New data breach notification laws

The Privacy Act 1988 (Cth) (Act) has been amended by the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) (the amending Act). The amending Act introduces a mandatory data breach notification regime where an ‘eligible data breach’ occurs. The amendments will commence on 23 February 2018, unless they are proclaimed to commence earlier.

Read more

Big Data and the Risk of Re-Identification

On 12 September 2016, researchers at the University of Melbourne alerted the Commonwealth Government that it was possible to re-identify ostensibly “de-identified” Medicare Benefits Scheme (MBS) data that had been released for public access and analysis. The MBS Re-identification Event attracted significant media attention, generated an Australian Office of the Information Commissioner (OAIC) investigation and resulted in the introduction of the Privacy Amendment (Re-identification Offence) Bill 2016 (Cth). The MBS Re-identification Event is a reminder of the importance of considering the privacy implications of big data analytics.

Read more