4 Feb 2017

$1m top penalty sought for privacy breaches

4:14 pm on 4 February 2017

Privacy Commissioner John Edwards wants to strengthened protection of personal information and raise fines for breaches to a maximum of $1 million.

Internet privacy

Internet privacy Photo: 123RF

In report tabled in Parliament Mr Edwards said there were wide gaps and weaknesses in the enforcement of the Privacy Act.

One of his recommedations is to allow the Privacy Commissioner to apply to the High Court for a civil penalty to be imposed for serious breaches of privacy.

This could involve damages of up to $100,000 in the case of an individual and up to $1 million in the case of a body corporate.

At present, criminal fines for breaches of privacy are are $2000 for an individual $10,000 for a corporation.

Privacy Commissioner John Edwards.

John Edwards Photo: Supplied

Most privacy enforcement is done through the Human Rights Review Tribunal.

Mr Edwards also called for improved protection for individuals who can be unexpectedly identified from data which has been officially anonymised but has give-away details.

In the report, the Privacy Commissioner cited a US case in which a researcher was able to identify details about the governor of Massachussets from an anonymised list of health beneficiaries for the entire state.

In another case, a researcher was able to uncover information about the political preferences of people in an anonymised list of 500,000 Netflix subscribers.

Mr Edwards also suggested changes that would allow people some control of their information once it was give out.

Under a privacy portability arrangement, private information which people often have to give when doing business would be sealed, de-activated when that business relationship ended, and transferrable to a new client or service provider in a discrete package.

Organisations should be required to demonstrate their methods of complying with privacy rules, Mr Edwards said.

There should be a narrowing of the defences available to people or organisations that breach people's privacy.

These and other recommendaions came in the commission's five yearly review of the Privacy Act.

It comes after the Government stated its intention to reform the legislation.