Queensland passes mandatory data breach notice laws

p


Justin Hendry

Editor
ppQueensland has become only the second state to legislate a mandatory data breach notification scheme for public sector entities as an almost identical scheme comes into effect in New South WalesppThe Information Privacy and Other Legislation Amendment Bill 2023 passed through the Queensland state Parliament on Wednesday less than two months after the bill was first introducedppThe new scheme will require state and local government entities to notify affected individuals and the states privacy watchdog of eligible data breaches that would likely result in serious harmppA similar scheme exists at the Commonwealth level through the mandatory Notifiable Data Breaches Scheme but it does not extend to state agencies stateowned corporations or local councils only federal agencies and parts of the private sectorppThe Queensland scheme will come into effect for state government entities at the beginning of July 2025 while local governments have been given until July 2026 to prepare for the changesppThe Office of the Information Commissioner Queensland has been calling for such a scheme for the best part of a decade while the Crime and Corruption Commission joined the push in 2016 after uncovering corruption risks around confidential informationppThe Palaszczuk government committed to introducing the scheme last year shortly after a damning review of the states public sector by Professor Peter Coaldrake which also backed mandatory notification was publishedppNew South Wales is the only other state or territory to have introduced a mandatory data breach notification scheme passing legislation for the scheme in November last yearppThe New South Wales scheme which similarly applies to public sector agencies stateowned corporations and local councils as well as some universities came into effect on Tuesday after a yearlong grace periodppUnder the scheme passed by the Queensland Parliament on Wednesday agencies will have 30 days after a data breach to identify whether notification is required with an extension allowed where it is reasonably requiredppA previous version of the bill allowed agencies to extend the 30 days time period unilaterally for an indefinite period of time which the government amended before the bill was passed A committee inquiry into the bill recommended the changes last weekppThe bill also aligns state privacy law more closely with national privacy principles and reforms the Right to Information framework to reduce barriers to citizens accessing government held informationppPenalties for conduct relating to the misuse of restricted computers have similarly been increased following a spate of incidences where public officers have misused confidential information an offence known in the state as computer hackingppIn a statement on Wednesday AttorneyGeneral Yvette DAth described the scheme as significant step forward one that will enhance public confidence in Queenslands privacy laws after a series of highprofile data breachesppEveryone is aware of highprofile data breaches in recent years Thats why we have progressed these reforms to ensure individuals are notified of data breaches of Queensland government agencies which are likely to result in serious harmppThis will empower affected individuals to take action that will reduce the risk of adversity from a data breachppMs DAth also foreshadowed future reforms arising from the review of the Commonwealth Privacy Act with the federal government agreeing to 106 of proposals in full or in principle in SeptemberppI understand that the Commonwealth government currently plans to introduce legislation sometime in 2024 she told state Parliament on WednesdayppProceeding with Queenslands privacy reforms now ahead of any changes to the Commonwealth Privacy Act will provide an uplift of the privacy protections for Queenslanders moving towards the Commonwealth frameworkppDo you know more Contact James Riley via EmailppData of 11000 people stolen in NDIS breachppMission launch 34bn Defence accelerator gets down to businesspp
You must Suscribe or
Login to post a commentp