Privacy modernisation

The new Privacy Act came into force on 1 December 2020 to protect and promote individual privacy.

The core framework of the Privacy Act 1993 has been retained, including the information privacy principles (although some of these have been updated to ensure they are fit for purpose). New features include:

agencies will be required to notify the Privacy Commissioner and affected individuals of certain privacy breaches
the Commissioner will be able to issue compliance notices to agencies to remedy a privacy breach
the Commissioner will be able to make binding decisions on complaints relating to an individual’s access to information
agencies will be required to take reasonable steps to ensure that personal information disclosed overseas will be subject to acceptable privacy standards
there are new criminal offences for misleading an agency in a way to obtain access to someone else’s information; and knowingly destroying documents containing personal information where a request has been made for it.

For more, see The new Privacy Act – key resources for directors.

Related content

IMHO: What the Manage My Health breach reveals about board oversight

IMHO: Why asset governance belongs in the boardroom

New Companies Register privacy law a step forward – but more to do

The road ahead: reform, risk and resilience for boards