There is no question that one of the most high-profile legal issues at the moment relates to privacy and data control.   

Recent privacy breaches have highlighted that Australia’s laws may not be as effective as we would like in requiring businesses to take appropriate precautions to prevent the inappropriate release of private information and personal data.

In part, this may be because Australia has a very low penalty regime with respect to privacy breaches. This, and other relevant matters, are currently being considered - and an update to the Privacy Act 1988 has now been drafted and introduced into Parliament.

The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 considers some of the core elements referred to in the 2021 Exposure Draft. In particular it increases penalties for data breach.  Currently, a corporate entity could be exposed to penalties of up to $2.22 million.

Moving forward, under the new regime, penalties will be the greater of:

• $50 million;

• 3 times the value of the benefit obtained by the company; or

• 30% of the adjusted turnover of the company during the period in which the privacy breach occurred.

Non-corporate entities and individuals will have their penalties raised from $444,000 to $2.5 million.

Since 2020, the Australian Competition and Consumer Commission has introduced amendments to the Competition and Consumer Act 2010 which enable consumer data information to be shared, in order to facilitate the process known as open banking.

At present, Consumer Data Right legislation solely relates to information held by banks and energy companies.  It is anticipated that there will be a further and more significant roll out of legislation impacting the wider financial sector, as well as other sectors within the economy, in the next several years.

Holman Webb Lawyers is currently assisting broker groups, aggregators and software providers in relation to banking Consumer Data Right requests, and is similarly advising accredited data recipients with respect to their entrance into the financial services area, to enable applications for consumer credit.

The process surrounding the release of Consumer Data Right information is developing rapidly, as new technology emerges. There are privacy concerns relating to the management of this information, with detailed legislation and systems having been introduced to enable this information management to occur.

This article provides a brief analysis of the legislative process.  Readers should note that there will undoubtedly be further change, as the Consumer Data Right process gains traction.

Contained within the Privacy Act 1988 and the Privacy (Credit Reporting) Code 2014 is a regime concerning the collection, storage and use of data relating to an individual’s credit’s history and credit worthiness information.

The Office of the Australian Information Commissioner recently conducted a review of the Code and made several recommendations for change, providing a timely reminder of the nature of the Code and the obligations on all parties involved in requests for credit reporting information.

Contracts do not need to be complicated or convoluted, but they do need the right Terms and Conditions in place to ensure your business is properly protected. A robust set of Terms and Conditions can eliminate loopholes and put your business in the best possible position to recoup monies owed.

Having appropriately worded Terms and Conditions can mean the difference between a successful recovery and a write-off.  

This article outlines theTerms and Conditions that trade credit suppliers should consider within the context of a Commercial Credit Agreement.

The Office of the Australian Information Commissioner (‘OAIC’) has released its 2020–21 annual report and performance statement.

In the past 12 months, the OAIC has sought to establish strong privacy protections to both increase public confidence in the use of personal information, and minimise the public health risks associated with COVID-19.

From the start of the new year  there are to be more changes to the Privacy Act 1988 which could be relevant to you and your business. You will need to consider your own privacy compliance arrangements to make sure they don’t leave you at risk.