N

Our legal experts will keep you up to date on all relevant and current developments.

Reforms to the Privacy Act 1988 Brings Significant Penalties for Serious or Repeated Privacy Breaches

There is no question that one of the most high-profile legal issues at the moment relates to privacy and data control.   

Recent privacy breaches have highlighted that Australia’s laws may not be as effective as we would like in requiring businesses to take appropriate precautions to prevent the inappropriate release of private information and personal data.

In part, this may be because Australia has a very low penalty regime with respect to privacy breaches. This, and other relevant matters, are currently being considered - and an update to the Privacy Act 1988 has now been drafted and introduced into Parliament.

The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 considers some of the core elements referred to in the 2021 Exposure Draft. In particular it increases penalties for data breach.  Currently, a corporate entity could be exposed to penalties of up to $2.22 million.

Moving forward, under the new regime, penalties will be the greater of:

  • $50 million;

  • 3 times the value of the benefit obtained by the company; or

  • 30% of the adjusted turnover of the company during the period in which the privacy breach occurred.

Non-corporate entities and individuals will have their penalties raised from $444,000 to $2.5 million.


If your business or organisation has a turnover greater than 3 million per year the significant changes that were made to the Australian Privacy Act on 12 March 2014 are likely to apply to your organisation. A compliance program should be implemented to ensure any personal information that is used or disclosed by the organisation is appropriately protected.

The reforms implemented 13 new Australian Privacy Principals, with substantial changes being made to the principles surrounding direct marketing and cross border disclosure of information.  Additional changes to the Act implement changes to the credit reporting regime that will be particularly relevant to insurers if they undertake online credit reference checks on insureds or other individuals.


From the start of the new year  there are to be more changes to the Privacy Act 1988 which could be relevant to you and your business. You will need to consider your own privacy compliance arrangements to make sure they don’t leave you at risk.


Recent Posts