ANU recognises that your privacy is very important.
The way we collect, use, disclose, secure and dispose personal information is governed by compliance with, and obligations as an 'agency' under the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs).
Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022
The Attorney-General the Hon Mark Dreyfus KC MP tabled this bill in the House on 26 October. You can track progress and see more about the Bill on the Parliament of Australia website.
The Minister summarised the changes in the Bill in his media release as:
The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 will increase maximum penalties that can be applied under the Privacy Act 1988 for serious or repeated privacy breaches from the current $2.22 million penalty to whichever is the greater of:
$50 million;
three times the value of any benefit obtained through the misuse of information; or
30 per cent of a company's adjusted turnover in the relevant period.
The Bill will also:
provide the Australian Information Commissioner with greater powers to resolve privacy breaches;
strengthen the Notifiable Data Breaches scheme to ensure the Australian Information Commissioner has comprehensive knowledge and understanding of information compromised in a breach to assess the risk of harm to individuals; and
equip the Australian Information Commissioner and the Australian Communications and Media Authority with greater information sharing powers.
The Bill is an important step forward proposing to amend the Privacy Act 1988 (Privacy Act), the Australian Information Commissioner Act 2010 (AIC Act), and the Australian Communications and Media Authority Act 2005 (ACMA Act) to increase penalties under the Privacy Act, provide the Australian Information Commissioner (the Commissioner) with greater enforcement powers, and provide the Commissioner and the Australian Communications and Media Authority (ACMA) with greater information sharing powers.
The Bill has now passed through all three stages of reading in the Parliament as of 9 November and will likely receive the Royal Assent and become an Act later this year.
The Bill addresses immediate government policy concerns. The comprehensive review of the Privacy Act by the Attorney-General's Department that commenced in 2019 will be completed this year, with recommendations expected for further reform.
Privacy and COVID-19
The Office of the Australian Information Commissioner (OAIC) has provided advice on management of personal information during COVID-19. Two important matters for the University are:
entities (including ANU) need to regularly take stock of their personal information holdings collected for COVID-19 purposes and assess whether they should continue to collect and retain personal information. As an example of the application of this “The Minister for Health and Aged Care (the Minister) has determined that the COVIDSafe app is no longer required to prevent or control the entry, emergence, establishment or spread of COVID-19 in Australia”. They are deleting data. If any area in the University collected data for COVID-19 purposes - whether or not a Privacy Impact Assessment was undertaken - it is time to review the collection, storage, and use of this data. Please contact the Privacy Office to review the data holdings. Data which is no longer required must be deleted.
Privacy training and presentations
All ANU staff and students can access a free, self-paced online course on ANU Privacy Awareness Training through Pulse. The module will provide you with an overview of your obligations as a staff member or student leader of ANU.
All staff are strongly encouraged to complete the ANU Privacy Awareness Training, and it is recommended for any staff who handle personal information. Note that the module is mandatory for new professional staff.
While ANU has used all reasonable endeavours to ensure the information on this site is as accurate as possible, it gives no warranty or guarantee that the material, information or publication made accessible is accurate, complete, current, or fit for any use whatsoever. No reliance should be made by a user of the material, information or publication accessed via this communication.
