The Australian Privacy Commissioner will be able to issue million-dollar fines to government agencies and companies for serious and repeated privacy breaches under a new law.

The reforms, which Commonwealth Attorney-General Nicola Roxon has dubbed the most significant changes to privacy laws in more than 20 years, passed on Thursday and are expected to come into force in about 15 months. Ms Roxon introduced a discussion paper on mandatory reporting of breaches in October.

Attorney-General Nicola Roxon Credit:Alex Ellinghausen

The law gives privacy commissioner Timothy Pilgrim new powers, including the ability to investigate both groups at his discretion, in the same way that he currently can individuals.

"I can get written undertakings and if they're not complied with, I can get them enforced through the courts and where there is a serious or repeated breach, go to court to ask civil penalties be imposed on them," Mr Pilgrim said.