Tag:privacy

1
Australian Privacy Law Reform – The Wait is (Almost!) Over
2
Privacy Reform Bill Just Around the Corner
3
Illinois Reigns in Excesses of Biometric Information Privacy Act: Form of Consent Expanded and Claims Limited
4
Australian Privacy Reform Series Refresher: What Are These Reforms?
5
Disclosure Obligations for Cyber Ransom Payments: A New Cyber Security Act is Coming
6
9,948,575,739 Reasons to Change Your Passwords now
7
AI’s Next Frontier: The New Voice of Scam Calls?
8
Decree No. 2024-388 and Its Implications for Intermediation Platforms
9
New Guidance Released for Australian Listed Companies on Continuous Disclosure Obligations During a Cyber Incident
10
Anticipated Tightened Data Privacy Regulations: Raid on Worldcoin

Australian Privacy Law Reform – The Wait is (Almost!) Over

By: Cameron Abbott, Stephanie Mayhew, and Rob Pulham

The long-awaited privacy reform has finally been introduced into the Australian Parliament today with the introduction of the Privacy and Other Legislation Amendment Bill 2024. Described as ‘Tranche 1’ of the reforms, the Bill introduces significant uplifts to several aspects of Australia’s privacy laws.

The proposed changes include:

  • The long-touted statutory tort for serious invasions of privacy;
  • As we predicted, new ‘tiered’ penalty provisions which will apply as soon as the law comes into force, allowing the Commissioner to issue infringement notices of up to US$66,000 for specific breaches of the Australian Privacy Principles (APPs), including:
    • Not having a privacy policy, or not having a fully compliant privacy policy;
    • Not allowing individuals to remain anonymous or use a pseudonym (unless it is impracticable to do so);
    • Not keeping written records of certain disclosures;
    • Not complying with the direct marketing provisions in APP 7;
    • Not dealing with correction requests; and
    • Not providing compliant notifications about data breaches.
  • Introduction of an ‘adequacy’ recognition mechanism into APP 8, to make it easier for organisations to disclose personal information to third parties outside Australia – specific permitted countries or binding schemes will be specified for these purposes in the regulations, and disclosures to third parties in those countries or subject to those binding schemes will be permitted without the disclosing organisation being required to take additional steps to ensure the recipient complies with the APPs in relation to that information;
  • Additional notice requirements in entities’ privacy policies regarding use of automated decision-making (the transitional provisions allow for a period of 24 months before this takes effect);
  • Additional protections for minors, by paving the way for the introduction of a Children’s Online Privacy Code, which must be developed and registered by the Commissioner within 24 months of the law coming into force;
  • A new criminal offence for malicious release of personal data online, known as ‘doxxing’, with jail terms for publishing private details with the intent of causing harm, including up to 7 years’ imprisonment if the person or group is targeted on the basis of their race, religion, sex, sexual orientation, gender identity, intersex status, disability, nationality or national or ethnic origin;
  • Additional entry, search and seizure powers to the Commissioner; and
  • Additional orders which may be made by the Federal Court for contraventions of the Privacy Act.

Although the changes are yet to be passed, now is most certainly the time to ensure your organisation has at least the most basic (and visible) privacy compliance measures in place, and to start considering the make-up of your organisation’s privacy reform project team.

Privacy Reform Bill Just Around the Corner

By: Cameron Abbott, Rob Pulham, and Lauren Hrysomallis

There appears to be a further delay to the long-anticipated privacy law reform legislation, most recently expected to be unveiled this month. But even with this delay the wait won’t be long; we could see a draft bill introduced in as little as three weeks’ time.

Read More

Illinois Reigns in Excesses of Biometric Information Privacy Act: Form of Consent Expanded and Claims Limited

By: Cameron Abbott and Rob Pulham

In their recent article available here, Joseph Wylie, Kenn Brotman, and J. Morgan Dixon from our Chicago office discuss what changes to privacy law in Illinois will mean for company’s collecting or sharing individual’s biometric data.

Australian Privacy Reform Series Refresher: What Are These Reforms?

By Cameron Abbott, Rob Pulham, and Stephanie Mayhew

In 2023 the Attorney-General’s Department released the “Privacy Act Review Report” (Review Report), which considered whether the Australian Privacy Act 1988 (Cth) and its enforcement mechanisms are fit for purpose in an environment where Australians now live much of their lives online and their information is collected and used for a myriad of purposes in the digital economy.

Read More

Disclosure Obligations for Cyber Ransom Payments: A New Cyber Security Act is Coming

By Cameron Abbott, Rob Pulham, Stephanie Mayhew, Dadar Ahmadi-Pirshahid and Lauren Hrysomallis

A new Cyber Security Act is set to be unveiled in Parliament’s next sitting from 12 August, as reported by the ABC. The proposed Act would require Australian businesses and government bodies to disclose when they make a ransom payment to cybercriminals in the event of a hack, or face penalties of up to AU$15,000 for failing to notify.

Read More

9,948,575,739 Reasons to Change Your Passwords now

By Cameron Abbott, Rob Pulham, Stephanie Mayhew and Jordan Booth

Cybernews has reported on its researchers’ discovery of what could be the largest leaked password compilation of all time, with a record 9,948,575,739 plaintext passwords in a file called “rockyou2024.txt” (see article).

Read More

AI’s Next Frontier: The New Voice of Scam Calls?

By: Cameron Abbott, Rob Pulham, Dadar Ahmadi-Pirshahid, and Adam Asadurian

Astonishingly (…or perhaps not, for anyone who’s answered a phone call recently), “imposter calls” are the number one offender of spam calls in the United States, amounting to 33% of all phone calls according to a recent study by QR Code Generator.

Read More

Decree No. 2024-388 and Its Implications for Intermediation Platforms

By Claude-Étienne Armingaud and Kenza Berrada

Digital intermediation service platforms within the sectors of chauffeur-driven transportation and goods delivery have new responsibilities since the enactment of Decree no. 2024-388 on 25 April 2024. Operating under the framework established by Article L. 7345-1 of the French Labor Code, this Decree has initiated a systematic collection and transmission protocol for data concerning platform workers’ activities to the French Employment Platforms Social Relations Authority (ARPE).

Read More

New Guidance Released for Australian Listed Companies on Continuous Disclosure Obligations During a Cyber Incident

By: Cameron Abbott, Andrew Gaffney, Harry Kingsley, Rob Pulham, and Stephanie Mayhew

Australia’s corporate regulator, ASIC, has released new guidance on how to comply with market disclosure requirements when a listed company is in the middle of investigating and responding to a cyber incident.

Read More

Anticipated Tightened Data Privacy Regulations: Raid on Worldcoin

By Paul Haswell and Sarah Kwong

In late January 2024, Hong Kong’s privacy watchdog, the Personal Data Privacy Commission (“PCPD”) raided six premises of Worldcoin, a cryptocurrency initiative co-founded by Sam Altman, that requires an iris scan from clients for identification purposes and also for earning tokens. The PCPD conducted an investigation into Worldcoin’s operations, suspecting that its sensitive personal data (i.e. iris information) collection practices might infringe the Personal Data Privacy Ordinance (Cap. 486).

Read More

Copyright © 2024, K&L Gates LLP. All Rights Reserved.