Privacy & Cybersecurity Law Blog

The Australian government recently released an exposure draft of legislation that would fundamentally reform the Australian Privacy Act and would unify public and private sector privacy principles.  The exposure draft includes thirteen principles intended to protect individuals from the risks associated with the sharing of personal information.

Of particular interest to the international business community, Principle 8 addresses the cross-border disclosure of personal information.  The principle states that an entity must take reasonable steps to ensure that an overseas recipient does not breach the Australian Privacy Principles with respect to personal information being disclosed, but provides an exception if the entity reasonably believes that (i) the recipient of the information is subject to a law or binding scheme that provides protection that is substantially similar to protections provided by the Australian Privacy Principles, and (ii) there are mechanisms available for affected individuals to enforce such protection.

This is the first example of an APEC economy putting forth legislation that would specifically facilitate the adoption of APEC Cross-Border Privacy Rules.  Principle 8 of the exposure draft also links to the Madrid Resolution adopted by the International Conference of Data Protection and Privacy Commissioners in November 2009 on transfers by responsible organizations.

The other twelve principles provide interesting approaches to integrating privacy across both the public and private sectors and framing privacy principles in an age of ubiquitous data collection and use.  This includes an attempt to encourage data anonymity in an era when that concept is challenged by the power of modern computing.

Interested parties are to submit comments to the Australian Senate Finance and Public Administration Committee by July 27, 2010.