Jim Lennon (AU)

Subscribe to all posts by Jim Lennon (AU)

Privacy Act Review report

By Ka-Chi Cheung, Anna Gamvros, Jim Lennon (AU) and Ross Phillipson on February 23, 2023 Posted in Privacy law

The Attorney General’s Department released its Privacy Act Review report on 16 February 2023, that includes the broad suite of reforms you would expect to bring Australia’s privacy laws in to line with both international standards and the reality of our data-based economy. These include enhanced data subject rights and increased accountability requirements for organisations collecting and … Continue reading

Flurry of activity in the Privacy Act review, including tougher penalties and new online privacy framework

By Nick Abrahams (AU), Scott Atkins (AU), Ka-Chi Cheung, Anna Gamvros, Peter Mulligan (AU), Benjamin Kende, Jim Lennon (AU) and Ross Phillipson on November 25, 2021 Posted in Cybersecurity

This article was co-authored with India Bennett. After months of anticipation regarding the ongoing review of the Privacy Act 1988 (Cth), the Federal Government has galvanized the Australian privacy landscape with two significant developments. Firstly, the Government has released a discussion paper about the reform of the Privacy Act. The discussion paper considers stakeholder feedback on the issues paper released in October 2020 … Continue reading

US CLOUD Act and International Privacy

By Marcus Evans (UK), David Kessler (US), Jim Lennon (AU) and Susan Ross (US) on August 1, 2019 Posted in Compliance and risk management, Enforcement, General

The U.S. Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”) is apparently the Goldilocks of the privacy world, according to recent statements issued by two international jurisdictions. The CLOUD Act’s requirements are “too hard” for Australian law, according to the Law Council of Australia, but the privacy protections are “too soft” for the European … Continue reading

Data breach notification to become mandatory in Australia from 22 February 2018

By Jim Lennon (AU) and Edward Odendaal (AU) on February 7, 2018 Posted in Regulatory response

Privacy compliance will become even more important for all companies in Australia now that the mandatory data breach notification scheme has been enacted. From 22 February 2018, certain data breaches (known as “eligible data breaches”) will need to be notified to the Australian Privacy Commissioner and affected individuals. Previously, notification of data breaches was optional.… Continue reading

Data breach notification places cyber-risk at the top of the agenda

By Nick Abrahams (AU) and Jim Lennon (AU) on December 9, 2015 Posted in Compliance and risk management, Regulatory response

The bar is to be raised yet again for privacy compliance in Australia. Cyber-risk has become a key agenda item for boards for the public sector, and the impending mandatory data breach notification regime is set to propel cyber-risk to the top of the agenda.… Continue reading

Schrems: the global impact – how the ECJ ruling is affecting countries outside the EU and US

By Jim Lennon (AU) on November 2, 2015 Posted in General

A number of jurisdictions around the world follow the lead from Europe in relation to data protection and impose similar restrictions on the export of personal data unless there is an “adequate level” of protection offered in the recipient jurisdiction. The EU Commission’s “US Safe Harbor” decision had permitted the transfer of personal data between … Continue reading