LegalWatch Updates

Home / News

The Privacy Act is a critical piece of legislation that governs the use, collection, and storage of personal information in Australia.

The first Privacy Act was implemented in 1988, and it has been amended several times over the years to keep up with the ever-changing landscape of technology and privacy concerns. In this article, I will discuss the changes to the Privacy Act that will come into effect in 2023, highlighting the reasons behind the updates and what they mean for individuals and businesses.

History and Previous Law

The Privacy Act of 1988 was originally developed to protect the privacy rights of individuals and set standards for businesses collecting, holding, and managing personal information. The original Act only covered data held by the government and organizations with an annual turnover of over $3 million. The Act was amended in 2000 and 2014 to extend its application to small businesses, and to place stricter controls on the handling of personal information.

Reasons for Updates

The rise in technology over the past decade has made it easier for businesses to collect and store personal information. In turn, this has increased the risk of data breaches, identity theft, and other privacy violations. Therefore, the updates to the Privacy Act are necessary to address gaps in the current law and ensure that businesses are held accountable for the secure handling of personal information.

Changes to Privacy Act

The updated Privacy Act is set to come into effect in 2023, and includes several significant changes;

Right to be Forgotten:

The right to be forgotten is a new privacy right that will be introduced with the updated Act. It enables individuals to remove personal information from databases and prevent it from being used or shared. This change will mean that individuals have greater control over their personal information and can ensure that it is not used in ways that they do not approve of.

Data Breach Notification:

Under the new Act, businesses must notify individuals and the Office of the Australian Information Commissioner (OAIC) of any data breaches that are likely to result in harm or serious harm to affected individuals, within 72 hours of becoming aware of the breach.

Children’s Data

The updated Act includes specific provisions relating to the collection and handling of children’s data. Businesses must obtain consent from a parent or guardian before collecting or using a child’s personal information. This change will ensure that children are protected from misuse or exploitation of their personal data.

Implications for Businesses

Businesses need to take extra care with the way they collect, store, and use personal data to ensure they are in compliance with the new regulations. Companies that fail to comply with the new Act may face significant penalties, including fines of up to $10 million dollars.

Practical Advice

Organisations and individuals should start taking action now to ensure they are compliant with the new regulations. This includes reviewing current privacy policies, updating consent forms, and implementing new procedures for handling data breaches. Businesses must ensure that all employees are trained in privacy compliance, so there is a culture of compliance within the organisation.


The updated Privacy Act is a significant revision of the existing legislation, reflecting the changes in technology and privacy concerns. The Act aims to provide more control to individuals over their personal information while setting clearer expectations for businesses collecting, handling, and storing personal data. It is crucial that organisations and individuals start making the necessary changes today to be ready when the new Privacy Act comes into effect in 2023.

Privacy Act Compliance Checklist for Businesses in Australia

The updated Privacy Act is set to come into effect in 2023. Here is a comprehensive checklist of key changes and regulations that businesses in Australia should be aware of to ensure compliance with the new Privacy Act.

Right to be Forgotten
• Ensure that data control systems are in place, allowing individuals to delete or update their personal information.
• Create a process to respond to individuals’ requests to delete or update their information.

Data Breach Notification
• Review and update data breach response plans regularly.
• Ensure that all employees, contractors, and vendors are trained to identify and report data breaches.
• Develop cyber-security measures to reduce the risk of a data breach.
• Notify affected individuals and the Office of the Australian Information Commissioner (OAIC) of all eligible data breaches within 72 hours.

Children’s Data
• Obtain verifiable parental consent before accessing a child’s personal information.
• Develop a policy and procedure for handling children’s data and ensure employees are trained on it.
• Implement controls to prevent an underaged individual from providing personal data.

• Know the new enforcement authorities granted to the OAIC for breaches to the Privacy Act.
• Understand the fines and penalties that will be imposed.
• Review business insurances to ensure they cover the potential costs of data breaches and penalties.

Other guidelines and practices
• Review and update privacy policy and ensure it complies with all the new requirements of the Privacy Act.
• Conduct regular privacy impact assessments (PIAs).
• Implement internal policies and procedures for managing personal data.
• Train employees and contractors regarding privacy and security standards, including the new requirements.

Key Dates to Keep in Mind

Companies must be compliant with the new Privacy Act by 2023. Therefore Familiarise yourself with any new regulations and make sure your Privacy Policy is implemented and up to date for the new Act comes into force.

Then you need to ensure all employees, contractors, and partners are trained on the new Privacy Act before it becomes enforceable.


The Privacy Act is an essential piece of legislation that provides privacy rights to individuals and a clear mandate for businesses dealing with personal information.

Businesses must be aware of the changes in the updated Privacy Act, develop policies and procedures, train their employees on privacy compliance and take other necessary steps to remain compliant. By following the checklist.

Businesses in Australia can ensure they are ready for the updated Privacy Act and avoid costly fines or penalties that can occur due to non-compliance.

If you need help with your Privacy Policy development or update give us a call on 02 88583211.




*Featured image by Gabrielle Henderson