Photo of Connor McClymont

Connor McClymont

The first tranche of Australian privacy law reform has been passed by the Australian government and will come into effect within days. This reform further increases the range and type of penalties that Australia can enforce for non-compliance with local privacy law and introduces changes which businesses will need to action.Continue Reading First Tranche of Reforms to Australian Privacy Law Passed with Amendments

On 12 September 2024, the Australian Government introduced the Privacy and Other Legislation Amendment Bill 2024 (Bill) which represents the first tranche of Australian privacy law reforms and aims to implement some of the legislative proposals identified from Australia’s long running review of, and consultation regarding, reform of the Australian Privacy Act 1988

On 5 June 2024, the Australian Information Commissioner commenced civil penalty proceedings in the Australian Federal Court against Medibank Private Limited (an Australian health insurance provider) in relation to its notorious data breach in October 2022.

To bring you back up to speed on the Medibank data breach, on 25 October 2022, Medibank notified the

The Association of Southeast Asian Nations (ASEAN) has issued a practical guide[1] for AI design, development and deployment by organizations, as well as for policy formulation by governments in the region. The guide focuses on “traditional AI technologies” that exclude generative AI.Continue Reading ASEAN Publishes Multipurpose AI Governance Guide

On June 7, 2023, New Zealand’s Office of the Privacy Commissioner (OPC) issued a statement [1] encouraging all businesses to adopt two-factor authentication (2FA) to protect information that they hold. In her remarks, Deputy Commissioner Liz MacPherson highlighted that this should be the case regardless of the size of the organisation. She referenced the OPC’s latest small businesses insights report, and opined that:

“When a cyber… breach occurs, the question [that will be asked] … is ‘have you taken reasonable cybersecurity steps to protect the personal data you hold?’ Not to have taken reasonable steps is a breach of the Privacy Act… What is reasonable depends on the size of the organisation and the scale and sensitivity of the personal information they hold.
Continue Reading New Zealand Urges All Businesses To Adopt 2FA

In the Australian Government’s first step towards enhancing and enforcing privacy compliance in Australia, the Attorney-General’s Department has released two publications regarding amendments to Australia’s privacy regime:

  • An exposure draft introducing amendments to the Privacy Act 1988 (Cth) (the Privacy Act), which will establish an online privacy code applicable to major online platforms and introduce increased penalties for non-compliance with the Privacy Act for all entities (the Online Privacy Bill); and
  • A discussion paper seeking further submissions on up to 67 proposals to amend the Privacy Act and introduce a raft of amendments to Australian privacy law focused on increasing enforcement, empowering individuals and aligning Australia with global privacy regimes (the Discussion Paper).

Continue Reading Australia’s Online Privacy Bill and Privacy Act Discussion Paper: First Steps Towards an Enhanced Australian Privacy Regime

As the world struggles to deal with the spread of coronavirus disease 2019 (COVID-19), governments are turning to technology to help “flatten the curve” and slow the rate of transmissions. Although Australia has been relatively successful in mitigating the widespread health impacts of COVID-19, the federal government has encouraged all Australians to download its COVIDSafe

Australian FlagThe previous decade saw the expansion of data privacy laws in Australia and throughout the globe in terms of their application, enforceability and scope, as well as the protections made available to individuals through primary legislation.[1] As we enter a new decade, we are beginning to see the evolution of privacy and data as a multi-regulatory compliance issue, as data protection issues start to permeate additional legal frameworks. Data privacy and protection is no longer confined to issues between a business and its customer, with a privacy regulator, such as the Office of the Australian Information Commissioner, overseeing this relationship in light of applicable laws. Instead, data privacy and protection is becoming increasingly relevant in previously unconsidered aspects of a business’ operational cycle. This article examines this trend by considering data privacy and protection developments within Australian takeovers and foreign acquisitions law.
Continue Reading Data Privacy and Protection – A New Focus Within Australian Takeovers Law

More than twelve months after the commencement of the Australian Notifiable Data Breach Scheme,[1] statistics published by the Office of the Australian Information Commissioner (OAIC) have begun to reveal trends present in the 812 notifiable data breaches recorded in Australia between 22 February and 31 December 2018. One key trend is the clear susceptibility of the health care industry, which suffered one fifth of all data breaches recorded in Australia throughout 2018, the highest number on an  industry scale.
Continue Reading The Un-healthiness of the Australian Health Sector’s Data Security

The Office of the Australian Information Commissioner (OAIC) released its second quarterly statistics report into the Notifiable Data Breach Scheme on 31 July 2018 (Report). The Report provides further insight into the operation of the new scheme, which commenced February this year. The scheme provides for mandatory reporting of ‘eligible’ data breaches to the OAIC and to potentially affected individuals. Whether a data breach is eligible depends on whether the unauthorised disclosure, or loss, of data is likely to result in serious harm to affected individuals.
Continue Reading Australian Information Commissioner’s Office Releases Report on Notifiable Data Breach Scheme