I've already mentioned the breach notification provisions which can be improved, in my view. I haven't yet done a thorough review of it, but certainly, the area of enforcement, as I mentioned in my comments, is one where I think there could be more that could be done to, for example, give the Privacy Commissioner more enforcement powers herself, or to allow private individuals to hold organizations accountable for non-compliance with their data protection obligations under the act.
On April 29th, 2014. See this statement in context.