Hello and welcome to the BRR Legal Brief, where we bring you the latest legal issues affecting corporate Australia. I’m Kate Ritchie and today we’re looking at privacy reform with the Attorney-General Nicola Roxon introducing a Bill into Parliament this week, which aims to strengthen privacy protection in Australia. Joining me to discuss the Bill, and of course what it will mean for the business community is Narelle Smythe, who’s a Partner at Clayton Utz. Thank you so much for joining us in the studio.
Thank you Kate.
Well Narelle before we look at what it will mean for the corporate community, what are the major changes being introduced?
Well the main changes are firstly it introduces a single set of principles, called Australian Privacy Principles; they’ll apply to both Commonwealth public agencies and also the private sector. And they set obligations in relation to personal information, covering things like privacy policies, collection of information, how you deal with information, storage of information, security of information, access to information. Essentially the principles cover the life cycle of the handling of personal information, so they’re very extensive. Secondly, the second major change is in relation to credit reporting. The current system limits the – or has limits on the information that can be allowed into the system, those limits have been expanded so there is – there will now be more information that’s permitted to go into the credit reporting system, with the objective of enabling credit providers to be able to make better assessments of credit risk. And then thirdly there’s new provisions relating to the powers of the Privacy Commissioner and other provisions relating to privacy codes. So all in all fairly extensive and significant changes.
Well do you think it’s a big development in terms of protecting privacy in Australia?
Certainly it’s a milestone, and it’s been the culmination of a long process. So this process started in 2006, with the Australian Law Reform Commission being asked to conduct an inquiry. So as I said it’s been a very long process and a very significant milestone to have the Bill finally released.
Well Narelle you mentioned that there were quite a few changes to the credit reporting scheme, are they positive changes?
In my view yes. They will give credit providers more information to enable them to assess an individual’s credit worthiness. It dovetails in with amendments to some credit legislation of a few years ago which required lenders to make responsible lending assessments, so they now will have, if under this Bill greater information to be able to make those credit assessments and better assess credit risk with the benefit being that hopefully to reduce over indebtedness in the community.
Well you’ve mentioned that it’s aimed at strengthening privacy protection; what happens if the Act is breached, what kind of penalties might be imposed?
The Bill imposes quite a range of civil penalties, that’s been one of the big changes, and it essentially reflects the view that significant breaches of privacy should attract significant penalties. The Bill also indicates that the court must take into account a range of factors when determining a penalty, so it will look at things like the seriousness of the breach, any loss or damage that’s been suffered by people affected by the breach, and also things like how many previous breaches an organisation may have been involved in. So effectively the seriousness and significance of the penalty will reflect the seriousness and the significance of the breach and the number of any previous breaches.
Okay and just finally, obviously it’s still in Bill formed, if the changes do come through should corporates be getting ready now; and what are your top tips I guess for preparing?
As I said the Bill covers information collection and handling practices, so the number one thing is obviously for businesses to look at their information collection and handling practices, what is that they’re doing. There’s a range of matters that will affect, you know, the most organisations. So for example there’s prohibitions on things like direct marketing requirements for people to be able to deal with you under a pseudonym or anonymously, so they’re the sorts of things that organisations have to look at, look at the information collection and handling processes and assess the degree to which they’re compliant and obviously take steps to achieve compliance where they’re not.
Well some good advice for business there. Thank you so much for joining us today.
And viewers thank you for joining us as well. We hope that you can join us next week for our Legal Brief.