On 12 October 2023, the Government introduced the Information Privacy and Other Legislation Amendment Bill 2023 (Bill) to Queensland Parliament which, amongst other things, establishes a mandatory data breach notification scheme (MDBN Scheme) in Queensland. The
Jim Lennon (AU)
Privacy Act Review report
The Attorney General’s Department released its Privacy Act Review report on 16 February 2023, that includes the broad suite of reforms you would expect to bring Australia’s privacy laws in to line with both international standards and the reality of…
Flurry of activity in the Privacy Act review, including tougher penalties and new online privacy framework
This article was co-authored with India Bennett.
After months of anticipation regarding the ongoing review of the Privacy Act 1988 (Cth), the Federal Government has galvanized the Australian privacy landscape with two significant developments.
Firstly, the Government has released a
…
US CLOUD Act and International Privacy
The U.S. Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”) is apparently the Goldilocks of the privacy world, according to recent statements issued by two international jurisdictions. The CLOUD Act’s requirements are “too hard” for Australian law, according to the Law Council of Australia, but the privacy protections are “too soft” for the European Data Protection Board and European Data Protection Supervisor. The current lack of any executive agreements between the U.S. and another jurisdiction under the CLOUD Act seems to indicate that the U.S. has not yet found a jurisdiction that is “just right” for the CLOUD Act.
Data breach notification to become mandatory in Australia from 22 February 2018
Privacy compliance will become even more important for all companies in Australia now that the mandatory data breach notification scheme has been enacted.
From 22 February 2018, certain data breaches (known as “eligible data breaches”) will need to be notified to the Australian Privacy Commissioner and affected individuals. Previously, notification of data breaches was optional.
Data breach notification places cyber-risk at the top of the agenda
The bar is to be raised yet again for privacy compliance in Australia. Cyber-risk has become a key agenda item for boards for the public sector, and the impending mandatory data breach notification regime is set to propel cyber-risk to the top of the agenda.
Schrems: the global impact – how the ECJ ruling is affecting countries outside the EU and US
A number of jurisdictions around the world follow the lead from Europe in relation to data protection and impose similar restrictions on the export of personal data unless there is an “adequate level” of protection offered in the recipient jurisdiction. The EU Commission’s “US Safe Harbor” decision had permitted the transfer of personal data between Europe and the US by establishing that an adequate level of data protection was ensured by the EU-US Safe Harbor scheme.