannuation)
+ Legal, accounting & management services
+ Australian Government
+ Insurance
NOTE: Malicious or criminal attacks remain the leading source of data breaches. With contact information remaining the most common type of personal information involved in data breaches.

Data Breaches in the News

Data breaches have always been big news. In 2022 Optus was the victim of a massive data breach that saw over 9 million current or former customers’ personal data hacked with Medibank also a victim of a huge data breach.
At the time hackers posted on the dark web sensitive details of customers’ medical procedures and said it had demanded $US1 ($1.60) for each of Medibank’s 9.7 million customers.
David Koczkar, chief executive of Medibank said at the time; “the weaponisation of people’s private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community.”

More recently e-script provider MediSecure is at the centre of a large-scale ransomware data breach announced by the national cyber security coordinator on Thursday.

MediSecure’s website has been pulled, and the company has posted a statement saying it has identified a cyber security incident impacting “the personal and health information of individuals”.

A MediSecure spokesperson said it was too early to respond to detailed questions about the nature and extent of the incident but added that “a lot of investigation work is being conducted”. You can read more here.

How We Can Help

At Litton Legal we can assist clients in understanding the current Privacy Law reforms, advise how these may impact your services and implement practices to bring your business in line with the upcoming changes. Now is the perfect time to update your privacy policies. We can also assist your business with understanding cyber security risks, your obligations around this and what you should do in the event of a data breach. Send our friendly team an email on for more information or get in contact here.