Wednesday, March 21, 2018

Replacing the Privacy Act

Yesterday the government introduced a new Privacy Bill to the House. The bill is a wholesale replacement for the existing Privacy Act, which re-enacts existing law with a few tweaks. Most importantly, there are
restrictions on overseas use of information, mandatory reporting of data breaches, and new powers for the Privacy Commissioner to issue compliance notices. Unfortunately, it doesn't go far enough: prosecutions for breaches must still be brought by the (grossly underfunded) Director of Human Rights proceedings, and the penalties for ignoring the Privacy Commissioner's notices are derisory. There's also no move to correct the hole which renders journalists subject to the Act depending on whether they write books or articles - a nonsensical provision which significantly threatens media freedom. But all of this can be fixed by select committee, and hopefully it will be.

Meanwhile, its worth noting that this bill has been seven years in the making, stemming from a law Commission report way back in 2011. But despite agreeing the broad shape of the reforms back in 2014, the previous National government never bothered to enact them - protecting our privacy from abusive foreign corporations just not being a priority for them. The new government has made it a priority, and if the commencement date in the Bill - 1 July 2019 - is anything to go by, intends to enact it quickly.