Australia and New Zealand


Australia and New Zealand Topic Page

Here, you can find the IAPP’s collection of coverage, analysis and resources related to privacy in Australia and New Zealand.

Featured Resources

Privacy and Consumer Trust in Australia

This infographic provides a snapshot of the most meaningful data points around privacy perceptions and trust amongst consumers in Australia.
Read More

Key Dates of Federal Privacy Reform in Australia

This infographic presents a brief overview of federal privacy reform efforts in Australia and what might be expected in 2023.
Read More

Privacy not dead in Australia; it’s diffusing

This article covers that while much attention has been paid to the penalty increase, the largest change is to the applicability of the Privacy Act to organizations operating globally and in Australia, which means “higher penalties could apply to a whole new set of businesses overnight.”
Read More

Additional News and Resources

Privacy insights from the Australian Royal Commission's Robodebt investigation

The Robodebt scheme was a controversial and unlawful attempt by the Australian government to recover debts from welfare recipients between 2015 and 2019 using an automated data-matching system. During this period, serious questions were raised about the processes behind automated data-matching and associated privacy practices of involved government agencies involved: the Australian Department of Human Services and the Australian Taxation Office.   What followed was infamously referred to as "a ... Read More

OAIC publishes latest Notifiable Data Breaches Report

The Office of the Australian Information Commissioner released its Notifiable Data Breaches Report for the first half of 2023. The biannual report outlined the industries most susceptible to breaches, the sources of breaches and areas for improved practice. Commissioner Angelene Falk said organizations "must have the security measures required to minimise the risk of a data breach" and "the longer organisations delay (breach) notification, the more the chance of harm increases."Full story... Read More

93% of Australian organizations pursuing generative AI bans

Research by software company BlackBerry Limited found 93% of Australian organizations are pursuing bans on generative artificial intelligence applications in the workplace. However, the majority of survey respondents also recognized opportunities for generative AI apps in the workplace, for instance around attracting talent, increasing efficiency and augmenting creativity.Full story... Read More

Media organizations oppose Australia privacy law reform

Australia's Right to Know coalition — made up of leading media outlets and organizations — opposes privacy law reform, saying it would have a "devastating impact on press freedom and journalism," the Guardian reports. The proposed reform includes a right to sue for serious privacy invasions and would require media companies to comply with requirements around securing and destroying private information. The group said the proposal would be "contrary to public interest and result in a significant ... Read More

Australian privacy reform moves forward with new government report

The Australian Attorney-General's Department released its highly anticipated review of the Privacy Act 1988 Thursday, a significant step in the reform of the nation's privacy law. The Privacy Act Review Report includes 116 recommendations based on 30 "key themes and proposals" from stakeholders during the course of the last two years. "The proposed reforms are aimed at strengthening the protection of personal information and the control individuals have over their information. Stronger privacy ... Read More

Do privacy principles have to trump convenience?

Brilliantly funny Aussie comedian Wil Anderson, of Gruen Transfer fame, wrote in his gut-splitting book "I Am Not Fine, Thanks" an incredibly insightful comment about the trade-offs between privacy, smart devices and other technological marvels. In his book Anderson writes about his initial resistance to technology companies wangling their way inside our homes with connected tech. "I was already not the smartest thing in my house, and I don't need to keep demoting myself down the ladder," he sai... Read More

Australia passes Privacy Legislation Amendment Bill 2022

The Parliament of Australia approved final passage of the Privacy Legislation Amendment Bill 2022. The bill amends the Privacy Act of 1988 to increase data breach fines to AU$50 million, or penalties based on data monetization and 30% of adjusted quarterly turnover under a new three-factor penalty scheme. Australian Information Commissioner and Privacy Commissioner Angelene Falk said the changes create "closer alignment with competition and consumer remedies" under the EU General Data Protection... Read More

New Zealand DSAR Tool

This tool from the New Zealand Privacy Commissioner allows users to fill out a form which submits a request for their personal data from any organization, business or government agency in New Zealand. Read More

OAIC Notifiable Data Breach Statistics

The Office of the Australian Information Commissioner published the newest iteration of its Notifiable Data Breaches Report, which covers activity from January to June. OAIC received 446 breach notifications during the period and saw a 24% rise in ransomware attacks from the prior reporting period. Read More

A look at proposals to amend Australia’s privacy law

In a Salinger Privacy blog post, Principal Anna Johnston, CIPP/E, CIPM, FIP, looks at proposals to amend Australia’s Privacy Act. Johnston discusses proposals released by the Attorney General’s Department in October, which have “much to say about digital harms, targeted advertising, personalised content and the role of online identifiers.” Overall, Johnston said the proposals “represent some sensible ways to strengthen the law,” but she added, “there are some opportunities not yet grasped, and a... Read More

Australia, US reach crime data sharing agreement

The U.S. Department of Justice announced the U.S. and Australia entered into a crime data sharing agreement under the Clarifying Lawful Overseas Use of Data Act. The DOJ said the agreement will allow law enforcement from both countries to trade electronic data in efforts to "prevent, detect, investigate and prosecute" a range of serious crimes, including ransomware attacks. The deal will be carried out with "strong protections for the rule of law, privacy and civil liberties," according to the D... Read More

Reported privacy breaches increased four times following NZ Privacy Act 2020

The Office of the Privacy Commissioner of New Zealand published its “December 2021 Insights Report – Privacy Breach Reporting,” one year after implementation of the Privacy Act 2020. According to the report, reported privacy breaches increased nearly four times from Dec. 1, 2020 to Oct. 31, 2021, following mandatory reporting requirements. The OPC said one third of reported breaches met the threshold for serious harm, 35% involving emotional harm, 14% reputational harm, and 11% financial harm. T... Read More

IAPP ANZ Summit Online 2021: A Fireside Chat with Commissioner Falk

Original Broadcast Date: November 2021 This session was part of the IAPP ANZ Summit Online 2021. Hear from Australian Information and Privacy Commissioner Angelene Falk on the privacy landscape in 2021 and the outlook ahead. Commissioner Falk, in conversation with IAPP Country Leader of Australia and National Australia Bank Chief Privacy and Data Ethics Officer Stephen Bolinger, CIPP/E, CIPP/G, CIPM, CIPT, FIP, discussed the Office of the Australian Information Commissioner’s privacy regulator... Read More

Australia accredits first non-government digital identity exchange operator

ZDNet reports Australia's debit transaction system eftpos is the country's first non-governmental accredited digital identity exchange operator under the Trusted Digital Identity Framework. Eftpos's connectID service works as a "broker" between identity service providers and organizations that must verify identity information as part of their service, such as government departments. The company has said it does not store any identity data. Full Story... Read More

AWS to launch data center region in New Zealand

Amazon Web Services will launch its first data center region in Auckland, New Zealand, by 2024, ZDNet reports. “When operational, the AWS region here will enable customers from startups to enterprises as well as government, education, and non-profit organisations to run applications and securely store data from data centres located right here on New Zealand soil. And they can do this knowing that we are committed to providing the highest standard of privacy and security protections,” New Zealand... Read More

Queensland police implement facial recognition devices to curb driving infractions

Police in Queensland are using internet-connected interlock devices with facial recognition technology to address incidents of driving under the influence, ABC News reports. The devices are fitted to vehicles of convicted drivers and require the facial verification and a breath test to start the ignition. “These devices are well worth it as they make drivers accountable for their actions,” Mount Isa District Road Policing Unit Sgt. Paul Quinlan said.Full Story... Read More

Australian government accredits first digital ID provider

Sydney-based startup OCR Labs is the first company to receive licensing from Australia's government to be a digital identification provider, InnovationAus reports. OCR earned accreditation via the Digital Transformation Agency’s Trusted Digital Identity Framework. OCR will not officially be a provider until Australia passes legislation to allow a broad expansion of the country's digital ID program, with a bill expected to be presented to Parliament in the near future.Full Story... Read More

New Zealand gives citizens new data subject right

The New Zealand government implemented a legislative framework granting citizens a new consumer data right. Citizens will have the ability to share their data with third parties via standardized data formats and interfaces. The new data right will be rolled out on a sector-by-sector basis, with the government determining the individual markets, sectors and industry where it applies.Full Story... Read More

Australian firm helped FBI open San Bernardino iPhone

The Washington Post reports Australian information security consultancy Azimuth Security was responsible for helping the U.S. Federal Bureau of Investigation access the encrypted iPhone of the San Bernardino, California, attackers in 2016. In the piece, Ellen Nakashima and Reed Albergotti break down how Azimuth hacked the phone and explains the company's role as a "white hat" hacker, described as "good-guy cybersecurity research that aims to disclose flaws and disavows authoritarian governments.... Read More

NZ Privacy Act 2020 enters into force

New Zealand's Office of the Privacy Commissioner announced the Privacy Act 2020 has taken effect. "The new act brings with it a wider range of enforcement tools to encourage best practice, which means we are now able to take a different approach to the way we work as a regulator," Privacy Commissioner John Edwards said. Notably, the updated legislation features new breach reporting obligations, criminal penalties and new provisions on international data transfers. Also, Edwards joined RNZ's Cori... Read More

Australia’s anti-encryption collision with GDPR sub-processing

On Dec. 6, Australia passed a surprising law with a global impact on privacy. The new law requires any Australian company to build backdoors to encrypted data and communications when instructed to do so by the government, while also requiring secrecy about the existence of such surveillance capabilities from individuals and enterprise customers. This unverifiable question of compromised encryption presents many technical threats and introduces international regulatory compliance challenges as we... Read More

iappANZ Privacy Unbound Archives

Archives of iappANZ’s Privacy Unbound are now available through the IAPP’s online Resource Center. Users can access issues dating back to April 2015, where they will find a range of topics being discussed by predominant privacy professionals from across the region. Read More