Qld Govt to set up mandatory data breach notification scheme

WA bank struck by ‘criminal’ data breach

The Queensland Government is set to establish a mandatory data breach notification scheme in a bid to strengthen and regulate government agencies’ responses to data breaches.

The Government said its Information Privacy and Other Legislation Amendment Bill 2023, which includes the establishment of the breach notifications scheme, is designed to improve transparency and accountability of the state’s agencies data holding practices and increase privacy protections for individuals and their personal information held by government agencies.

Further to that, the Government said it will also introduce requirements to notify affected individuals and the Office of the Information Commissioner of eligible data breaches that are likely to result in serious harm, as well as empower individuals to take steps to manage risks and mitigate harms that may arise from a data breach.

The Bill will also include:

  • Amendments to support the implementation of the scheme for the proactive release of Cabinet documents.
  • Reforms to improve consistency with the Commonwealth Privacy Act, including a single set of privacy principles aligned with the Australian Privacy Principles. This will provide a stepping stone for further reform following any legislation arising out of the Commonwealth Government’s review of the Privacy Act.
  • Reforms to the Right to Information framework that will reduce red tape and deliver efficiencies for applicants and agencies.

The move will also see Queensland join New South Wales as the only other state to introduce such a scheme in Australia.

“This is the third Bill to implement recommendations from Professor Peter Coaldrake’s 2022 report and demonstrates this Government’s commitment to integrity and transparency. A significant aspect of this Bill is the establishment of a mandatory data breach notification scheme,” Attorney-General, Minister for Justice, and Minister for the Prevention of Domestic and Family Violence Yvette D’Ath, said.

“Recent high-profile data breaches demonstrate that loss or unauthorised access or disclosure of personal information has the potential to result in serious harm to individuals.

“That’s why we are establishing this scheme so there are clear, consistent requirements to notify individuals of data breaches of Queensland government agencies, so that individuals are empowered to take steps to reduce the risk of harm resulting from a data breach.

D’Ath also said the reforms would ensure that Queensland’s privacy laws remain contemporary and relevant given the changes to the use of technology and to the way in which personal information is collected, used, accessed, stored and disclosed today.