The Queensland Education, Employment and Training Committee has recommended the passing of a Bill that will strengthen the state's data privacy laws.
Introduced last month, the Information Privacy and Other legislation Amendment Bill 2023 proposes to introduce changes to the Information Privacy Act 2009 (IP Act) and the Right to Information Act 2009 (RTI Act).
If passed, the Bill will make Queensland the second state after New South Wales to introduce a mandatory data breach notification (MDBN) scheme for government agencies.
The scheme will require agencies to "take all reasonable" steps to contain and minimise the harm of a suspected or known data breach.
They will generally have 30 days to assess the incident and must notify affected individuals and the Office of the Information Commissioner of eligible data breaches that would likely result in serious harm.
There are also a series of exemptions to the scheme, including if notifying could "compromise the agency’s cybersecurity or lead to further data breaches."
Agencies will need to keep a “register” of breaches and publish a “data breach policy.”
The Bill also includes reforms to provide consistency with the federal Privacy Act, including an updated definition of ‘personal information’ and a single set of privacy principles based on the Australian Privacy Principles.
The powers and functions of the Information Commissioner will also be enhanced.
In its report tabled to the Queensland parliament, the Committee recommended the passing of the Bill along with two other recommendations.
The second recommendation would require that any extension of a data breach assessment period beyond 30 days be only for an amount of time reasonably required for the assessment to be conducted.
The third recommendation is for the Queensland Attorney General to clarify if proposed definitions in the IP Act and RTI Act would impact the rights and entitlements of First Nations People and other Queenslanders.
In its report, the Committee stated that it anticipates the reforms to the IP Act in the Bill will be commenced on proclamation by 1 July 2025.
The MDBN scheme for local government would then commence 1 July 2026.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
