open it
close it

The Australian Government introduced the Privacy and Other Legislation Amendment Bill 2024 on 12 September 2024, marking a significant shift towards modernising Australia's privacy legislation.

The Bill is the first of two tranches that will implement 23 out of the 25 agreed legislative proposals from the government's response to the Privacy Act Review Report in September 2023. Some of the more transformative changes are expected to be introduced in a second tranche of legislation, such as:

  • Changes to the small business and employee record exemptions
  • Introducing a fair and reasonable test for collecting, using and disclosing personal information
  • Mandatory Privacy Impact Assessments
  • Establishing data retention and deletion policies

Here's our breakdown of the tranche one changes for DSPs.

Transparency in Automated Decision Making

DSPs utilising automated decision making systems will be required to disclose how personal information is used to make significant decisions. DSPs will be expected to provide clear, accessible information on the personal information involved in these processes in their privacy policies, ensuring users understand how their data is being handled and the impact it has on them. 

Enhanced Data Security and Cross-Border Transfers

DSPs who disclose personal data overseas will need to comply with updated security protocols to facilitate this data sharing. This Bill introduces new mechanisms that allow cross-border data transfers only if the receiving entities uphold privacy protections equivalent to Australian standards. 

Statutory Tort for Privacy Invasions & Criminalising Doxxing

The most significant reforms in this tranche of changes introduce a statutory tort for serious invasions of privacy and criminalise the malicious release of personal information - known as doxxing. The new statutory tort will enable individuals to seek compensation for reckless or intentional misuse of their personal information. 

DSPs may need to ensure they have the appropriate safeguards and security measures in place to prevent unauthorised access and disclosures of personal information to protect their users. 

Children's Online Privacy Code 

DSPs that have users under the age of 18, for example - employees accessing employment software services, could be impacted by the development of the Children's Online Privacy Code. The code is expected to introduce additional privacy protections for children, including strict data rules and parental consent mechanisms. 


Preparing for the Future

Over the next few years, these privacy reforms will create significant changes for DSPs collecting and handling personal information. We expect that these changes will flow through to security frameworks and requirements for DSPs, potentially resulting in uplifts. 

DSPANZ will continue to update our members about the Privacy Act reforms and associated changes through our newsletter and members only content.

For more information about the Privacy Act reforms, continue reading here

Newsletter

Be the first to hear about the latest business software industry news, updates, and events.

Become a Member

Get involved! Learn more about our membership options here.

Member Benefits

Member Directory

Browse through DSPANZ Members and learn more about them here.

Browse List