Organisations could face financial penalties for serious or repeated breaches of user privacy under proposed amendments to the Privacy Act set to be introduced into Parliament this month.
The amendments would also give the Privacy Commissioner Timothy Pilgrim increased powers to investigate and conduct regular privacy assessments of private sector companies.
They would allow the commissioner to proactively investigate companies without an initial complaint, while providing for companies to submit a court-enforceable undertaking vowing to change information collection and security methods in the event of a privacy breach.
The Office of the Australian Information Commissioner, which encompasses the Privacy Commissioner, undertook 59 'own-motion' investigations in the past financial year; those instigated by third-party complaints but before the company involved notified the office of a potential breach.
That figure had fallen in the current financial year as organisations more proactively notified the government agency of potential breaches.
Pilgrim welcomed the changes, which would also see the Federal Government replace the current set of National Privacy Principles with a new set of 13 principles covering collection, use and security of personal information.
"The proposed new powers will allow me to resolve major privacy investigations more effectively and ensure that privacy continues to be valued as an important human right in Australia," he said in a statement.
He said the new powers also sent a "strong message" to government and businesses of significant consequences should a user's personal information be incorrectly stored or distributed.
"These additional powers will provide added strength to the enforcement of privacy laws, reinforce the significance of privacy compliance, and give organisations an even greater incentive to take their privacy responsibilities seriously," he said.
The Government is yet to release the full proposed amendments or further details on the changes.
A spokesman for the Attorney-General's Department would not clarify the type or amount of financial penalties likely to be imposed.
Plans to introduce the amendments coincide with the Government initiative Privacy Awareness Week, which also saw the introduction of stronger data breach notification guidelines for companies.
The new privacy reforms will not introduce mandatory data breach notification, however, a matter the Government has indicated could be considered once the current reforms are passed through Parliament.
