31 lines
1.4 KiB
Org Mode
31 lines
1.4 KiB
Org Mode
:PROPERTIES:
|
|
:ID: auto-privacy-act-aus
|
|
:CREATED: [2026-05-23 Sat]
|
|
:END:
|
|
#+title:
|
|
#+filetags: :passepartout:compliance:framework:privacy:
|
|
|
|
|
|
Australia's federal privacy law (amended 2023-2025). Comprehensive reform in
|
|
progress — the Privacy Act Review (2023) proposes significant expansion:
|
|
tiered penalties up to $50M AUD (or 30% of turnover, or 3x benefit obtained),
|
|
direct right of action for individuals, new tort of serious invasion of privacy,
|
|
children's privacy code, automated decision-making transparency.
|
|
|
|
Who must comply: Most Australian businesses with >$3M AUD turnover; all
|
|
health service providers; all businesses handling tax file numbers. Extraterritorial
|
|
— applies to any organization with an Australian link.
|
|
|
|
Penalties: Current maximum $50M AUD (from amendments effective late 2024).
|
|
OAIC (Office of the Australian Information Commissioner) enforces. New direct
|
|
right of action will increase private litigation.
|
|
|
|
Why it matters: The Privacy Act Review's proposed automated decision-making
|
|
transparency requirements are unique — organizations must disclose the logic
|
|
and expected outcomes of AI decisions. The gate stack's ACL2 proof log is the
|
|
most defensible transparency artifact available. First-mover advantage: the
|
|
reforms are being legislated now; early adoption positions the gate stack as
|
|
the reference implementation.
|
|
|
|
** APRA CPS 234 (Prudential Standard — Information Security)
|