Australia: OAIC issues submission on reform of Data Security Action Plan
The Office of the Australian Information Commissioner ('OAIC') announced, on 8 August 2022, its submission to the National Data Security Action Plan discussion paper, issued by the Department of Home Affairs on 6 April 2022. In particular, the OAIC highlighted that the Action Plan must ensure greater transparency regarding the handling, storage, and security of personal data. More specifically, the OAIC expressed support for the Action Plan's proposal to remove the exemption of small and medium-sized businesses ('SMEs') from the purview of the Privacy Act, 1988 ('the Act'). In addition, the OAIC called for the need to establish a positive duty on organisations to handle personal information fairly and reasonably, as part of the Action Plan and as part of the Act's review.
Furthermore, the OAIC detailed the risk presented by biometric data, as a form of sensitive data, and that appropriate regulation of biometric data is required outside the Action Plan, considering the unique risks presented. Likewise, the OAIC noted that other legal frameworks, such as the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), must be considered when discussing international data frameworks, and that elements should be incorporated into domestic law to facilitate global consistency.
However, the OAIC clarified that proposals in the Action Plan must be considered in the context of the Act and its current review.
You can read the submission here.