Queensland’s state government is currently considering a mandatory data breach notification scheme that will force agencies to report data breaches to the Queensland Office of the Information Commissioner (OIC) and affected individuals.
The scheme, which would be a first for a state or territory government, will help protect citizens should they be affected by an “eligible data breach”. This scheme, along with other privacy and information sharing reforms, is currently in the works within the state government.
As of the moment, agencies within the state are not obligated to report data breaches despite previous recommendations for a data breach notification (DBN).
The proposed DBN scheme would be based on the 2018 Commonwealth scheme, giving individuals the same protections as the federal scheme.
In the consultation paper recently released by the Queensland Government, which sought views on a wide range of proposed reforms to the state’s information privacy and right to information legislation, an eligible data breach is considered as unauthorised access or loss of personal information that is “likely to result in serious harm” to the affected individuals.
The proposed scheme also requires agencies to conduct “reasonable and expeditious” assessments of suspected breaches, and must notify the OIC and the affected individuals “as soon as practicable”.
Aside from this, the OIC would also be able to direct agencies to provide statements about a breach and recommend notifying individuals.
Queensland’s data breach notification scheme adopts a single set of privacy principles that are more aligned with those in the Commonwealth Privacy Act.
Queensland Attorney-General Shannon Fentiman released a consultation paper for changes to the state’s information privacy and right to information legislation last Friday.
“It’s critical our Information Privacy Act effectively protects individuals’ personal information and provides appropriate remedies and responses when privacy is breached,” she said.
“The proposed reforms reflect a number of recommendations already made by the Crime and Corruption Commission.”