Is it too early to write a privacy wrap-up piece for 2014? I might be overly optimistic about winding down for the holidays and starting to get a little reflective, but here is my take on the top 10 privacy news stories in ANZ this year. (Disclaimer: I am based in Australia, so apologies to my New Zealand colleagues if I have failed to include a NZ development. Please provide your input via the blog!)

1. Major Australian privacy law reforms take effect in March 2014, the end of a privacy law reform process that began in 2004, with a new set of 13 harmonised privacy principles that regulate the handling of personal information by Australian and Norfolk Island government agencies and some private-sector organisations. 

The Office of Australian Information Commissioner (OAIC) releases numerous guidelines, issues papers and policies throughout the entire year too numerous to mention here, but you can get a full recap of regulator action via the OAIC’s website.

ADVERTISEMENT

Radarfirst- Looking for clarity and confidence in every decision? You found it.

2. In May 2014, the NZ government confirms intended reforms to New Zealand’s privacy law regime, which would see the Privacy Act 1993 being repealed and replaced with a new bill offering greater privacy protection for New Zealanders. The proposed reforms include a new compulsory requirement to report data breaches to the privacy commissioner and notify the individuals affected by the breach in some circumstances; increased fines that apply to offences under the act; increased obligations when information is transferred overseas, and enhanced powers for the commissioner, including the ability to issue compliance notices that will be enforced by the Human Rights Review Tribunal. 

Also in May, the privacy commissioner releases new guidance on data breaches.

3. From May to June 2014, the OAIC was busy with dealing with and reporting on data breach notifications: We had an eBay data breach, then news hit on Catch of the Day notifying the commissioner about a data breach that occurred in 2011. A spotlight was again cast on the strength of the voluntary data breach notification process. Privacy Commissioner Timothy Pilgrim announced that in 2013-2014 there were 71 data breach notifications to his office, but a number of incidents may still go unreported. Also, in the eHealth Annual Report 2013–14, the OAIC reported it received two mandatory data breach notifications under s75 of Australia’s Personally Controlled Electronic Health Record during the year.

4. Following some high-profile reports on data breaches, the OAIC released the revised Data Breach Notification Guide in August 2014, which endorses the introduction of a mandatory breach notification law.

5. Prospect of a tort of privacy rises again in September 2014 with the Australian Law Reform Commission’s report, Serious Invasions of Privacy in the Digital Era, tabled in Parliament on 3 September, in which there is a recommendation for the creation of a tort for the invasion of privacy.

6. New Victorian legislation assented to on 2 September 2014 significantly changes the regulatory landscape for privacy and data protection in the Victorian public sector. The Privacy and Data Protection Act 2014 will replace the Information Privacy Act 2000 and the Commissioner for Law Enforcement Security Act 2005 with a single act that is intended to strengthen the protection of personal information and other data held by the Victorian public sector.

7. Privacy and national security shakedown with the Australian government rushing mandatory data-retention legislation into Parliament with just over two sitting weeks left in the year in October 2014. It doesn’t look like it will be smashed into law by the end of the year though …

8. Early November 2014, the OAIC publishes its report into a high-profile data breach by the commonwealth on the inadvertent disclosure of the personal details of almost 10,000 asylum-seekers that led to more than 1,600 complaints.

9. The rise of privacy breach complaints may be the theme of 2014 and the commissioner’s last year. Privacy breach complaints almost tripled year-on-year between 2013 and 2014 in Australia according to a report from the OAIC, rising from 1,496 in 2013 to 4,239 in 2014. The increase in complaints—183 percent—was also attributed to two large unnamed data breaches, which the OAIC said resulted in a significant number of individual complaints being lodged with the commissioner about each matter.

10. Finally, it would be remiss of me not to give a major plug and thanks to the iappANZ Board, contributors and attendees for supporting the iappANZ Privacy@Play Summit held at The Westin Hotel in Sydney in November 2014 with more than 160 delegates attending; international speakers including Larry Irving, Libby Morris and Stephen Deadman; Australian, New Zealand and Asian regulators, and a plethora of industry experts from all fields. (See Malcolm Crompton’s great blog below.)