2024 Proposed Privacy Reforms - Summary

As I've said before, it takes a while for legislators to catch up with new technologies, but the currently tabled updates to the Privacy Act in Australia are long overdue, with 89% of Australians supporting reform to the rules. The original act was implemented in 1988, so it's safe to say that anything to do with the digital era was not really a consideration.

Importantly, this isn't just news for data and cybersecurity professionals to follow along with , as the reforms will impact any part of an organisation that is collecting, handling or using data as part of their operations.

Partly for my own benefit and also for yours if you think data privacy is important, here's a quick summary of the updates, which loosely fall into 3 buckets of new requirements: Transparency, Compliance and Enforcement. Keep in mind, I'm not a privacy lawyer, so these are merely my collected observations after trawling through 10-15 articles from journalists and lawyers on the subject.

Proposed fines of up to $330,000 can be enforced without going to court, with serious and repeated breaches at scale going up to $50 million.

While boards, directors, and legal teams will of course focus on the compliance, enforcement and civil liability aspects, the changes have significant implications to both to how we execute data management AND how fast we do it.

What to do now?

1. Organisations big and small need to get across the changes, likely to come into effect in 2025
2. Update your privacy policies and internal data governance: AI product development and or adoption must adhere to this as should the vetting of 3rd party vendors, from your technology partners to the office cleaners. If not already documented there must be an understanding of the provenance, usage and disposal of any and all data within the business.
3. Train your teams properly from the Board of Directors to the Interns, and 3rd party vendors should be considered as well dependant on the extent to which they access and/or provide data.

There's great in-depth coverage out there already on the subject and limited time to get across the proposed changes in time to update your data governance - this is a topic that should already be high on the agenda for smart boards of directors and executive teams.