Queensland government to legislate mandatory data breach notification
The Queensland government is set to enact a compulsory data breach notification system, as stated by Queensland Attorney-General Yvette D’Ath. The Information Privacy and Other Legislation Amendment Bill 2023 will introduce essential changes aimed at enhancing transparency, accountability within Queensland government agencies, and bolstering privacy safeguards for individuals.
This development comes in response to the Coaldrake Review on government accountability and culture, released in June 2022, which strongly recommended such action. In addition to mandating the reporting of data breaches, this bill will also make it obligatory for affected organisations to directly inform their customers of any data breaches. It is anticipated that this legislation will encourage organisations to bolster their data protection measures.
Attorney-General D’Ath emphasised the significance of this move, pointing out that recent high-profile data breaches have shown that the loss or unauthorised access to personal information can lead to significant harm to individuals. Establishing this scheme will ensure that there are clear and consistent requirements for notifying individuals about data breaches in Queensland government agencies, empowering individuals to take steps to mitigate the risks associated with such breaches.
Furthermore, these reforms will modernise Queensland’s privacy laws to align with the evolving landscape of technology and the ways in which personal information is collected, used, accessed, stored, and shared in the digital age.
The bill encompasses various other reforms, including more transparent access to cabinet documents, bringing Queensland more in line with the Commonwealth Privacy Act, and streamlining the right-to-information framework to reduce bureaucracy and enhance efficiency for both applicants and agencies.