Photo of Connor McClymont

Connor McClymont

On June 7, 2023, New Zealand’s Office of the Privacy Commissioner (OPC) issued a statement [1] encouraging all businesses to adopt two-factor authentication (2FA) to protect information that they hold. In her remarks, Deputy Commissioner Liz MacPherson highlighted that this should be the case regardless of the size of the organisation. She referenced the OPC’s latest small businesses insights report, and opined that:

“When a cyber… breach occurs, the question [that will be asked] … is ‘have you taken reasonable cybersecurity steps to protect the personal data you hold?’ Not to have taken reasonable steps is a breach of the Privacy Act… What is reasonable depends on the size of the organisation and the scale and sensitivity of the personal information they hold.
Continue Reading New Zealand Urges All Businesses To Adopt 2FA

In the Australian Government’s first step towards enhancing and enforcing privacy compliance in Australia, the Attorney-General’s Department has released two publications regarding amendments to Australia’s privacy regime:

  • An exposure draft introducing amendments to the Privacy Act 1988 (Cth) (the Privacy Act), which will establish an online privacy code applicable to major online platforms and introduce increased penalties for non-compliance with the Privacy Act for all entities (the Online Privacy Bill); and
  • A discussion paper seeking further submissions on up to 67 proposals to amend the Privacy Act and introduce a raft of amendments to Australian privacy law focused on increasing enforcement, empowering individuals and aligning Australia with global privacy regimes (the Discussion Paper).

Continue Reading Australia’s Online Privacy Bill and Privacy Act Discussion Paper: First Steps Towards an Enhanced Australian Privacy Regime

As the world struggles to deal with the spread of coronavirus disease 2019 (COVID-19), governments are turning to technology to help “flatten the curve” and slow the rate of transmissions. Although Australia has been relatively successful in mitigating the widespread health impacts of COVID-19, the federal government has encouraged all Australians to download its COVIDSafe

Australian FlagThe previous decade saw the expansion of data privacy laws in Australia and throughout the globe in terms of their application, enforceability and scope, as well as the protections made available to individuals through primary legislation.[1] As we enter a new decade, we are beginning to see the evolution of privacy and data as a multi-regulatory compliance issue, as data protection issues start to permeate additional legal frameworks. Data privacy and protection is no longer confined to issues between a business and its customer, with a privacy regulator, such as the Office of the Australian Information Commissioner, overseeing this relationship in light of applicable laws. Instead, data privacy and protection is becoming increasingly relevant in previously unconsidered aspects of a business’ operational cycle. This article examines this trend by considering data privacy and protection developments within Australian takeovers and foreign acquisitions law.
Continue Reading Data Privacy and Protection – A New Focus Within Australian Takeovers Law

More than twelve months after the commencement of the Australian Notifiable Data Breach Scheme,[1] statistics published by the Office of the Australian Information Commissioner (OAIC) have begun to reveal trends present in the 812 notifiable data breaches recorded in Australia between 22 February and 31 December 2018. One key trend is the clear susceptibility of the health care industry, which suffered one fifth of all data breaches recorded in Australia throughout 2018, the highest number on an  industry scale.
Continue Reading The Un-healthiness of the Australian Health Sector’s Data Security

The Office of the Australian Information Commissioner (OAIC) released its second quarterly statistics report into the Notifiable Data Breach Scheme on 31 July 2018 (Report). The Report provides further insight into the operation of the new scheme, which commenced February this year. The scheme provides for mandatory reporting of ‘eligible’ data breaches to the OAIC and to potentially affected individuals. Whether a data breach is eligible depends on whether the unauthorised disclosure, or loss, of data is likely to result in serious harm to affected individuals.
Continue Reading Australian Information Commissioner’s Office Releases Report on Notifiable Data Breach Scheme