On October 14, 2009, the Australian government released a report entitled “Enhancing National Privacy Protection” that contains proposed reforms to Australia’s privacy laws, including the Privacy Act 1988 (“Privacy Act”). In announcing the report, Cabinet Secretary and Special Minister of State Joe Ludwig stated that the reforms aim to “provide for one set of streamlined Privacy Principles for Australian Government agencies and private sector organizations which will provide greater clarity and cut red tape.” The report comprises the first stage of a two-stage response to a report issued by the Australian Law Reform Commission (“ALRC”) in 2008 that contained 295 recommendations to revise Australian privacy laws and practices.
The Australian government’s report addressed 197 of the 295 ALRC recommendations and promised to implement almost 90% of those recommendations. Some of the more notable recommendations that will be implemented include: strengthening the Privacy Commissioner’s powers of investigation and enforcement; adding biometric information to the definition of “sensitive information” in the Privacy Act; enacting new rights for individuals to transfer their health records between health care providers; and requiring agencies and organizations to notify individuals if their personal information is reasonably likely to be transferred overseas.
The Australian parliament intends to draft legislation to implement the ALRC recommendations in early 2010. After this first stage response to the ALRC report has progressed, the Australian government intends to consult with the public and privacy sectors to address the remaining 98 ALRC recommendations, which focus on sensitive issues such as data breach notification and the handling of personal information under the Telecommunications Act 1997.