Rocky Perrotta (pictured), the president of the Law Society of South Australia, told Lawyers Weekly that Australia is well overdue for legislative changes to privacy law.
“Our privacy is at much greater risk at this time than ever before,” he said.
“It is easier for privacy to be violated and that the violation can be on a massive scale. Once the private information is out in the public domain the damage is done.”
The federal Privacy Act 1988 and the Criminal Code Act 1995 do not explicitly cover the types of privacy breaches that can occur in the digital age, he said.
Under Australian law it is possible to bring action against corporate and government entities that release private information through negligence.
But it is not easy to prosecute people who steal or share private data without consent, such as hackers or perpetrators of revenge porn.
“[Privacy law in Australia] doesn’t have huge teeth,” Mr Perrotta said.
Paul Gordon, a senior associate at NDA Law in Adelaide, told Lawyers Weekly there are "significant gaps in the Privacy Act".
"Why, for example, is the invasion of privacy by a small business acceptable, but the identical action by a larger company actionable?" he asked.
Mr Perrotta called on the federal and state government to “just pass comprehensive privacy laws so everyone knows where everyone stands”.
“Other countries have done it and it's far from impossible,” he added.
Mr Perrotta argued that both civil and criminal law should be amended to better protect privacy.
He said that exhaustive studies have been conducted by the Australian Law Reform Commission (ALRC) and the SA Law Reform Institute on the need to better protect privacy.
“The ball is well and truly in the law makers’ court,” he said.
The ALRC’s Serious Invasions of Privacy in the Digital Era Report, published last year, pushed for a federal statutory cause of action for serious invasions of privacy.
The report argued that it was “difficult to predict” whether common law could produce a cause of action for invasions of privacy in the absence of a statute.
Mr Perrotta doubted that the courts could conjure a privacy tort within the current legislative framework.
He compared common law with the theory of evolution, arguing that judges can only build on concepts that already exist (just as life forms cannot just re-engineer their DNA on a whim).
“If the law is not there the courts can't just say, ‘I'm going to make a privacy right’. They just don't have the power to do that.”
The release of confidential information about Ashley Madison users by a group of hackers called ‘The Impact Team’ in July may have exposed up to 460,000 Australians.
Law suits have already been filed in Canada and the US alleging a breach of contract, negligence and breach of privacy.
While victims may sue for a breach of privacy in New Zealand, the US, Canada and the EU, Australians have limited legal options, according to Mr Perrotta.
“It might be possible to successfully sue for something other than a breach of privacy, but it is far from clear.”
He added: “The Commonwealth Criminal Code does contain criminal offences, which should cover hackers in some instances. This would be a criminal prosecution, not a private action by victims.”
Mr Gordon suggested that action could be taken against Ashley Madison’s parent company Avid Life Media under the Privacy Act if the company had sufficient revenue.
Mr Gordon believes there is a significant gap between community expectations on privacy and the actual protection provided by the law.
"Individuals using digital technology are providing their personal information to third parties with the click of a mouse. Many people would be surprised to find out that they are not protected by the legal system."
Like this story? Subscribe to our free newsletter and receive Lawyers Weekly every day straight to your inbox.