Tag:Australia

1
Australian Privacy Law Reform – The Wait is (Almost!) Over
2
Privacy Reform Bill Just Around the Corner
3
Australian Privacy Reform Series Refresher: What Are These Reforms?
4
Disclosure Obligations for Cyber Ransom Payments: A New Cyber Security Act is Coming
5
Security of Critical Infrastructure – Adoption of Cyber Security Framework and Mandatory Reporting Deadline Approaches While the Regulator Moves From “Education” to “Enforcement” Mode
6
9,948,575,739 Reasons to Change Your Passwords now
7
New Guidance Released for Australian Listed Companies on Continuous Disclosure Obligations During a Cyber Incident
8
Australia’s Privacy Framework set to be Revamped Following the Government’s Response to the Privacy Act Review Report
9
Australian Government contemplates Asimov’s Omnibus
10
Optus faces the mother-of-all data breach class actions

Australian Privacy Law Reform – The Wait is (Almost!) Over

By: Cameron Abbott, Stephanie Mayhew, and Rob Pulham

The long-awaited privacy reform has finally been introduced into the Australian Parliament today with the introduction of the Privacy and Other Legislation Amendment Bill 2024. Described as ‘Tranche 1’ of the reforms, the Bill introduces significant uplifts to several aspects of Australia’s privacy laws.

The proposed changes include:

  • The long-touted statutory tort for serious invasions of privacy;
  • As we predicted, new ‘tiered’ penalty provisions which will apply as soon as the law comes into force, allowing the Commissioner to issue infringement notices of up to US$66,000 for specific breaches of the Australian Privacy Principles (APPs), including:
    • Not having a privacy policy, or not having a fully compliant privacy policy;
    • Not allowing individuals to remain anonymous or use a pseudonym (unless it is impracticable to do so);
    • Not keeping written records of certain disclosures;
    • Not complying with the direct marketing provisions in APP 7;
    • Not dealing with correction requests; and
    • Not providing compliant notifications about data breaches.
  • Introduction of an ‘adequacy’ recognition mechanism into APP 8, to make it easier for organisations to disclose personal information to third parties outside Australia – specific permitted countries or binding schemes will be specified for these purposes in the regulations, and disclosures to third parties in those countries or subject to those binding schemes will be permitted without the disclosing organisation being required to take additional steps to ensure the recipient complies with the APPs in relation to that information;
  • Additional notice requirements in entities’ privacy policies regarding use of automated decision-making (the transitional provisions allow for a period of 24 months before this takes effect);
  • Additional protections for minors, by paving the way for the introduction of a Children’s Online Privacy Code, which must be developed and registered by the Commissioner within 24 months of the law coming into force;
  • A new criminal offence for malicious release of personal data online, known as ‘doxxing’, with jail terms for publishing private details with the intent of causing harm, including up to 7 years’ imprisonment if the person or group is targeted on the basis of their race, religion, sex, sexual orientation, gender identity, intersex status, disability, nationality or national or ethnic origin;
  • Additional entry, search and seizure powers to the Commissioner; and
  • Additional orders which may be made by the Federal Court for contraventions of the Privacy Act.

Although the changes are yet to be passed, now is most certainly the time to ensure your organisation has at least the most basic (and visible) privacy compliance measures in place, and to start considering the make-up of your organisation’s privacy reform project team.

Privacy Reform Bill Just Around the Corner

By: Cameron Abbott, Rob Pulham, and Lauren Hrysomallis

There appears to be a further delay to the long-anticipated privacy law reform legislation, most recently expected to be unveiled this month. But even with this delay the wait won’t be long; we could see a draft bill introduced in as little as three weeks’ time.

Read More

Australian Privacy Reform Series Refresher: What Are These Reforms?

By Cameron Abbott, Rob Pulham, and Stephanie Mayhew

In 2023 the Attorney-General’s Department released the “Privacy Act Review Report” (Review Report), which considered whether the Australian Privacy Act 1988 (Cth) and its enforcement mechanisms are fit for purpose in an environment where Australians now live much of their lives online and their information is collected and used for a myriad of purposes in the digital economy.

Read More

Disclosure Obligations for Cyber Ransom Payments: A New Cyber Security Act is Coming

By Cameron Abbott, Rob Pulham, Stephanie Mayhew, Dadar Ahmadi-Pirshahid and Lauren Hrysomallis

A new Cyber Security Act is set to be unveiled in Parliament’s next sitting from 12 August, as reported by the ABC. The proposed Act would require Australian businesses and government bodies to disclose when they make a ransom payment to cybercriminals in the event of a hack, or face penalties of up to AU$15,000 for failing to notify.

Read More

Security of Critical Infrastructure – Adoption of Cyber Security Framework and Mandatory Reporting Deadline Approaches While the Regulator Moves From “Education” to “Enforcement” Mode

By Cameron Abbott, Rob Pulham, Damien Timms, Dadar Ahmadi-Pirshahid and Adam Asadurian

Some key compliance dates approach for responsible entities of critical infrastructure assets under the Security of Critical Infrastructure Act (SOCI Act).

Read More

9,948,575,739 Reasons to Change Your Passwords now

By Cameron Abbott, Rob Pulham, Stephanie Mayhew and Jordan Booth

Cybernews has reported on its researchers’ discovery of what could be the largest leaked password compilation of all time, with a record 9,948,575,739 plaintext passwords in a file called “rockyou2024.txt” (see article).

Read More

New Guidance Released for Australian Listed Companies on Continuous Disclosure Obligations During a Cyber Incident

By: Cameron Abbott, Andrew Gaffney, Harry Kingsley, Rob Pulham, and Stephanie Mayhew

Australia’s corporate regulator, ASIC, has released new guidance on how to comply with market disclosure requirements when a listed company is in the middle of investigating and responding to a cyber incident.

Read More

Australia’s Privacy Framework set to be Revamped Following the Government’s Response to the Privacy Act Review Report

By: Cameron Abbott, Rob Pulham, Stephanie Mayhew,and Maddy Bassal

Last week the federal Government released its response (the Response) to the recommendations proposed by the AGD’s Privacy Act Review Report released in February 2023 (the Report).

Read More

Australian Government contemplates Asimov’s Omnibus

By Cameron Abbott, Daniel Knight, Rob Pulham, Stephanie Mayhew, and Dadar Ahmadi-Pirshahid

Amid the rapid acceleration of tools like ChatGPT and global calls for tailored regulation of artificial intelligence tools, the Australia Federal Government has released a discussion paper on the safe and responsible use of AI. The Government is consulting on what safeguards are needed to ensure Australia has an appropriate regulatory and governance framework to manage the potential risks, while continuing to encourage uptake of innovative technologies.

Read More

Optus faces the mother-of-all data breach class actions

By Cameron Abbott, Rob Pulham, Stephanie Mayhew and Dadar Ahmadi-Pirshahid

The data breach that affected 9.8 million Australians and resulted in the personal information of 10,000 Optus customers being exposed on the dark web in September last year will be litigated in a class action lawsuit filed last Friday (21 April) in the Federal Court of Australia.

Read More

Copyright © 2024, K&L Gates LLP. All Rights Reserved.