this product is unavailable for purchase using a firm account, please log in with a personal account to make this purchase.

Privacy laws to bolster business


A suggested overhaul of privacy laws is expected to have a major effect on lawyers and firms, at least in the initial stages.

Practitioners will be bombarded by clients wanting to know how sweeping changes proposed to privacy laws may affect the way they do business, according to privacy lawyer Gordon Hughes.

However, the federal government said it would not know for at least 10 months exactly which of the 295 recommendations detailed in a 2400-page Australian Law Reform Commission (ALRC) report it will pass or ignore.

Chief among the recommendations contained in For Your Information: Australian privacy law and practice (ALRC 108), released on 11 August, are that individuals be given the right to sue for serious invasions of privacy and that the collection of information from third party sources be heavily curtailed.

Importantly for law firms, the ALRC said that some arms of government, political parties and businesses with an annual turnover of less than $3 million should no longer be exempt from the Privacy Act 1988 (Cth).

Practitioners would have to inform clients after any data security breach, and new regulations may be created to protect the privacy of employment records as well as health and credit information.

A Blake Dawson partner, Mr Hughes said that the new laws should not greatly affect the daily operation of firms but in the short to medium term they would definitely create more work.

“Practitioners are going to get a lot of inquiries from those likely to be most affected, such as small businesses and government clients, who will want to know if they have to change their current practices,” Mr Hughes said.

“The proposed restrictions about collecting information from third-party sources or using information for purposes other than why it was collected do not apply at present, and employers will need to be aware of what employee details they have on record and how they use them.”

A cause of action or liability for invasion of privacy may become available for sensitive information about an individual’s private life gained by unauthorised surveillance or interfering with emails and other correspondence later disclosed or published.

Media organisations have expressed fear that this could open the door for massive damages claims for invasions of privacy.

“It is portrayed as a law to curtail extreme media reporting but it is not the only objective of that rule and it can apply to anyone who feels their privacy has been invaded by someone else,” Mr Hughes said.

However, the recommendations would still allow collection of personal information to establish or defend legal claims, for example insurance or personal injury, without the consent of an individual.

On other matters, the proposed changes mean firms with a turnover of under $3 million per annum would have to abandon the practice of cold-calling and develop client profiles in other ways – something larger firms were forced to do several years ago.

Mailing databases would also have to be reviewed to ensure they only included people with whom the practitioner had a bona fide business relationship and firms would have to display privacy policies on their website.

In 2006, then federal Attorney-General Philip Ruddock asked the ALRC to conduct an inquiry into the Privacy Act to ascertain whether it continued to provide an effective framework for the protection of privacy for Australians.

During the 28-month inquiry the ALRC held major public forums, more than 500 roundtable discussions with individuals, agencies and organisations and received 585 written submissions.

Commissioner in charge of the privacy inquiry Professor Les McCrimmon said the public wanted a workable and effective system that safeguarded sensitive personal information.

“Although the federal Privacy Act is only 20 years old, it was introduced before the advent of supercomputers, the internet, mobile phones, digital cameras, e-commerce, sophisticated surveillance devices and social networking websites,” Prof McCrimmon said.

“The ALRC was [also] given many examples of the Privacy Act being used inappropriately as a reason for failing to provide information or assistance.”

Special Minister of State John Faulkner said the first wave of reforms would be aimed at unifying public and private privacy principles and the health and credit reforms, but no legislation was expected until late 2009 or early 2010.

“Our challenge as a government is to get the reforms right [so] I don’t want to necessarily do this at breakneck speed.

“Australians’ confidence in the security and release of their personal information is part of this government’s program to restore faith and trust in the integrity of government,” Senator Faulkner said.

“The capacity for businesses to collect, store, use and even sell large amounts of information, I think, has real concerns in the community. There are also concerns about government use of private information.”

He said the federal government would also investigate how to work with state and territory governments on the best way to achieve nationally consistent laws.

The final report is available online at
publications/reports/108. For more information, see “Watching Big Brother” on page 72 of this edition of the LIJ.

The key ALRC recommendations

  • A basic restructuring of the Privacy Act that would include dedicated regulations governing specific fields, such as health privacy and credit reporting.
  • Regulating cross-border data flows so that if an organisation transfers personal information outside the country they remain accountable for it.
  • Nationally consistent privacy principles.
  • Rationalising the complex web of exemptions under the current Act.
  • Improving complaint handing and introducing stronger penalties.
  • Better educating children and young people about the dangers of posting personal information online.
  • Data breach notification.
  • The right to sue for major breaches of privacy.
  • Some expansion of the categories of personal information to be held by credit reporting agencies.


Leave message

 Security code
LIV Social