The Gillard Government spurred by recent data breaches will shortly issue a discussion paper seeking public opinion on introducing a right to privacy that will require increased attention to information security.
For larger enterprises, the new statutory right will fuel demand for data privacy and security analysts to ensure they can defend against new contingent liabilities due to lax business practices in securing or managing users' information.
An Australian Law Reform Commission (ALRC) recommendation for such a right has been on the Government’s list since August 2008.
However, a spate of recent privacy breaches, including the News of the World scandal, has spurred the Government into action.
Smaller ISPs and companies have been exempt from privacy laws so far, but the move will require increased attention to security and privacy practices for all.
It may also prompt new exemptions in 'terms of use' arrangements, in the form of opt-in clauses that offer some relief - if not a full defence - from privacy breaches due to data loss or hacking.
In addition, it will be interesting to see how the new privacy right interacts with calls by copyright lobbyists for 'three strikes' legislation.
As recommended by the ALRC, disclosure of a person’s privacy would be acceptable if it was required by law or “incidental to the exercise of a lawful right of defence of person or property.”
At the time of the release of ALRC report, several media companies described the recommendation as an attack on investigative journalism without a complementary right of freedom of expression.
However the announcement today said the Government backed both principles and promises that “any changes to our laws will have to strike a balance between the two ideals.”
The ALRC made seven recommendations on the new statutory right for a "serious invasion of privacy".
For example, a serious invasion of privacy may occur where an individual has been subjected to unauthorised surveillance, where their communications have been interfered with or sensitive facts relating to their private life have been disclosed.
To establish a claim for invasion of privacy, a user must show that there was a reasonable expectation of privacy; and the act or conduct complained of is highly offensive to a reasonable person of ordinary sensibilities.
A court would also be asked to take into account whether the public interest in maintaining the claimant’s privacy outweighed other matters of public interest (including the interest of the public to be informed about matters of public concern and the public interest in allowing freedom of expression).
Defences against an action would include that the act was required by law or the conduct was incidental to the exercise of a lawful right of defence of person or property.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
