The Australian Law Reform Commission has produced a wide-ranging report on the Privacy Act, with recommendations for 295 changes to the current law. While the focus of the financial services industry is on the commission's comment on credit reporting there are other recommendations that, if adopted, will affect the industry.These recommendations cover the cross-border transmission of data, notification of data breaches and nominee arrangements for third parties.The commission has recommended that if an organisation in Australia transfers personal information about an individual to a recipient outside Australia, the organisation remains accountable for that personal information.The organisation would be accountable if the overseas recipient uses the data in a way that would be "an interference with the privacy of the individual" if done in Australia.ALRC president David Weisbrot said that during its consultations the commission had detected a "visceral unease" about personal information being sent overseas. Weisbrot said: "This unease appears to reflect a general feeling that people are losing control over something deeply personal with little ability to do anything about it and few remedies if anything goes wrong."The ALRC has recommended that the government introduce a breach notification scheme so that an organisation would have to notify its customer and the Privacy Commissioner of any "serious" breach of privacy. This would include banking details being stolen.The commission has also recommended that the law be amended to include the concept of a nominee and provide that an organisation may establish nominee arrangements.ALRC commissioner Les McCrimmon said the issue of third party representatives, such as people with power of attorney acting on behalf of a relative, had become extremely complicated, with little consistency.Under the proposed amendment a nomination could be made by a "substitute decision maker" authorised by federal, state or territory law. The Office of the Privacy Commissioner would be given the job of developing guidance for dealing with third party representatives. Guidance would cover the extent of the involvement of third parties, the administration of nominee arrangements, and procedures for verifying the authority of a substitute decision maker.