Privacy Law

Government surveillance bill passed by Parliament

On 25 August 2021 Federal Parliament passed the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021 (Bill).  The Bill modifies various acts, including the Surveillance Devices Act 2004 (Cth) (SDA) and the Crimes Act 1914 (Cth) (CA), to enhance the law enforcement powers of the Australian Federal Police and the Australian Criminal Intelligence Commission in respect of serious online crime.[1]  The Bill introduces three (3) new warrants:

  • data disruption warrants;
  • network activity warrants; and
  • account takeover warrants.

[Read more…]

Ransomware Payments Bill 2021 (Cth)

Ransomware is a type of software which maliciously denies an organisation access to their own IT systems and often threatens to release information within such a system subject to the payment of a ransom.  The government believes ransomware attacks are Australia’s largest cyber threat.[1]  The Ransomware Payments Bill 2021 (Cth) (Bill) intends to establish mandatory reporting requirements for all of Commonwealth entities, State or Territory agencies, corporations and partnerships who make ransomware payments pursuant to a ransomware attack.  The Bill would see such organisations provide notice to the Australian Cyber Security Centre (ACSC). [Read more…]

OAIC Notifiable Data Breaches report – July 2020

The Notifiable Data Breaches (NDB) scheme was established to improve consumer protection and promote better security standards to safeguard personal information in Australia.  The NDB scheme applies to all agencies and organisations who are protected by the Privacy Act 1988 (Cth) (Act) and required to take personal steps to secure personal information.

The Australian Information Commissioner (OAIC) publishes reports on notifications received under the NDB scheme to track the leading causes and sources of data breaches, and to draw attention to potential issues and areas that entities regulated under the Act need to have ongoing awareness of.  This article summarises the findings of the NDB Report for the period from 1 January to 30 June 2020. [Read more…]

Data breaches: what exactly is serious harm?

The Notifiable Data Breaches Scheme applies to entities (APP Entities) that are required to protect personal information pursuant to the Australian Privacy Act 1988 (Cth) (Act)The Act provides that where an eligible data breach (EDB) occurs, APP Entities in control of that information must notify the Office of the Australian Information Commissioner (OAIC) and the individuals who are affected by the EDB. [Read more…]

Need a reseller agreement?

A reseller agreement (Reseller Agreement) is a contract that entitles one party (Reseller) to sell, market, distribute, or lease a product or service of another (Supplier).  Resellers Agreements are also known as distribution, supply or distributor agreements. Often the Supplier is also the manufacturer of the goods but they may be the importer, a developer of the service or a licensee of software or training programs. [Read more…]

Privacy Awareness Week 2019 – 12-18 May 2019

During  Privacy  Awareness  week  2019 Australian businesses  are  reminded  they  are  entrusted  with  certain  responsibilities  pursuant  to  the  Privacy  Act  1988  (Cth) (Privacy  Act).    In  particular  the  way  they  collect,  store  and  disclose  the  personal  information  of  their  customers. [Read more…]

Abhorrent violent material prohibited

The Australian Parliament has promptly passed the Criminal Code Amendment (Sharing of Abhorrent Violent Material) Act 2019 (Cth) (Act) according to the Explanatory Memorandum in response to the events of the March 2019 mass shooting in Christchurch, New Zealand.  The Act creates various new sections of the  Criminal Code Act 1995 (Cth)(Criminal Code) and in particular section 474.33 and 474.34 creates (2) new offences in relation to “internet service providers, content service providers and hosting service providers” (Service Providers) as follows: [Read more…]

De-encryption laws to make tech giants cooperate with law enforcement

Updated 4 October 2018 – see De-encryption De-encryption Bill currently before Joint Committee

According to the ABC website, in the next few weeks Cyber Security Minister Angus Taylor is poised to present new legislation which once passed will require technology companies and multinationals to assist law enforcement to access encrypted data of “suspected criminals and terrorists”.  Currently, the bill is not yet before parliament but should appear on its website once officially announced.

In February, the government has indicated its plans to tackle criminal use of encryption with the Honourable Peter Dutton MP stating in an address to the National Press Club:

“Law enforcement access to encrypted communications should be on the same basis as telephone and other intercepts,
in which companies provide vital and willing assistance in response to court orders.”
[Read more…]

EU General Data Protection Regulations (GDPR) – How to comply

Similar to the Australian Privacy Principles (APP) as set out in the Australian Privacy Act 1988 (Cth) (Privacy Act), the General Data Protection Regulation (GDPR) ‘lays down rules relating to the protection of natural persons and the processing of their personal data.’  The GDPR came into force on 24 May 2016 and became binding on all European Union (EU) member states on 25 May 2018. [Read more…]

What is a data breach response plan and how do I get one?

On 23 February 2018 the notifiable data breach scheme (Scheme) was enacted, through legislation amending the Privacy Act 1988 (Cth) (Privacy Act), making it mandatory for certain (eligible) entities to notify affected individuals about eligible data breaches.  In talking to clients in this area, there appears to be some confusion about what an eligible organisation has to do to prepare for this. [Read more…]

Send this to a friend