Following the reforms to the Privacy Act 1988 (Cth) (Privacy Act), which are due to take effect on 12 March 2014, further reforms are proposed via the Privacy Amendment (Privacy Alerts) Bill 2013 (Cth) (Privacy Alerts Bill). The Privacy Alerts Bill, which is currently awaiting Senate approval, seeks to introduce mandatory reporting requirements for when an agency or organisation suffers a serious data breach. It is proposed that this second round of reforms to the Privacy Act is to commence at the same time as the other reforms in March 2014.
On 18 June 2013, the Senate referred the Privacy Alerts Bill to the Senate Legal and Constitutional Affairs Committee (Committee) for inquiry and report. There was a limited timeline for the report, which required submissions to be entered by midday on 20 June 2013, merely one and a half working days after submissions were initially called for.1 Concerns were raised by Coalition senators and a number of submitters to the inquiry, primarily relating to the lack of definition of the terms “serious breach” or “serious harm”2 and the lack of due process and time for scrutiny afforded to the proposed legislation.3 The report tabled by the Committee considered that stakeholders have been afforded ample opportunity to comment on the proposals, due to the matters under consideration being first raised in 2008.4
It was anticipated that the Privacy Alerts Bill was to be passed by the Senate prior to parliament’s prorogation at the end of June, although other priorities saw it fall off the legislative agenda. With the Senate not sitting until 20 August 2013, in conjunction with the upcoming election, the future of the Privacy Alerts Bill is uncertain.
Lavan Legal comment
As we reported in our previous update Reforms to the Privacy Act, significant changes to the Privacy Act loom. The full extent of those changes have been thrown into doubt by the forthcoming election, given this important amendment to the amending legislation has not been passed. Its fate may be dependent on the outcome of the election. If it survives, it may be introduced with a limited time for organisations to prepare for it. Organisations should be familiar with the proposals in case they need to implement them on short notice.
1 Legal and Constitutional Affairs Legislation Committee, Parliament of Australia, Privacy Amendment (Privacy Alerts) Bill 2013 (Cth) 15.
4 Ibid, 12.