Privacy bill strengthens government cybersecurity

Share

The Albanese Government introduced the Privacy and Other Legislation Amendment Bill 2024, marking a significant advancement in privacy legislation in Australia. This legislation tackles the growing intricacies of data privacy in today’s digital landscape and strengthens the overall cybersecurity framework, especially in the public sector. 

This legislative initiative tackles the shortcomings of the current Privacy Act 1988, which struggles to adapt to rapid technological progress and evolving privacy risks. Recent high-profile data breaches underscored the urgent need for stronger safeguards. The bill shows the government’s commitment to addressing these issues directly, aiming to restore public confidence in digital services and safeguard sensitive information.

Clare O’Neil, the Minister for Home Affairs, states, “This legislation is a critical step in modernising our privacy laws and ensuring that Australians’ personal data is protected in today’s digital environment.”

Privacy bill provisions

  1. Introduction of a statutory tort for serious privacy invasions

The bill introduces a new legal framework that targets significant breaches of privacy. This legal mechanism allows individuals to seek remedies for serious violations of privacy, which have increased in the digital era. The government acknowledges the shortcomings of the Privacy Act 1988, which has failed to adapt to the rapid evolution of technology.

  1. Children’s online privacy code

The legislation mandates the creation of a code that focuses on protecting the online privacy of children. This legislation aims to protect children from online dangers by enforcing stricter privacy standards for digital platforms targeting young users. The government allocated an extra $3 million over a three-year period to the Office of the Australian Information Commissioner (OAIC) for developing and enforcing this code. Clare O’Neil, the Minister for Home Affairs, emphasised, “Protecting our children online is a top priority, and this code will set new standards for their safety.”

  1. Enhanced transparency and information sharing

The new legislation clarifies automated decisions that impact individuals’ lives. It facilitates information sharing during emergencies or qualifying data breaches while safeguarding personal data. This adjustment addresses earlier issues with ambiguity and ineffectiveness in handling data breaches.

  1. Stronger enforcement powers

The Australian Information Commissioner gains enhanced enforcement authority through the legislation. This grants stronger authority to tackle privacy violations and manage data breach notifications effectively. The Commissioner now has enhanced resources and capabilities to effectively tackle and reduce the effects of privacy violations.

  1. New criminal offences for doxxing

The bill creates criminal offences to tackle doxxing, which involves the harmful sharing of personal information online. The law sets a maximum sentence of 6 years in prison for unauthorised use of personal data. If the offender specifically targets the victim based on characteristics like race, religion, or sexual orientation, the penalty increases to 7 years. The Minister for Government Services stated, “These new criminal offences will provide robust protection against the harmful practice of doxxing.”

Enhanced accountability in cybersecurity

This legislation significantly increases civil penalties for serious or repeated privacy violations. The legislation now exposes corporate entities to a maximum penalty of up to $50 million, which is three times the breach’s benefit, a significant increase from previous thresholds. This modification discourages organisations from neglecting data protection, improving the overall cybersecurity strength in the public sector. 

The Bill expands the OAIC’s information-gathering powers, requiring organisations to submit documents related to suspected data breaches and assess compliance with privacy obligations. The granted authority allows for prompt inquiries and rapid responses to violations, reducing the risk of damage from infractions. 

The establishment of a statutory tort for significant privacy violations provides individuals with a legal pathway to pursue remedies for infringements, going beyond the limitations of current statutory frameworks. This empowers individuals and urges organisations to prioritise strong cybersecurity measures. Commissioner Kind stated, “The coverage of Australia’s privacy legislation lags behind the advancing skills of malicious cyber actors,” highlighting the urgent need for reforms to effectively safeguard personal information.

The Privacy and Other Legislation Amendment Bill 2024 takes a significant step forward by updating Australia’s privacy laws, providing essential protections, and enhancing the country’s cybersecurity framework. This legislation enhances transparency and accountability and supports the government’s broader initiatives to uphold public trust in the digital economy. Clare O’Neil, the Minister for Home Affairs, highlighted the importance of these reforms, saying, “These reforms are necessary to ensure that Australians’ personal data is protected in an increasingly interconnected world.”