NEWS AND SUBSCRIPTION
The Government has announced its plans to combat ransomware including new offences and a mandatory notification obligation for victims of a ransomware attack.
The Parliamentary Joint Committee on Intelligence and Security (PJCIS) has accepted industry submissions that the proposed amendments to the Security of Critical Infrastructure Act left too much of the regulatory impost to the Minister and the Executive. The PJCIS has recommended the amending Bill be split so that certain requirements and powers become law while risk management program rules come back to parliament in a second Bill which also include a range of significant amendments.
An outline of these developments is included in our latest Update.
A decision of the Full Bench of the Fair Work Commission provides important guidance on the application of the Australian Privacy Principles (APPs) in the workplace including obligations that apply when collecting personal information from employees and the scope of the employee records exemption.
Missing from the government consultation on the Security Legislation (Critical Infrastructure) Bill 2020 (Bill), (see item 4 of our last Update) was any indication of how new security obligations are likely to be applied across the Australian economy.
Home Affairs has commenced consultation on proposed rules to be made under the Bill giving an indication of how the new law is likely to apply.
The intended extent of coverage is of particular interest because regulated entities will be required to file and keep up to date owner and operator reports, maintain a comprehensive risk management program, report cyber security incidents, and file an annual risk management report and is potentially subject government investigation and direction.
This update provides an overview of the status of key issues in Australian Cyber Security Policy at the start of 2021.
The list of current issues is extensive. Changes to foreign investment review became law on 1 January 2021. A exposure draft of a new Online Safety Act was published in December. Also in December 2020, consultations were opened on powers to "identify and disrupt" electronic services with a view to frustrating the commission of offences and the role of social media and encryption in support of extreme and radical movements.
A number of important review are current or awaiting response, including in relation to Critical infrastructure, the Privacy Act, Telecommunications security Sector Reform, mandatory data retention, the Telecommunications and other Legislation (Assistance and Access) Act and Australia's implementation of the cooperation with the USA under the US Cloud Act.
The Department of Home affairs has published a consultation paper titled Strengthening Australia’s Cyber Security Regulations and Incentives calling for feedback on a range of proposals including a new governance standard, responsible disclosure policies, a security code of practice under the Privacy Act, and, for smart devices, a security standard and a labelling scheme. Consumer remedies are also discussed. This Update also describes the consultation on consumer data rights for the Telco sector, the new International Production Orders law and the increased threshold for consumer transactions under the Competition and Consumer Act 2010
The Australian Census of Population and Housing (Census) will be conducted on 10 August 2021. It will include an online option known as the Census Digital Service. This paper aims to provide an overview of how the information collected from participants during the Census (Census Information) will be protected from unlawful access, interference, or loss. It also examines whether foreign governments can seek access to information held in Australia and describes the technical and legal barriers which prevent foreign governments from obtaining access to Census Information stored with AWS.
Major changes to national security laws during 2018 create a major compliance challenge for business dealing foreign interests. We provided an update on this subject for the China Leadership Group of hte Business Council of Australia. The presentation is available at this link.
In December of 2018 the Australian Government announced a new Online Safety Act, major changes to the regulation of Online Platforms and important changes to Australian Privacy Law. We summarise those announcements in this update.
On 5 March 2020 the Australian Government tabled a Bill that would introduce the legal framework for the issue of International Production Orders to offshore communications providers. The proposed legislation represents implementation of arrangements between the USA and other nations by the Cloud Act. A copy of the update is available here.
On 6 April 2020, the Communications and Media Law Associate published its first Communications Law Bulletin for the new decade. The special edition reviews developments in key areas of the law over the last decade and includes "National Security and Tech: The New Decade" by
Patrick Fair. The Article comments on the developments at the intersection
of national security and tech between 2010-2019, and on what’s on the agenda in this space for the next decade . A copy of the article is available here.
On 27 March 2020, The Conversation published a short article by Patrick Fair commenting on the possible use of mobile phone location data collected under Australia's mandatory data retention laws to improve contract tracing of Covid-19. A copy of the article is available here.
This update covers recent developments related to Australian’s national security framework.
Significant changes to the role of the Foreign Investment review board will increase national security oversight of foreign owned businesses. Australia’s Cyber Security Strategy 2020 (Strategy) proposes a rage of new legislated controls and industry guidelines. We also mention a consultation on new rules for the protection of critical infrastructure of national significance and outstanding and upcoming reports by the Parliamentary Joint Committee on Intelligence and Security (PJCIS). A copy of the update is available here.
The powers granted to our police and security agencies have important implications for government transparency and the privacy of ordinary citizens. These issues will be addressed by upcoming reports of the Parliamentary Joint Committee on Intelligence and Security (PJCIS) dealing with the proposed International Production Orders Bill, the Encryption Bill and the mandatory data retention framework. The Independent National Security Legislation Monitor (INSLM) has reported on the Encryption Bill and made some valuable recommendations. Now is the time for the PJCIS to see the bigger picture and implement a framework consistent with the INSLM recommendations.
I wrote about this in today's Communications Day. You can download the article here.