On 30 November 2023, the Digital ID Bill 2023 (Cth) and the Digital ID (Transitional and Consequential Provisions) Bill 2023 (Digital ID Bills) were introduced in the Australian Senate. Digital IDs are designed to provide individuals with a convenient way to verify their identity when completing certain online transactions and dealing with government and certain businesses. This acts as an alternative to repeatedly providing details or copies of personal and sensitive identification documents with third parties that may be vulnerable to cyber-attacks. [Read more…]
Privacy Law
Privacy Act amended to increase penalties up to $50 Million
The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 (Bill) was passed by both Houses of Parliament on the 28 November 2022 and now awaits Royal Assent. The Bill was passed with virtually no amendment.
New privacy bill to be put before commonwealth parliament
The Federal Government announced on 22 October 2022 that it intends to introduce new legislation to strengthen certain provisions of the Privacy Act 1988(Cth). This legislative change was triggered by multiple data breaches that have occurred in the past weeks such as the Optus breach in September this year. This article discusses the proposed amendments and the implications for Australian privacy laws.
What should APP Entities include in a data destruction policy?
The Australian Privacy Principles (APPs) contained at Schedule 1 of the Privacy Act 1988 (Cth) (Act) requires APP Entities to destroy or deidentify personal or sensitive information (Protected Information) as soon as reasonably practicable.[1] Having a data destruction policy (DDP) in place means that everyone in the company knows what information is Protected Information, and when and how it is to be destroyed or deidentified. [Read more…]
Government surveillance bill passed by Parliament
On 25 August 2021 Federal Parliament passed the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021 (Bill). The Bill modifies various acts, including the Surveillance Devices Act 2004 (Cth) (SDA) and the Crimes Act 1914 (Cth) (CA), to enhance the law enforcement powers of the Australian Federal Police and the Australian Criminal Intelligence Commission in respect of serious online crime.[1] The Bill introduces three (3) new warrants:
- data disruption warrants;
- network activity warrants; and
- account takeover warrants.
Uber breaches Australian privacy laws
The recent decision by the Australian Information Commissioner and Privacy Commissioner, Angele Falk, (Commissioner) in Commissioner Initiated Investigation into Uber Technologies, Inc. & Uber B.V. (Privacy) [2021] AICmr 34 (Uber) has provided further guidance as to exactly who is bound by the Privacy Act 1988 (Cth) (Act) though the ‘Australian link’ set out in subsections 5B(2)-(3) (Australian Link). A full breakdown of what amounts to an Australian Link can be viewed in another article here. This article discusses the Australian Privacy Principles (APPs) that were breached by Uber and what was decided the ride-sharing entity was to do in response to non-compliance with the Act. [Read more…]
Ransomware Payments Bill 2021 (Cth)
Ransomware is a type of software which maliciously denies an organisation access to their own IT systems and often threatens to release information within such a system subject to the payment of a ransom. The government believes ransomware attacks are Australia’s largest cyber threat.[1] The Ransomware Payments Bill 2021 (Cth) (Bill) intends to establish mandatory reporting requirements for all of Commonwealth entities, State or Territory agencies, corporations and partnerships who make ransomware payments pursuant to a ransomware attack. The Bill would see such organisations provide notice to the Australian Cyber Security Centre (ACSC). [Read more…]