The long drawn out process of enacting the Stage One privacy law reforms to commence in March 2014 is just one of many steps that will be needed to keep pace with the challenges posed for protection of privacy and changing community attitudes.
Two among many issues likely to require consideration by the Abbott government are:
One, Australia currently has no requirement for mandatory data breach notification.
The survey shows 85% strongly and 11% somewhat agree that business should notify them if personal information is lost; 88% strongly and 8% somewhat agree government should do the same. A third (33%) of the population has either been the victim of ID fraud or theft or knows someone who has.
(Given the expectation regarding notification by business, Australians might be surprised that most businesses aren't subject to privacy legislation because of the exemption for small business - a Stage 2 reform that awaits attention six years after the ALRC recommended this and other exemptions for example for political parties should be withdrawn.)
To address the notification issue, the House of Representatives passed the Privacy (Alerts) Amendment Bill earlier this year but the bill was not considered by the Senate prior to the election and has now lapsed.
During debate in the House, Michael Keenan, then shadow and now Minister for Justice said the coalition supported the bill but reserved the right to move amendments following any recommendations made by the Senate Legal and Constitutional Affairs Committee.
The Senate Committee, after allowing one and a half days for submissions recommended passage without amendment but coalition senators Humphries and Boyce were critical of a process that meant the bill had not received thorough and detailed scrutiny. The "concerns of key stakeholders should not lightly be set aside..concerns raised..should be better scrutinised, understood and acted upon by the relevant government agencies.." Concerns raised in committee included the meaning of key terms such as 'real risk of serious harm' within the trigger definition ' serious data breach', the practicality of some notification requirements and the breadth of exceptions.
Two, the rise in concern about privacy risks and intrusions will focus attention on the adequacy of protections imposed and remedies available in law. The publication of the survey results coincided last week with release by the Australian Law Reform Commission of an Issues Paper, the first stage of public consultation for the Serious Invasions of Privacy in the Digital Age reference. The paper seeks input on 28 questions, 25 relating to a possible cause of action for breach and alternative ways that existing laws could be supplemented or amended to provide appropriate protection for privacy in the digital era. Submissions close 11 November.
To say the Attorney General Senator Brandis was underwhelmed at the prospect of further ALRC examination of the issue of a statutory cause of action for a serious and unwarranted breach of privacy when the issue cropped up in May would be an understatement.