Amid the rapid acceleration of tools like ChatGPT and global calls for tailored regulation of artificial intelligence tools, the Australia Federal Government has released a discussion paper on the safe and responsible use of AI. The Government is consulting on what safeguards are needed to ensure Australia has an appropriate regulatory and governance framework to manage the potential risks, while continuing to encourage uptake of innovative technologies.Read More
The data breach that affected 9.8 million Australians and resulted in the personal information of 10,000 Optus customers being exposed on the dark web in September last year will be litigated in a class action lawsuit filed last Friday (21 April) in the Federal Court of Australia.Read More
Proceedings led by the Office of the Australian Information Commissioner (OAIC) against Facebook, Inc. (Facebook) for their role in the Cambridge Analytica scandal will finally proceed in the Federal Court of Australia.Read More
Shortly after the Government announced their ambition to make Australia a global leader in cyber security, Australia has been named the country with “the greatest progress and commitment toward creating a cyber defence environment” in MIT’s Cyber Defence Index of 2022/23.
However, the Office of the Australian Information Commissioner’s latest notifiable data breaches report paints a different picture. The Commissioner reported a 26% increase in the number of total reported data breaches and a 41% increase in the number of reported data breaches arising from malicious or criminal attacks compared with the first half of 2022. Health service providers and the finance sector were the worst hit, together representing almost a third of reported data breaches.
In releasing the report, the Commissioner once again stressed the need for organisations to collect only the minimum amount of personal information required and deleting it when it is no longer needed. In the report the Commissioner has recommended a number of steps to address the kinds of issues featured in the second half of 2022, including:Read More
Not content with merely implementing broad-scale privacy reform, the Government has announced a new position, the Coordinator for Cyber Security to be added to the Department of Home Affairs as a step towards their aim of “making Australia the most cyber secure nation by 2030“. This would seem to be a rather aspirational target!
The Coordinator will be supported by a National Office for Cyber Security, and their role will be to oversee steps to prevent future cyber security incidents and to help manage cyber incidents as they occur.Read More
Under proposals 4.1-4.4 of the Report, changes to broaden the definition of Personal Information are on the horizon. Under the proposed amendments, the word “about” in the definition of Personal Information will be amended to “relates to”. That is – “information or an opinion that relates to an identified individual…”. This brings the definition in line with other legislative frameworks that regulate privacy and ensures consistency with the language used in the GDPR definition of ‘Personal Data’.
Amendment of the definition of ‘collection’ is also proposed to expressly cover information obtained by any means, including inferred or generated information. The Report also states that ‘reasonably identifiable’ should be supported by a non-exhaustive list of circumstances to which APP entities will be expected to have regard to in their assessment of what is ‘Personal Information’.
What does this mean for my organisation?
With such a broader interpretation, APP entities will need to have regard to a larger set of information that could fall within the definition. This will see information such as mobile location data, IP addresses, social media handles, mobile advertising IDs and other technical information more clearly fall within the definition.Read More
The Government has today released the Report of the Attorney General’s Department’s review of the Privacy Act 1988 (Cth). The Government is seeking feedback on the 116 proposals in the Report before deciding what further steps to take. Submissions on the report are due on 31 March 2023. With this timing, it’s possible that we will see the review finalised towards the end of the first half of 2023.
The report can be accessed here.
The proposals made in the Report centre around:Read More
As of yesterday, the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022 (Privacy Enforcement Act) is now in effect after receiving Royal Assent on 12 December 2022.
As we have previously shared, the Privacy Enforcement Act increases the maximum penalties for serious or repeated privacy breaches. For body corporates/organisations this increases the penalty from the current $2.22 million to whichever is the greater of:Read More
Earlier this week (on 29 November), the Australian Parliament passed the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 (Bill) which was introduced to Parliament on 26 October 2022.
The Bill amends the following:
- Privacy Act 1988 to expand the Australian Information Commissioner’s enforcement and information sharing powers and increase penalties for serious or repeated interferences with privacy;
- Australian Communications and Media Authority Act 2005 to enable the Australian Communications and Media Authority to disclose information to a non-corporate Commonwealth entity that is responsible for enforcing one or more laws of the Commonwealth; and
- Australian Information Commissioner Act 2010 to allow the Australian Information Commissioner to delegate certain functions or powers.