Australian Cyber Privacy Regulations I Brit Insurance

We’ve compiled this information on privacy and cybersecurity legislation in Australia.

It’s designed as a high-level overview with links to sources for further research. Please read our disclaimer at the bottom of this page.

Privacy Act

The Privacy Act 1988 (Privacy Act) is the principal piece of Australian legislation protecting the handling of personal information about individuals. This includes the collection, use, storage and disclosure of personal information in the federal public sector and in the private sector.

Other statutory provisions also affect privacy and separate privacy regimes apply to state and territory public sectors.

The Privacy Act is supported by the Privacy Regulation 2013 and the Privacy (Credit Reporting) Code 2014.

Notifiable Data Breaches scheme

The Notifiable Data Breaches scheme commenced as part of the Privacy Act on 22 February 2018. 

The scheme requires businesses – who are subject to the Privacy Act – to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) when there’s a data breach of personal information that poses risk of serious harm. 

Notifiable Data Breaches scheme

GDPR

Does GDPR apply to Australia?

GDPR applies to Australian organisations with an established presence in the EU - for example, having a branch office in one or more of the EU member states. 

GDPR

Magecart Parallax2

Sector specific requirements

Providers of banking, insurance and superannuation services must notify the Australian Prudential Regulatory Authority (APRA) of information security incidents within 72 hours. Find out more from DLA Piper.

Read more

Australia’s cybersecurity laws

The parliament of Australia has passed cybersecurity laws aimed at cracking down on increasingly harmful ransomware attacks and data breaches that have shaken the country since 2022. 

Australia’s cybersecurity laws

Privacy Legislation Amendment Bill 2022

In 2022, Australia amended its existing Privacy Act with a bill known as the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 to include substantial changes related to cybersecurity. 

Firstly, it raised fines for companies that suffer “serious” or “repeated” data breaches. 

Secondly, it gave the Office of the Australian Information and Privacy Commissioner (OAIC) new regulatory and oversight powers. The law affects any organisation that does business in Australia, even if they don’t collect the personal information of Australians. 

Privacy Legislation Amendment Bill 2022

Legislative reforms of 2024

To implement the Australian Cyber Security Strategy 2023-2030, the government has introduced a series of legislative reforms in two parts. 

The first is to introduce new cybersecurity legislation to bridge gaps for things like secure-by-design principles, ransomware reporting, and establishing a Cyber Incident Review Board. 

The second part is to amend the existing Security of Critical Infrastructure Act 2018 (SOCI Act). This will: 

  • Introduce new regulations about data retention.

  • Allow the government to manage critical infrastructure businesses in the event of major cyber incidents.

  • Simplify information sharing.

  • Consolidate security requirements in the telecommunications sector. 

Legislative reforms of 2024

Laws/Regulations directly regulating AI (the “AI Regulations”)

Australia has not yet enacted any specific statutes or regulations that directly regulate AI. To date, Australia's response to AI has been voluntary and includes the AI Ethics Principles published in 2019 (the "AI Ethics Principles") 

Laws/Regulations directly regulating AI (the “AI Regulations”)

A quick disclaimer about this advice

The information here is not, and doesn’t intend to be, legal advice.

All information, content, and materials are for general information only. The information may not be the most up-to-date, legally or otherwise and may not be exhaustive. This website contains links to other websites – these are for convenience; Brit does not recommend or endorse the contents of the third-party sites.

A quick disclaimer about this advice

Insights

Read the latest insights from our cyber security partners.

Insights

Artboard – 5

Operational Technology (OT): Protecting Critical Systems in a Connected World

19-06-2024 |Cyber
Read more
Woman working on a computer with digital screens in view

Digital Forensics:
Managing a Digital Crime Scene

19-09-2024 |Cyber
Read more
Breach Counsel Teaser

Breach response: leave it to the experts

24-01-2025 |Cyber
Read more
Ai Snippet

Risk Versus Reward: Using AI In Business

22-05-2024 |Cyber
Read more
Cyberpam Header

How cybercriminals exploit MFA reset prompts

25-04-2024 |Cyber
Read more
Ransomware Fullbleed1

Ransomware negotiation: Don’t try this at home

18-03-2024 |Cyber
Read more
Adcybergap Pageimg

Addressing The Cyber Gap With SMEs

29-01-2024 |Cyber
Read more
NIS2 Header

Brit - NIS2: What does it mean for cyber security?

30-11-2023 |Cyber
Read more
DT

The Cyber Security Threat from Digital Twins - Brit

30-11-2023
Read more