Privacy Act Reforms Briefing Papers

- Part 1: Proposed Reforms

- Part 2: Draft Reforms | release date: T.B.A. (pending amending Bill)

- Part 3: Final Reforms | release date: T.B.A. (pending amending Act)

for Privacy Act Reforms Briefing Webinars, click here)


This series of briefing papers provides concise reports at each stage of the Privacy Act reforms process to enable privacy advisers and managers to acquire a comprehensive understanding of the pending reforms, their impacts on data handling practices and measures required within privacy management frameworks to achieve complianceThe series is comprised of the following briefing reports:

  • Proposed Reforms (Stage 1on the reform proposals set out in the A-G's Privacy Act Review Report (Feb 2023).
  • Draft Reforms (Stage 2) on the reforms contained in the amending Bill (once released).
  • Final Reforms (Stage 3)  - on the reforms, in their final format, contained in the amending Act (once passed).

Each briefing paper analyses the key reforms as they stand at each stage, with each reform being analysed in a structured, compliance-oriented format divided under the following headings:

  • Proposal - summarising the requirements of the reform;
  • Explanatory notes - providing concise commentary on key matters;
  • Impact - analysing impacts on data handling practices & privacy frameworks;
  • Compliance - outlining steps required to update practices & frameworks for compliance.

Briefing Papers Stages 1 and 2 will address the proposed reforms in-depth at the appropriate level of detail (given they will still be subject to amendment) with the goal of enabling users to assess the potential impacts on their organisations and begin taking preliminary steps in preparation for measures that will likely be required for compliance. Briefing Paper Stage 3 will provide extended detailed analysis, with additional focus on impacts and required compliance measures, once the changes have been passed in their final form.

Contents - Proposed Reforms (Stage 1)

(Note: Contents for Stages 2 and 3 will be published in the future at times of release)


  • Scope, nature and objectives of reforms
  • Broad overview

2-Proposed reforms

  • Coverage (definitions of: "personal information", "sensitive information", "collection")
  • Consent (requirements for validity, geolocation tracking data, research)
  • Children (age, consent, notices, child's best interests, direct marketing)
  • New rights (to object to collection/use/disclosure, to erasure/deletion)
  • Privacy notices (clarity)
  • Third-party collections (verification of compliance)
  • High-risk practices (mandatory PIAs, other risk minimisation measures)
  • Privacy settings (pro-privacy default)
  • New test for all data handling ("fair and reasonable")
  • New "accountability" requirement (record purposes of all collections/uses/disclosures)
  • Privacy officer/manager role (mandatory)
  • Direct marketing, targeting & profiling (definitions, right to opt-out, children)
  • De-identified information (increase protections)
  • Exemptions (small business operator, employee records, new (eg public interest))
  • Automated decisions (notices & right to information)
  • Data retention periods (establishment, notification in privacy policy)
  • New "controller" (outsourcer) & "processor" (contractor) terminology to differentiate obligations
  • Overseas disclosures (approved countries list, consent, notices, contractual clauses)
  • Data Breach Notification Scheme (notice periods, mandatory management systems)
  • Other proposals

Intended audience

Privacy advisers and privacy managers (eg Privacy Officers, Chief Information Officers, division managers, records managers and risk managers).


Jeremy Douglas-Stewart has been recognised as a leading privacy lawyer in Australia and corporate privacy training facilitator. Jeremy has extensive experience in advising businesses and government on privacy laws and data management practices, is author of an Australian privacy law loose-leaf reporting service and has over 20 years’ experience in delivering privacy training seminars. Jeremy was a member of the Privacy Commissioner's Consultative Group during the review of the Privacy Act in 2004/5 and of the Australian Law Reform Commission's Privacy Principles Roundtable in 2007.


PDF reports sent via email.

Cost & release date

Proposed Reforms (Stage 1) Tues, 27 June 2023 $275 + GST
Draft Reforms (Stage 2) TBA1 $275 + GST
Final Reforms (Stage 3) TBA2 $425 + GST
All Stages (1, 2 & 3) (20% discount) as above $780 + GST

1 Pending amending Bill  |  2Pending amending Act

Briefing reports are licensed for 1 user and a single site/office.

Additional users licences (single site | in addition to standard cost above):

  • 2 to 10 users: $25 + GST per user
  • 11 to 20 users: $15 + GST per user
  • unlimited users: $425 + GST

Additional sites/offices (in addition to standard cost above):

  • 2 to 5 sites: 25% of standard cost per additional site
  • unlimited sites: please request quote

Receive notification of dates for Stages 2 and 3

To request e-notification of release dates for Briefing Papers Stages 2 and 3, send us your email address through our Contact Us form with "Notification request - Privacy Act Reforms Briefing Papers" in the subject field. Emails can be removed from the list at any time.


If the Government: (1) releases a formal response to the A-G's proposals, or an exposure draft Bill prior to the release of the amending Bill (ie prior to Briefing Paper - Stage 2), Presidian will issue a briefing report accordingly; (2) releases an amending Bill at least 2 working days prior to the release of Briefing Paper - Stage 1, customers will be automatically issued Briefing Paper - Stage 2 without additional charge (and the order for Briefing Paper - Stage 1 will be cancelled as obsolete).


This product is sold subject to the standard Terms for online products.


To order, click on the link below.

In the order form's "Product" field drop-down list, select the Briefing Paper required and follow the prompts.

Online order form