KPMG Australia welcomes the opportunity to provide a submission to the Attorney-General Department’s review of the Privacy Act 1988 (Cth) (the Review). The Review is a significant opportunity to contribute to an important reform process that has the potential to empower consumers and protect their data, while creating economy wide benefits.
As a leading professional services firm, KPMG is committed to meeting the requirements of all our stakeholders – not only the organisations we audit and advise, but also employees, governments, regulators and the wider community. We strive to contribute to debate that seeks to develop a strong and prosperous economy and society and welcome the opportunity to provide a submission to the Review.
Entities currently must manage and comply with a range of data-related regulatory requirements that exist in overlapping and in some cases fragmented frameworks at both a State and Federal level. The Review provides a further opportunity to carefully consider how the Privacy Act (the Act) interacts with these frameworks, including the Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill 2021 (the Online Privacy Bill) and the recently passed Security Legislation Amendment (Critical Infrastructure) Bill 2021 (the Critical Infrastructure Bill).
The expansive list of objects outlined in the Act have, in our view, endured well since they were introduced 20 years ago. KPMG supports the continued broad objects of the Act and believes that care should be taken to avoid narrowing, even unintentionally, the objects in an attempt to address perceived limitations. Clearly defined concepts and rules, that are interoperable and are supported by the regulatory tools of code-making, guidance and advice, together with a strong regulator, should be preferred as the most effective means for enabling compliance and be assessed as part of a comprehensive Regulatory Impact Statement process.
The Discussion Paper opens the way for potential wide-ranging reforms of the Act and beyond. KPMG considers that greater clarity about the objectives of the reform should be a primary consideration of the Review. KPMG therefore believes that clear articulation of the problem statement for the proposed changes will be critical to drive a clear and comprehensive framework for reform of the Act, that builds on and strengthens the core principles-based elements of the Act, provides clarity and accountability for entities, and enhances individual rights while not overburdening them as the central modern privacy law for Australia.
This submission builds on KPMG’s submission to the Review’s Issues Paper. It outlines 26 findings at section one and directly addresses the complete list of proposals at section two. KPMG looks forward to continued engagement as this important review process progresses.