Would your company pass the Fair and Reasonable Test? “People have started saying ‘well, we shouldn’t just be thinking about could-we, but we should be thinking about should-we. And I think if you bundle up fair and reasonable, if you bundle up privacy as a human right, if you bundle up potential rights to claim against companies, that should-we questions could be your north star and your guiding light until we have actual legislation to live by.” – Lyn Nicholson, General Counsel, Holding Redlich. The Australian government has agreed in principle to many recommendations made in the review of the Privacy Act—one of which is the fair and reasonable test, which will require regulated entities to make an impact assessment before collecting personal data for products or services. Holding Redlich General Counsel Lyn Nicholson talks about the potential impact of the fair and reasonable test because it might not be a bad idea to use it as a guiding principle even though it is not a requirement…. yet. Resources • Government response to the Privacy Act Review Report: https://www.ag.gov.au/rights-and-protections/publications/government-response-privacy-act-review-report#:~:text=In%20its%20response%20to%20the,to%20best%20protect%20this%20information • Dymocks confirms 1.2 million customers shared on the dark web in data breach: https://www.abc.net.au/news/2023-09-15/dymocks-confirms-1-million-customers-details-leaked/102863820 • Data Breach could cost Medibank $ 35 million in 2024: https://www.itnews.com.au/news/data-breach-could-cost-medibank-35-million-in-2024-599566 • Equifax fined $13.4 million following data breach: https://www.cshub.com/attacks/news/equifax-data-breach-fine