Those with an interest in cyber security will have been closely watching the debate in recent years as to whether a statutory tort for invasion of privacy should be introduced. Clearly enough, in the event of a large scale cyber breach impacting upon the personal data of individuals, the financial consequences could be even greater if those individuals were able to bring action in the courts seeking damages for breach of privacy.
Although there have been attempts in the past by plaintiffs to have courts recognise such a cause of action, most of those attempts have related more to a traditional breach of confidence. The courts have left the door ajar to argue the point but there is currently no clearly recognised avenue to pursue damages for breach of privacy.
At the Federal level, in recent years, the Australian Law Reform Commission has twice recommended the introduction of a statutory cause of action for breach of privacy, firstly in its 2008 report For Your Information and then more recently in its 2014 report Serious Invasions of Privacy in the Digital Era. However, there has not been any real political momentum supporting the implementation of that suggested reform and, indeed, many are outright opposed to it.
With no real likelihood of such legislation being introduced at the Federal level in the foreseeable future, two states have recently looked more closely at the possible introduction of a statutory tort of invasion of privacy.
New South Wales
The NSW Standing Committee on Law and Justice recently inquired into the adequacy of remedies in relation to serious invasions of privacy. On 3 March 2016 the Committee released the Remedies for the serious invasion of privacy in New South Wales report.
In the report the Committee recommends introducing a statutory cause of action for serious invasions of privacy in NSW. The Committee further recommends that a fault element of intent, recklessness and negligence on the part of governments and corporations be included within the statutory cause of action, while limiting the fault element for natural persons to intent and recklessness only.
The Committee has requested a reply from the NSW Government to the report by 5 September 2016.
Similarly, in March 2016 the South Australian Law Reform Institute released its report titled A statutory tort for invasion of privacy.
In the report the Institute recommends introducing a statutory cause of action for serious invasions of privacy in South Australia. The Institute made a host of other recommendations as qualifications to the proposed statutory cause of action, such as defences, exceptions and available remedies and damages.
Whether there is any political will to introduce such laws in these states remains to be seen but it certainly a potential development to keep a close eye on.
This article was written by Andrew Miers, Partner, Matthew Hunter, Senior Associate and Patrick Byrne, Trainee Solicitor.