[3] The Act was further amended in 2017 and December 2022, significantly enhancing the protection of privacy in Australia.

These amendments included increased maximum penalties for data breaches and enhanced enforcement powers for the Office of the Australian Information Commissioner (OAIC).

The Privacy Act Review commenced in 2020 following recommendations by the Australian Competition and Consumer Commission in its 2019 Digital Platforms Inquiry – Final Report.

The OAIC is responsible for investigating breaches of the Australian Privacy Principles (APPs) and credit reporting provisions.

The OAIC’s powers include accepting enforceable undertakings, seeking civil penalties in the case of serious or repeated breaches of privacy, and conducting assessments of privacy performance for both Australian Government agencies and businesses.

Anyone who fails to answer the Commissioner may be subject to a fine of up to $2,000 and/or year-long imprisonment (under section 65).

Under section 64 of the Privacy Act, the Commissioner is also given immunity against any lawsuits that he or she might be subjected to for the carrying out of their duties.