Queensland has taken a significant step in data protection by passing the Information Privacy and Other Legislation Amendment Bill 2023, enacting mandatory data breach notification laws for public sector entities. Following New South Wales’ lead, Queensland becomes the second state in Australia to implement such legislation, requiring state and local government bodies to report eligible data breaches that could potentially lead to serious harm to both affected individuals and the state’s privacy regulator.
The newly passed scheme aims to enhance accountability and transparency in data handling practices within the public sector. Under this law, agencies will have 30 days post a data breach incident to assess whether notification is warranted, with the possibility of a reasonable extension if required. This move aligns Queensland’s privacy regulations more closely with national standards and is a response to the growing concern over high-profile data breaches. The reform also seeks to strengthen citizens’ rights to access government-held information by reforming the Right to Information framework and aims to reduce barriers hindering public access.
Attorney-General Yvette D’Ath emphasized the importance of this legislation in fortifying privacy laws and boosting public confidence in data protection measures following notable data breach incidents. The initiative represents a proactive approach by the Queensland government to bolster data security ahead of anticipated federal reforms to the Commonwealth Privacy Act. With this step, Queensland aims to set higher privacy standards, demonstrating a commitment to safeguarding citizens’ information and paving the way for more robust data protection practices in the state.
