We are currently processing payments for Medical Indemnity 1 January 2025 renewals. Please note that your cover is not impacted and you can continue to practice. You can access your documents, including your Confirmation Certificate which can be provided as evidence of cover, via the Medical Indemnity Member Login.

New Privacy Laws Have Passed - time to review your privacy practices!

Justin Fung, Avant Law - Partner, Head of Commercial & Corporate | General Manager

Ben Ryan, Avant Law - Partner, Commercial & Corporate

Marija Xenakis, Avant Law - Special Counsel, Commercial & Corporate

Marko Novakov, Avant Law - Senior Associate, Commercial & Corporate

Tuesday, 7 January 2025

sign new laws ahead

The Privacy and Other Legislation Amendment Bill 2024 (Cth) which we reported on here received Royal Assent on 10 December 2024 and has been in force as of 11 December 2024.

The majority of the new laws commenced on the day after the Bill received Royal Assent, with the exception of the following:

  • the new statutory tort for serious invasions of privacy will commence on a proclaimed date but within six months of Royal Assent; and
  • the new requirements relating to disclosure of the use of automated decision-making programs will commence 24 months after Royal Assent.

The key changes from the Bill as originally introduced include the following:

1. Compliance Notices

New powers have been introduced for the Office of the Australian Information Commissioner (“OAIC”) to issue compliance notices where it reasonably believes that an entity has contravened a civil penalty provision for which infringement notices can be issued.  The compliance notice must contain:

  • the details of the contravention and specify the steps the entity must take to address the contravention and to ensure that the conduct is not repeated or continued; and
  • a reasonable time period within which such steps must be taken.

Where an entity complies with such a notice it is not taken to have admitted to the contravention or to have been found to have contravened the relevant section.  However, a failure to comply with a compliance notice could lead to a civil penalty or an infringement notice. 

These expanded enforcement powers are likely to see further increased enforcement activity by the OAIC.

2. Statutory Tort for Serious Invasions of Privacy

The statutory tort applies in circumstances where a defendant intentionally, or recklessly, intrudes upon the plaintiff’s seclusion or misuses the plaintiff’s information. The invasion must be deemed ‘serious’ where the plaintiff had a ‘reasonable expectation’ of privacy in all circumstances. The Australian Law Reform Commission has previously indicated that the interpretation of ‘intentionally’ for this tort encompasses a subjective and deliberate desire to intrude or misuse or disclose private information, and that a motivation to do so arising from malicious intent would be a relevant factor in determining liability.  

The original Bill allowed a defendant to adduce evidence that there was a public interest in the invasion of privacy.  The plaintiff was then required to satisfy the Court that that public interest was outweighed by the public interest in protecting their privacy.

This process has been removed from the Bill as passed and replaced with the introduction of a ‘public interest’ element in the new statutory tort whereby the cause of action would only be available if the public interest in the plaintiff’s privacy outweighed any countervailing public interest.  This represents a shift in the onus onto the plaintiff in this regard.

In addition to the changes to the Bill, an Addendum to the Explanatory Memorandum to the Bill has also been published which includes clarification on the application of the statutory cause of action for serious invasions of privacy in the healthcare industry. 

The Addendum states that the clarifications were in response to concerns raised in submissions to Senate Legal and Constitutional Affairs Legislation Committee in relation to the broad definition of ‘misusing information’. Specifically, the Addendum to the Explanatory Memorandum to the Bill clarifies that:

  • The tort is unlikely to affect the ‘proper activities of healthcare providers’ in light of all of the elements which must be satisfied, high thresholds and defences (for example, in connection with “intimate, health or family information”).
  • The elements of the tort should ensure that ‘legitimate practices’, such as medical care and research, do not attract liability.

Healthcare providers can enquire with patients about family-related medical histories and collect reports from other specialists in treatment of patients. Consistent with the clarifications in the Addendum, we would expect that use and disclosure of health information arising from these circumstances for the treatment of patients would be considered a ‘proper activity’ or ‘legitimate practice’ (rather than, say, arising from a malicious intent), and not attract liability for the statutory tort.

While these clarifications and our comments above relate to the legitimate and proper activities of healthcare providers, we further note our previous observations that entities operating in the healthcare industry (or other industries where a person would have a higher expectation of privacy) should ensure that their processes and physical barriers are sufficient to ensure a person’s privacy is preserved.  This is particularly in relation to situations which may arise within healthcare settings that are unrelated to the proper delivery of health services to a patient by a health practitioner but include peripheral or unrelated interactions. 

Now that the Bill has passed, entities should ensure that they are actively and continually auditing their data and privacy practices.  

We can help you

If you have any questions, or would like more information about how we can assist you or your practice, please call 1800 867 113, or to organise a confidential discussion at a time that suits you, please click here 

Topic

Other resources

  1. New privacy bill tabled in parliament - Avant

    Privacy alert - New privacy bill tabled in parliament

  2. Proposed new statutory tort to Privacy Act - Avant

    Mishandling patient information is risky business: Proposed new statutory tort to the Privacy Act

  3. Case study guide - Mishandling patient information is risky business - Avant

    Case study guide - Mishandling patient information is risky business

More ways we can help you

Indemnity insurance
Health insurance
Practice solutions
Finance
Legal services
Life & income protection

Get in touch

Get in touch with one of our Commercial & Corporate experts to arrange an obligation free initial discussion!

Get in touch

About the authors

Justin Fung

Justin Fung is a lawyer and the Head of Commercial and Corporate in our Avant Law team. Justin has over 15 years’ experience advising in commercial, corporate, risk, compliance, governance, regulatory enforcement and dispute resolution and advises clients in the private and public sectors. He was previously General Counsel of a national allied health group of companies and held Group and Divisional Head of Legal roles in a major ASX-listed health company, whose operations covered medical and dental centres, allied health, pathology, diagnostic imaging, assisted reproductive technologies, day surgeries and hospitals. Prior to these in-house legal roles, Justin was an Executive Counsel with the global law firm Herbert Smith Freehills where he practiced for over 10 years.


Ben Ryan

Ben Ryan is a Partner in the commercial and corporate law practice at Avant Law, based in Brisbane. Ben has been working with medical practices since 2013. Ben works primarily on commercial structuring and intellectual property matters to help clients achieve strategic and commercially sensible results. He pursued a career in law to provide reliable and honest support to those in need of legal assistance and enjoys working with clients to develop solutions-oriented legal strategy and advice.

Marija Xenakis

Marija is a Special Counsel in Avant Law’s Commercial and Corporate law practice, based in Sydney.  Marija has 15 years’ experience advising on commercial, corporate, employment, risk and compliance and regulatory matters for clients in the private and public sectors.

Before joining Avant Law, Marija held Group Senior Legal Counsel roles in one of Australia’s largest entertainment groups (whose operations covered hospitality, events, accommodation, retail and gaming) and a major ASX-listed health company (whose operations covered medical and dental centres, allied health, pathology, diagnostic imaging, assisted reproductive technologies, day surgeries and hospitals).  

Prior to these in-house roles, Marija was an Associate with global law firm Norton Rose Fulbright.

Marko Novakov

Marko Novakov is a Senior Associate in the commercial and corporate law practice at Avant Law, based in Melbourne. Marko has broad based experience practising in law firms and in-house legal roles in the areas of commercial law, corporate and regulatory governance, and litigation and alternative dispute resolution. Since 2023, Marko has focused on working with health practitioners and medical practices, primarily on commercial acquisitions and sales, governance, dispute resolution and intellectual property matters in order to help clients achieve both their strategic and commercial objectives. In working with his clients, Marko has developed a reputation of being a trusted advisor who can bridge the gap between legal expertise and effective communication. 

Prior to becoming a lawyer, Marko completed his Bachelor of Science Degree at the University of Toronto with a focus on Behavioural Neuroscience and with multiple publications in a peer-reviewed scientific journal for behavioural neuroendocrinology. Marko also attends and delivers presentations at conferences for doctors on commercial matters related to private practice. 

Disclaimers

This article is not comprehensive and does not constitute legal advice. You should seek legal or other professional advice before relying on its content, and practise proper clinical decision making with regard to the individual circumstances. Persons implementing any recommendations contained in this article must exercise their own independent skill or judgement or seek appropriate professional advice relevant to their own particular practice. Compliance with any recommendations will not in any way guarantee discharge of the duty of care owed to patients and others coming into contact with the health professional or practice. Avant is not responsible to you or anyone else for any loss suffered in connection with the use of this information. Information is current to 08 January 2025. © Avant Mutual Group Limited 2025.

To Top

NSW State Office AddressLevel 6, Darling Park 3, 201 Sussex Street, Sydney NSW 2000
Telephone 02 9260 9000 | Facsimile 02 9261 2921

Mailing addressPO Box 746 Queen Victoria Building NSW 1230

Connect with Avant

facebookxlinkedininstagramyoutube

In the spirit of reconciliation, Avant acknowledges the Traditional Custodians of Country throughout Australia, and their connections to land, sea and community. As a national organisation, we pay our respects to Elders past and present, of the lands on which we gather and work, and extend that respect to all Aboriginal and Torres Strait Islander peoples.

IMPORTANT: Professional indemnity insurance and the Practice Medical Indemnity Policy available from Avant Mutual Group Limited ABN 58 123 154 898 (Avant Mutual) are issued by Avant Insurance Limited, ABN 82 003 707 471, AFSL 238 765 (Avant). Avant Cyber Insurance cover is available to eligible Avant Practice Medical Indemnity Policy holders up to the cessation of their policy and is provided under a Group Policy between Liberty Mutual Insurance Company ABN 61 086 083 605 (Liberty) and Avant. Private health insurance products are issued by The Doctors’ Health Fund Pty Limited, ABN 68 001 417 527, a member of the Avant Mutual Group. Avant arranges Avant Business Insurance as agent of the insurer Allianz Australia Insurance Limited ABN 15 000 122 850, AFSL 234 708 (Allianz) and may receive a commission on each policy arranged. Avant Travel Cover is available under a Group Policy between QBE Insurance (Australia) Limited, ABN 78 003 191 035, AFSL 239 545 (QBE) and Avant Mutual. Avant Travel Cover is underwritten by QBE and Avant may receive a benefit for arranging cover. Avant Finance is a registered business name of Avant Doctors’ Finance Pty Ltd (ACN 637 769 361) and licensed to Avant Doctors’ Finance Brokers Pty Ltd (ABN 75 640 406 784). Avant Doctors’ Finance Brokers Pty Ltd is a wholly owned subsidiary of Avant Doctors’ Finance Pty Ltd. Loan products may be provided by Avant Doctors’ Finance Pty Ltd or arranged by Avant Doctors’ Finance Brokers Pty Ltd. Credit services or assistance to which the National Credit Code applies are provided by Avant Doctors’ Finance Brokers Pty Ltd as authorised Credit Representative (Credit Representative Number 523242) for LMG Broker Services Pty Ltd ACN 632 405 504 Australian Credit Licence 517192. Legal services are provided by Avant Law Pty Ltd ABN 63 136 429 153 (Avant Law). Liability limited by a scheme approved under Professional Standards Legislation. Legal practitioners employed by Avant Law are members of the scheme.


The information provided on this website is general advice only and has been prepared without taking into account your objectives, financial situation and needs. You should consider these, having regard to the appropriateness of the advice before deciding to purchase or continue to hold these products. For full details including the terms, conditions, and exclusions that apply, please read and consider the relevant Product Disclosure Statement or policy wording and Target Market Determination (TMD) which are available on this website or by contacting us on 1800 128 268. Information on this site does not constitute legal or professional advice, and is current as at the date of initial publication.