NSW leads the change for protecting personal data held by government agencies – should SA follow suit?
Posted on November 21, 2022
NSW has become the first state in Australia to pass a law compelling government agencies to notify the (Commonwealth) Office of the Australia Information Commissioner (OAIC) of any serious data breach.
Prior to the Privacy and Personal Information Protection Amendment Bill (NSW) 2022 17 November 2022, only private companies with a turnover of $3 million or more were obliged to report serious data breaches to the OAIC pursuant to the Notifiable Data Breaches Scheme (NDB Scheme) in the Privacy Act 1988 (Cth). Government agencies were previously exempt from complying with the NDB Scheme unless they held personal information such as health records or Tax File Number information.
If you would like to know more about the NDB Scheme, you can access our previous article about it here. The new law was passed in the wake of recent significant cyber-attacks suffered by Optus and Medibank in September this year. We provided a summary of each of those breaches in our article last month which can be accessed here.
NSW Attorney General, Mark Speakman, said the purpose of the new law was to fulfil the NSW government’s commitment to strengthening privacy protections for the citizens of NSW.
How do SA Government agencies currently respond to data breaches?
The Public Sector (Data Sharing) Act (SA) 2016 imposes boundaries around specific uses of personal information collected and held by SA government agencies. It does not, however, compel SA government agencies to report serious data breaches to the OAIC. Thus, there is a material difference between our current legislative framework and the law just now passed by the NSW Parliament.
Should SA follow in NSW’s footsteps?
Personal information held by state and federal government agencies is threatened by increased cyber-attacks taking place in both the public and private sectors.
Given this, it appears to be a “no brainer” for states and territories across Australia to amend their respective legislative frameworks to include both public and private institutions in an attempt to strengthen the country’s response to cyber-crime and terrorism.
Has your or your business’s personal data been compromised?
Have you or your business been affected by a cyber-attack(s) or experienced cyber security concerns?
We have assisted many clients who have suffered actual or suspected data breaches, and helped many others implement response plans.
Please contact us for further advice or help.
