The Queensland government has introduced legislation for data breach notification, joining NSW as the only other state to introduce such a scheme.
There was a review done over a year ago into the culture and accountability of the Queensland government. One of the recommendations from that review was to have mandatory data breach reporting for government agencies. The Attorney General said that recent high profile data breaches had demonstrated that loss or unauthorised access or disclosure of personal information has the potential to result in serious harm to individuals. Which is why they are establishing the scheme, so that there are clear consistent requirements to notify individuals of data breaches of Queensland government agencies. This would empower individuals to take steps to reduce the risk of harm resulting from a data breach. A Queensland government agency that suspect a breach, must take all reasonable containment steps and have up to 30 days to assess the incident. A survey of Queensland government agencies back in June showed that the agencies have ‘more to do’, to be ready for data breach reporting.
https://www.legislation.qld.gov.au/view/whole/html/bill.first/bill-2022-041
https://www.itnews.com.au/news/qld-gov-introduces-data-breach-notification-legislation-601173
https://www.itnews.com.au/news/qld-gov-proposes-mandatory-data-breach-reporting-for-agencies-581815
https://www.itnews.com.au/news/qld-gov-agencies-have-more-to-do-to-be-ready-for-future-data-breach-reporting-596870
This segment was created for the It’s 5:05 podcast