Australia and New Zealand


Australia and New Zealand Topic Page

Here, you can find the IAPP’s collection of coverage, analysis and resources related to privacy in Australia and New Zealand.

Featured Resources


Key Dates of Privacy Reform in Australia

This resource provides an overview of federal privacy reform efforts in Australia and what might be expected going forward.
Read More


Digital identity and responsible AI

This video gathers IAPP ANZ Summit keynote speakers to answer questions on topics important to privacy pros.
Read More


Australian Privacy Survey highlights ‘rapidly shifting’ landscape

This article covers the results of the Australian survey, analyzing the three major privacy concerns facing Australian citizens, including general reservations, and a “trust deficit” stemming from alleged data abuse.
Read More


To charge or not to charge for DSARs

Australians at a recent IAPP KnowledgeNet had mixed opinions on companies charging fees for DSARs. Some member companies pondered charging DSAR fees and established fee schedules, but ultimately decided not to impose fees. This article recaps the discussion and reaction to the pitch for fees.
Read More


Australia’s government responds to Privacy Act Review Report

This article outlines key takeaways from the government’s response, including the support of improving individuals’ control and transparency of their personal information and strengthening enforcement.
Read More


Privacy is not dead in Australia; it’s diffusing

This article covers that while much attention has been paid to the penalty increase, the largest change is to the applicability of the Privacy Act to organizations operating globally and in Australia, which means “higher penalties could apply to a whole new set of businesses overnight.”
Read More

Additional News and Resources

Australian intelligence report identifies China as largest state-backer of cyberattacks

The Australian Signals Directorate released its annual cyber threat report, Voice of America News reports. The report identified China as a major state-backer of cyberattacks on Australian critical IT infrastructure, in addition to Iran and Russia. In 2022, nearly 94,000 cyber crimes were reported to Australian law enforcement by individuals and businesses, which represented a 23% increase from 2021.Full story... Read More

Microsoft invests $5B in Australian digital initiatives

The Australian Financial Review reports Microsoft pledged AUD5 billion to the Australian government to bolster cybersecurity, artificial intelligence and cloud-computing capabilities. Notably, the investment includes training programs for 300,000 Australian AI and cloud professionals as well as collaboration with cyberdefense agencies to improve threat identification and response.Full story... Read More

Australia's government responds to the Privacy Act Review Report

On 28 Sept., the Australian Attorney-General's Department outlined the government's response to the Privacy Act Review Report recommendations. The department's long-awaited, comprehensive review report, released February 2023, proposed 116 recommendations, drawing from 30 key themes that emerged from stakeholders' input over the past two years. The report acknowledged that Australia's digital economy has led to innovation and increased productivity, but has also raised concerns about data breac... Read More

Privacy insights from the Australian Royal Commission's Robodebt investigation

The Robodebt scheme was a controversial and unlawful attempt by the Australian government to recover debts from welfare recipients between 2015 and 2019 using an automated data-matching system. During this period, serious questions were raised about the processes behind automated data-matching and associated privacy practices of involved government agencies involved: the Australian Department of Human Services and the Australian Taxation Office.   What followed was infamously referred to as "a ... Read More

OAIC publishes latest Notifiable Data Breaches Report

The Office of the Australian Information Commissioner released its Notifiable Data Breaches Report for the first half of 2023. The biannual report outlined the industries most susceptible to breaches, the sources of breaches and areas for improved practice. Commissioner Angelene Falk said organizations "must have the security measures required to minimise the risk of a data breach" and "the longer organisations delay (breach) notification, the more the chance of harm increases."Full story... Read More

93% of Australian organizations pursuing generative AI bans

Research by software company BlackBerry Limited found 93% of Australian organizations are pursuing bans on generative artificial intelligence applications in the workplace. However, the majority of survey respondents also recognized opportunities for generative AI apps in the workplace, for instance around attracting talent, increasing efficiency and augmenting creativity.Full story... Read More

Media organizations oppose Australia privacy law reform

Australia's Right to Know coalition — made up of leading media outlets and organizations — opposes privacy law reform, saying it would have a "devastating impact on press freedom and journalism," the Guardian reports. The proposed reform includes a right to sue for serious privacy invasions and would require media companies to comply with requirements around securing and destroying private information. The group said the proposal would be "contrary to public interest and result in a significant ... Read More

Australian privacy reform moves forward with new government report

The Australian Attorney-General's Department released its highly anticipated review of the Privacy Act 1988 Thursday, a significant step in the reform of the nation's privacy law. The Privacy Act Review Report includes 116 recommendations based on 30 "key themes and proposals" from stakeholders during the course of the last two years. "The proposed reforms are aimed at strengthening the protection of personal information and the control individuals have over their information. Stronger privacy ... Read More

Do privacy principles have to trump convenience?

Brilliantly funny Aussie comedian Wil Anderson, of Gruen Transfer fame, wrote in his gut-splitting book "I Am Not Fine, Thanks" an incredibly insightful comment about the trade-offs between privacy, smart devices and other technological marvels. In his book Anderson writes about his initial resistance to technology companies wangling their way inside our homes with connected tech. "I was already not the smartest thing in my house, and I don't need to keep demoting myself down the ladder," he sai... Read More

On notice: Why Australian organizations need to clean up their data holdings

Last week’s IAPP ANZ Summit 2022 in Sydney was a great event. Better still were the conversations that put a spotlight on the growing importance of privacy and data protection to the Australian community. To me, the key takeaway from the summit was clear — Aussie organizations are now on notice to “clean up” their data holdings and not retain personal information unless there’s a “bloody good reason.” For the record, the “bloody good reason” line is entirely my invention. But from my vantage po... Read More

Australia passes Privacy Legislation Amendment Bill 2022

The Parliament of Australia approved final passage of the Privacy Legislation Amendment Bill 2022. The bill amends the Privacy Act of 1988 to increase data breach fines to AU$50 million, or penalties based on data monetization and 30% of adjusted quarterly turnover under a new three-factor penalty scheme. Australian Information Commissioner and Privacy Commissioner Angelene Falk said the changes create "closer alignment with competition and consumer remedies" under the EU General Data Protection... Read More

New Zealand DSAR Tool

This tool from the New Zealand Privacy Commissioner allows users to fill out a form which submits a request for their personal data from any organization, business or government agency in New Zealand. Read More

OAIC Notifiable Data Breach Statistics

The Office of the Australian Information Commissioner published the newest iteration of its Notifiable Data Breaches Report, which covers activity from January to June. OAIC received 446 breach notifications during the period and saw a 24% rise in ransomware attacks from the prior reporting period. Read More

A look at proposals to amend Australia’s privacy law

In a Salinger Privacy blog post, Principal Anna Johnston, CIPP/E, CIPM, FIP, looks at proposals to amend Australia’s Privacy Act. Johnston discusses proposals released by the Attorney General’s Department in October, which have “much to say about digital harms, targeted advertising, personalised content and the role of online identifiers.” Overall, Johnston said the proposals “represent some sensible ways to strengthen the law,” but she added, “there are some opportunities not yet grasped, and a... Read More

Australia, US reach crime data sharing agreement

The U.S. Department of Justice announced the U.S. and Australia entered into a crime data sharing agreement under the Clarifying Lawful Overseas Use of Data Act. The DOJ said the agreement will allow law enforcement from both countries to trade electronic data in efforts to "prevent, detect, investigate and prosecute" a range of serious crimes, including ransomware attacks. The deal will be carried out with "strong protections for the rule of law, privacy and civil liberties," according to the D... Read More

Reported privacy breaches increased four times following NZ Privacy Act 2020

The Office of the Privacy Commissioner of New Zealand published its “December 2021 Insights Report – Privacy Breach Reporting,” one year after implementation of the Privacy Act 2020. According to the report, reported privacy breaches increased nearly four times from Dec. 1, 2020 to Oct. 31, 2021, following mandatory reporting requirements. The OPC said one third of reported breaches met the threshold for serious harm, 35% involving emotional harm, 14% reputational harm, and 11% financial harm. T... Read More

IAPP ANZ Summit Online 2021: A Fireside Chat with Commissioner Falk

Original Broadcast Date: November 2021 This session was part of the IAPP ANZ Summit Online 2021. Hear from Australian Information and Privacy Commissioner Angelene Falk on the privacy landscape in 2021 and the outlook ahead. Commissioner Falk, in conversation with IAPP Country Leader of Australia and National Australia Bank Chief Privacy and Data Ethics Officer Stephen Bolinger, CIPP/E, CIPP/G, CIPM, CIPT, FIP, discussed the Office of the Australian Information Commissioner’s privacy regulator... Read More

Australia accredits first non-government digital identity exchange operator

ZDNet reports Australia's debit transaction system eftpos is the country's first non-governmental accredited digital identity exchange operator under the Trusted Digital Identity Framework. Eftpos's connectID service works as a "broker" between identity service providers and organizations that must verify identity information as part of their service, such as government departments. The company has said it does not store any identity data. Full Story... Read More

AWS to launch data center region in New Zealand

Amazon Web Services will launch its first data center region in Auckland, New Zealand, by 2024, ZDNet reports. “When operational, the AWS region here will enable customers from startups to enterprises as well as government, education, and non-profit organisations to run applications and securely store data from data centres located right here on New Zealand soil. And they can do this knowing that we are committed to providing the highest standard of privacy and security protections,” New Zealand... Read More

Queensland police implement facial recognition devices to curb driving infractions

Police in Queensland are using internet-connected interlock devices with facial recognition technology to address incidents of driving under the influence, ABC News reports. The devices are fitted to vehicles of convicted drivers and require the facial verification and a breath test to start the ignition. “These devices are well worth it as they make drivers accountable for their actions,” Mount Isa District Road Policing Unit Sgt. Paul Quinlan said.Full Story... Read More

Australian government accredits first digital ID provider

Sydney-based startup OCR Labs is the first company to receive licensing from Australia's government to be a digital identification provider, InnovationAus reports. OCR earned accreditation via the Digital Transformation Agency’s Trusted Digital Identity Framework. OCR will not officially be a provider until Australia passes legislation to allow a broad expansion of the country's digital ID program, with a bill expected to be presented to Parliament in the near future.Full Story... Read More

New Zealand gives citizens new data subject right

The New Zealand government implemented a legislative framework granting citizens a new consumer data right. Citizens will have the ability to share their data with third parties via standardized data formats and interfaces. The new data right will be rolled out on a sector-by-sector basis, with the government determining the individual markets, sectors and industry where it applies.Full Story... Read More

Australian firm helped FBI open San Bernardino iPhone

The Washington Post reports Australian information security consultancy Azimuth Security was responsible for helping the U.S. Federal Bureau of Investigation access the encrypted iPhone of the San Bernardino, California, attackers in 2016. In the piece, Ellen Nakashima and Reed Albergotti break down how Azimuth hacked the phone and explains the company's role as a "white hat" hacker, described as "good-guy cybersecurity research that aims to disclose flaws and disavows authoritarian governments.... Read More

NZ Privacy Act 2020 enters into force

New Zealand's Office of the Privacy Commissioner announced the Privacy Act 2020 has taken effect. "The new act brings with it a wider range of enforcement tools to encourage best practice, which means we are now able to take a different approach to the way we work as a regulator," Privacy Commissioner John Edwards said. Notably, the updated legislation features new breach reporting obligations, criminal penalties and new provisions on international data transfers. Also, Edwards joined RNZ's Cori... Read More

Australia’s anti-encryption collision with GDPR sub-processing

On Dec. 6, Australia passed a surprising law with a global impact on privacy. The new law requires any Australian company to build backdoors to encrypted data and communications when instructed to do so by the government, while also requiring secrecy about the existence of such surveillance capabilities from individuals and enterprise customers. This unverifiable question of compromised encryption presents many technical threats and introduces international regulatory compliance challenges as we... Read More

iappANZ Privacy Unbound Archives

Archives of iappANZ’s Privacy Unbound are now available through the IAPP’s online Resource Center. Users can access issues dating back to April 2015, where they will find a range of topics being discussed by predominant privacy professionals from across the region. Read More