On 14 October 2009, the then Cabinet Secretary, Senator the Hon Joe Ludwig publicly released the Australian Government’s First Stage Response to the ALRC report, For Your Information: Australian Privacy Law and Practice (ALRC 108). The ALRC report recommends 295 changes to improve Australia’s privacy framework (with further information available at the Australian Law Reform Commission’s website). The ALRC report was delivered to the Attorney-General on 30 May 2008 and was launched by the then Cabinet Secretary, Senator the Hon John Faulkner, and the Attorney-General, the Hon Robert McClelland MP, on 11 August 2008.
Given the large number of recommendations in the ALRC report, the Government is responding to the report in a two stage process.
The first stage response outlines the Government’s position on 197 recommendations relating to:
- developing a single set of Privacy Principles;
- redrafting and updating the structure of the Privacy Act;
- addressing the impact of new technologies on privacy;
- strengthening and clarifying the Privacy Commissioner’s powers and functions;
- introduction of comprehensive credit reporting and enhanced protections for credit reporting information; and
- enhancing and clarifying the protections around the sharing of health information and the ability to use personal information to facilitate research in the public interest.
The Government’s First Stage Response to the ALRC report is available for download:
Release of exposure draft legislation
On 24 June 2010, Senator Ludwig released an exposure draft on legislation containing an important element of the First Stage Response – the proposed Australian Privacy Principles, which unify the current Information Privacy Principles and the National Privacy Principles. Senator Ludwig also tabled these proposed principles in the Senate for referral to the Senate Finance and Public Administration Committee. The Committee held public hearings on the Principles on 25 November 2010, and it is expected that the Committee's report will be tabled soon.
On 31 January 2011, the Hon Brendan O'Connor MP, Minister for Privacy and Freedom of Information referred the second component in the first stage of the Government's privacy reforms, the Credit Reporting provisions to the Senate for tabling, and for referral to the Finance and Public Administration Committee to consider. A public hearing on the Credit Reporting Provisions is currently scheduled for 16 May 2011.
The exposure draft legislation, public submissions and accompanying companion guides are available for download from the Senate Finance and Public Administration Committee’s webpage.
Further exposure draft legislation to follow
The new principles will be the cornerstone of a new Privacy Act. The drafting of this new Act will be done in parts, with each part to be referred to a Senate committee for consideration and public consultation as the drafting of each is completed. It is intended that there will be two further parts released for public consultation:
- provisions relating to the protection of health information, in particular improving health sector information flows, and giving individuals new rights to have their health record transferred between providers, and to be told what will happen to their health record if their provider sells the business or retires; and
- provisions about strengthening the Privacy Commissioner's powers to conduct investigations, resolve complaints and promote compliance with the Privacy Act, to be integrated into the newly-created Office of the Australian Information Commissioner. The Office of the Australian Information Commissioner commenced operations on 1 November 2010.
This webpage will be updated as and when the further parts of draft legislation are developed and released.
Second Stage Government Response
Stage two of the Government’s response will consider the remaining 98 recommendations in the ALRC report, which focus on:
- proposals to clarify or remove certain exemptions from the Privacy Act;
- introducing a statutory cause of action for serious invasion of privacy;
- serious data breach notifications;
- privacy and decision making issues for children and authorised representatives;
- handling of personal information under the Telecommunications Act 1997; and
- national harmonisation of privacy laws (partially considered in stage one).
The Government will consider these recommendations once the first stage’s reforms have been progressed.
Email AlertsYou can subscribe to receive email alerts about the privacy reform process.
If you subscribe to receive alerts, your email address will only be used for the purpose of receiving updates relating to the privacy reforms.
If you have questions on the privacy reform process, please contact the Privacy & FOI Policy Branch within PM&C on telephone (02) 6271 5311 or by email to email@example.com.
Government responses to previous Privacy Act reports
Privacy Commissioner’s Report
In August 2004, the then Attorney-General requested the Privacy Commissioner to undertake a review of the private sector provisions of the Privacy Act. On 31 March 2005, the Privacy Commissioner published her report entitled Getting in on the Act: The Review of the Private Sector Provisions of the Privacy Act 1988.
The Government released its response to the report on 30 November 2006.
Senate Legal and Constitutional Committee’s Report
On 9 December 2004, the Senate agreed to undertake an inquiry into the overall effectiveness and appropriateness of the Privacy Act. The inquiry was referred to the Senate Legal and Constitutional Committee and on 23 June 2005, the Committee published its report entitled The real Big Brother: Inquiry into the Privacy Act 1988.
The Government tabled its response to the report in Parliament on 30 November 2006.
- Government Response to the Senate Legal and Constitutional References Committee Report - RTF 109KB | PDF 23KB
The main recommendation in both reports was that Australia’s privacy laws require wider review. This resulted in the reference to the ALRC to conduct a broad review of the Privacy Act.
Extension of the Privacy Act to cover all small business Residential Tenancy Database operators
In the March 2005 review of the Privacy Act, the then Privacy Commissioner Karen Curtis recommended the Government make it clear that tenancy database operators are covered by the Privacy Act. This recommendation was endorsed by the joint Ministerial Working party Report on Residential Tenancy Databases. The report recommended that the Commonwealth make regulations under s 6E of the Privacy Act to provide that the Act would apply to all RTD operators who are small businesses.
Following consultations with stakeholders, the Privacy (Private Sector) Amendment Regulations 2007 (No 3) were made on 9 August 2007. These Regulations amend the Privacy (Private Sector) Regulations 2001 to provide that under s 6E(2) of the Privacy Act, a small business which operates a residential tenancy database and undertakes certain acts and practices is prescribed as an organisation.