Australian privacy professionals, along with the numerous sectors of society slated to be affected by proposed reforms to the Privacy Act, are all patiently waiting for something to finally happen this week — the first of a two-week sitting session of federal Parliament. 

Many will recall Attorney-General of Australia Mark Dreyfus made a clear overture in May that he would be bringing various revisions to the Privacy Act before Parliament in August. Subsequent announcements about the addition of some high-profile matters, including doxxing and protections for vulnerable individuals, have followed. 

While there is a spectrum of opinion on the proposed reforms, there seems to be a broad consensus that it's time to act and give the sector and the Australian public clarity and consistency with respect to protections and governance of their personal information.

Against this backdrop, the Digital Platform Regulators Forum met 19 July to reflect on activities over 2023–2024 and establish goals and strategic priorities. Australian Privacy Commissioner Carly Kind, Australian Communications and Media Authority Deputy Chair Creina Chapman, eSafety Commissioner Julie Inman Grant, and Australian Competition and Consumer Commission Chair Gina Cass-Gottlieb attended.

DP-REG members "agreed on strategic priorities for 2024–26 to progress these goals with a view towards ensuring that Australia's digital economy is a safe, trusted, fair, innovative and competitive space," the OAIC said.

Priorities include increasing members' digital platforms regulatory capability and information/intelligence sharing capability to build capacity. To promote regulatory coherence, members will collaborate bilaterally and multilaterally on regulatory development. Efforts to respond to emerging risks and opportunities include proactive engagement and "understanding, assessing and responding to the benefits, risks and harms of technology, including AI models."

Meanwhile, former prescription delivery service provider MediSecure advised the OAIC that a cybersecurity incident may have impacted approximately 12.9 million individuals, what the OAIC said is the largest number of individuals impacted that it has been informed of under the Notifiable Data Breaches scheme.

The size and scope of the personal information involved "is a further reminder of the need for organizations to make protecting individuals' personal information a top priority," Kind said. “The coverage of Australia's privacy legislation lags behind the advancing skills of malicious cyber actors. Reform of the Privacy Act is urgent to ensure all Australian organizations build the highest levels of security into their operations and the community's personal information is protected to the maximum extent possible."

Adam Ford is the managing director, Australia, New Zealand, for the IAPP.