09 June 2021
Momentum is building for an overhaul of Queensland’s privacy laws. Changes have been recommended by the 2017 review of the Information Privacy Act (Qld) and the Crime and Corruption Commission’s 2020 report on misuse of confidential information in the Queensland public sector, but no legislation to give effect to the amendments has yet been introduced.
Queensland’s privacy regulator, the Office of the Information Commissioner (OIC) has recently petitioned the federal government to align federal privacy laws with the General Data Protection Regulation (GDPR), and will no doubt be looking for the same changes in Queensland laws.
The Information Privacy Act was passed in 2009 to introduce privacy obligations applicable to Queensland government departments and agencies. It reflected the Information Privacy Principles (IPPs) and National Privacy Principles (NPPs) in place under the federal Privacy Act at that time.
Since then, a number of developments have occurred.
Key recommendations from Operation Impala include:
No doubt at least some of these recommendations are on hold while the review of the federal Privacy Act progresses – there would be little point in aligning the Queensland laws with the current federal laws if they are likely to move in any substantive way in the next few years.
The issues being considered as part of the federal Privacy Act review are wide-ranging. Some of the issues seized on by the OIC in its submission to the review include:
Queensland government agencies (especially those managing whole-of-government contracting frameworks) should consider reviewing standard privacy terms in their template or frequently used agreements to make them referable to the then-current law. For example, instead of setting out a full definition of personal information, contracts could refer to the term as defined in the Information Privacy Act, avoiding the need to vary the contract if the definition of ‘personal information’ is updated.
The same tip applies to clauses imposing privacy obligations – agencies should look to building flexibility so the clause refers to then-current laws, or include an express clause giving the agency the right to incorporate new requirements if there are changes to privacy laws.
In light of the Operation Impala recommendations, it might also be prudent to brief senior executives on the principles of privacy by design, and what adopting that approach would mean for the agency.
Otherwise, we recommend keeping an eye on the federal Privacy Act review, which is likely to inform any changes to the Information Privacy Act.
The federal Attorney-General is expected to soon release for consultation draft legislation with amendments to the federal Privacy Act.
This will lay the groundwork for Queensland to consider what, if any, amendments at the federal level may be appropriate in Queensland context. Such changes could start being debated as early as late this year.
This article was originally co-authored by Helen Clarke.
Tags
This publication is introductory in nature. Its content is current at the date of publication. It does not constitute legal advice and should not be relied upon as such. You should always obtain legal advice based on your specific circumstances before taking any action relating to matters covered by this publication. Some information may have been obtained from external sources, and we cannot guarantee the accuracy or currency of any such information.