NEWS AND SUBSCRIPTION
On 28 September 2023 the Federal government issued the Government Response (Response) to submissions received on its Privacy Act Review Report. The government responded to each proposal with “agrees”, “agrees in-principle” or “noted” stating that it intends to release draft legislation and undertake “targeted consultation” in relation to matters where it “agrees”. The designation “agrees in principle” indicates that the items will proceed “subject to further engagement with regulated entities and a comprehensive impact analysis…” It appears that maters noted will go no further. The most important changes in each category are summarized in this Update.
Earlier this year, I was interviewed by the Sharon Givoni, the General Editor of the LexisNexis Internet Law Bulletin on the future of legal assistance considering the impact of generative AI. The article appears in 2023, Vol 25 No 9 of the Internet Law Bulletin. You can read a copy here:
The Security of Critical Infrastructure Act (2018) restricts the use and disclosure of information relating to regulated assets. The linked article discusses the scope of protected information, the restrictions imposed and the practical difficulties that arise when trying to comply.
The article was published in the first edition of the secureGov, published by the Australian Information Security Association (AISA). AISA have kindly permitted me to make a copy available here.
In this update there is a link to my podcast with Lawyers Weekly on the protentional impact of ChatGPT on the Legal Profession and a link to my article on the proposed new statutory tort for serious invasions of privacy.
Welcome to 2023!
Reviews, Reforms and Implementation
The Attorney-General has made the latest step towards revision of the Privacy Act 1988 with release of the privacy Review- Report.
In this Update we provide a summary of the key privacy reforms proposed and update on the progress in the many other cyber security and communications industry related reforms being prosecuted by the Australian government.
Home Affairs is asking for input regarding a proposed new Electronic Surveillance Act to replace the complex array of existing surveillance Federal and State law built up over many years.
In our latest Update we outline the issues raised for comment by the Department in its Discussion Paper and list some of the many ways the existing laws could be improved.
We also describe the new Anti-Trolling Bill and provide a update on developments in the roll out of the new Security of critical infrastructure framework.
The Government has announced its plans to combat ransomware including new offences and a mandatory notification obligation for victims of a ransomware attack.
The Parliamentary Joint Committee on Intelligence and Security (PJCIS) has accepted industry submissions that the proposed amendments to the Security of Critical Infrastructure Act left too much of the regulatory impost to the Minister and the Executive. The PJCIS has recommended the amending Bill be split so that certain requirements and powers become law while risk management program rules come back to parliament in a second Bill which also include a range of significant amendments.
An outline of these developments is included in our latest Update.
Recently announced proposals to amend the Privacy Act are the most significant privacy reforms since the changes to the Act made in 2014. If implemented they will require revisions to Privacy Policies, Collection Notices, information request
handling procedures and many business practices.
The changes to the penalty regime and the introduction of two forms of civil rights of action, and the proposal for an industry levy to be charged to regulated entities that are the subject of a complaint, increase the potential risk of collecting, holding and disclosing personal information.
This latest Update summarizes the key elements of the privacy reforms and reports on the latest development in implementation of the national Security of Critical Infrastructure reforms.
A decision of the Full Bench of the Fair Work Commission provides important guidance on the application of the Australian Privacy Principles (APPs) in the workplace including obligations that apply when collecting personal information from employees and the scope of the employee records exemption.
Missing from the government consultation on the Security Legislation (Critical Infrastructure) Bill 2020 (Bill), (see item 4 of our last Update) was any indication of how new security obligations are likely to be applied across the Australian economy.
Home Affairs has commenced consultation on proposed rules to be made under the Bill giving an indication of how the new law is likely to apply.
The intended extent of coverage is of particular interest because regulated entities will be required to file and keep up to date owner and operator reports, maintain a comprehensive risk management program, report cyber security incidents, and file an annual risk management report and is potentially subject government investigation and direction.
This update provides an overview of the status of key issues in Australian Cyber Security Policy at the start of 2021.
The list of current issues is extensive. Changes to foreign investment review became law on 1 January 2021. A exposure draft of a new Online Safety Act was published in December. Also in December 2020, consultations were opened on powers to "identify and disrupt" electronic services with a view to frustrating the commission of offences and the role of social media and encryption in support of extreme and radical movements.
A number of important review are current or awaiting response, including in relation to Critical infrastructure, the Privacy Act, Telecommunications security Sector Reform, mandatory data retention, the Telecommunications and other Legislation (Assistance and Access) Act and Australia's implementation of the cooperation with the USA under the US Cloud Act.
The Department of Home affairs has published a consultation paper titled Strengthening Australia’s Cyber Security Regulations and Incentives calling for feedback on a range of proposals including a new governance standard, responsible disclosure policies, a security code of practice under the Privacy Act, and, for smart devices, a security standard and a labelling scheme. Consumer remedies are also discussed. This Update also describes the consultation on consumer data rights for the Telco sector, the new International Production Orders law and the increased threshold for consumer transactions under the Competition and Consumer Act 2010
The Australian Census of Population and Housing (Census) will be conducted on 10 August 2021. It will include an online option known as the Census Digital Service. This paper aims to provide an overview of how the information collected from participants during the Census (Census Information) will be protected from unlawful access, interference, or loss. It also examines whether foreign governments can seek access to information held in Australia and describes the technical and legal barriers which prevent foreign governments from obtaining access to Census Information stored with AWS.
Major changes to national security laws during 2018 create a major compliance challenge for business dealing foreign interests. We provided an update on this subject for the China Leadership Group of hte Business Council of Australia. The presentation is available at this link.
In December of 2018 the Australian Government announced a new Online Safety Act, major changes to the regulation of Online Platforms and important changes to Australian Privacy Law. We summarise those announcements in this update.
On 5 March 2020 the Australian Government tabled a Bill that would introduce the legal framework for the issue of International Production Orders to offshore communications providers. The proposed legislation represents implementation of arrangements between the USA and other nations by the Cloud Act. A copy of the update is available here.
On 6 April 2020, the Communications and Media Law Associate published its first Communications Law Bulletin for the new decade. The special edition reviews developments in key areas of the law over the last decade and includes "National Security and Tech: The New Decade" by
Patrick Fair. The Article comments on the developments at the intersection
of national security and tech between 2010-2019, and on what’s on the agenda in this space for the next decade . A copy of the article is available here.
On 27 March 2020, The Conversation published a short article by Patrick Fair commenting on the possible use of mobile phone location data collected under Australia's mandatory data retention laws to improve contract tracing of Covid-19. A copy of the article is available here.
This update covers recent developments related to Australian’s national security framework.
Significant changes to the role of the Foreign Investment review board will increase national security oversight of foreign owned businesses. Australia’s Cyber Security Strategy 2020 (Strategy) proposes a rage of new legislated controls and industry guidelines. We also mention a consultation on new rules for the protection of critical infrastructure of national significance and outstanding and upcoming reports by the Parliamentary Joint Committee on Intelligence and Security (PJCIS). A copy of the update is available here.
The powers granted to our police and security agencies have important implications for government transparency and the privacy of ordinary citizens. These issues will be addressed by upcoming reports of the Parliamentary Joint Committee on Intelligence and Security (PJCIS) dealing with the proposed International Production Orders Bill, the Encryption Bill and the mandatory data retention framework. The Independent National Security Legislation Monitor (INSLM) has reported on the Encryption Bill and made some valuable recommendations. Now is the time for the PJCIS to see the bigger picture and implement a framework consistent with the INSLM recommendations.
I wrote about this in today's Communications Day. You can download the article here.