The new Privacy Act came into force on 1 December 2020 to protect and promote individual privacy.
The core framework of the Privacy Act 1993 has been retained, including the information privacy principles (although some of these have been updated to ensure they are fit for purpose). New features include:
- agencies will be required to notify the Privacy Commissioner and affected individuals of certain privacy breaches
- the Commissioner will be able to issue compliance notices to agencies to remedy a privacy breach
- the Commissioner will be able to make binding decisions on complaints relating to an individual’s access to information
- agencies will be required to take reasonable steps to ensure that personal information disclosed overseas will be subject to acceptable privacy standards
- there are new criminal offences for misleading an agency in a way to obtain access to someone else’s information; and knowingly destroying documents containing personal information where a request has been made for it.
For more, see The new Privacy Act – key resources for directors.