Tag Archives: Australia

Australian Parliament Hacked!

Australian Parliament Hacked!

Australia’s parliament had to reset and change its computer network passwords after an unknown hacker tried to infiltrate and bypass its systems, according to a Reuter’s report.

As stated in the report, both Tony Smith, the speaker of the lower House of Representatives, and Scott Ryan, president of the upper house Senate, said there’s no evidence that any data had been accessed or stolen.

No Stolen Data

“We have no evidence that this is an attempt to influence the outcome of parliamentary processes or to disrupt or influence electoral or political processes,” Smith and Ryan responded in a joint statement.

“Accurate attribution of a cyber incident takes time and investigations are being undertaken in conjunction with the relevant security agencies.” Continue reading Australian Parliament Hacked!

Online Privacy in Australia Takes a Major Hit. Who’s Next?

The latest law passed by Australian Parliament has outraged global privacy advocates. The Assistance and Access Bill (AA Bill) essentially allows Australian officials to access the content of end-to-end encrypted communications. While it may be an Australian law, global privacy advocates predict it will impact global privacy rights, and other countries may follow suit.

Here’s what you need to know. The most controversial parts of the AA Bill are the “frameworks for voluntary and mandatory industry assistance to law enforcement and intelligence agencies” that allow the Australian government to access encrypted communication content.

  • What does “industry assistance” mean?

It means the Australian government can force “designated communication providers” to use known capabilities to intercept communications or build a new interception capability.

  • Who is a “designated communication provider?”

In short, anyone who touches hardware, software, or data used in end-to-end communication, including online services like websites. Continue reading Online Privacy in Australia Takes a Major Hit. Who’s Next?

Australia Passes Data Breach Notification Law

If you’re keeping tabs of the ever-evolving world of data breach notification laws, you can finally add Australia to the list. Organizations who experience a data breach affecting Australian citizens now have new reporting and notification requirements.

The new breach notification law in Australia amends the Privacy Act of 1988. Thus, the new law applies to organizations governed by the Privacy Act – companies with over $3 million AUD in revenue.

Updated Australian Notification Requirements

The requirements recently passed in Australia will mirror other breach notification laws in various jurisdictions. Here are the most notable updates:

  • Notify affected Australian residents and the Australian Information Commissioner in the event of an eligible data breach
  • Take all reasonable steps to ensure that an assessment of the incident is completed within 30 days of discovery
  • If the assessment finds an eligible data breach has occurred, required parties must be notified as soon as practicable
  • If the notification to the affected parties is not practicable, the updated amendment allows for substitute notice

In the unfortunate event that an organization determines a breach occurred, the notification even has certain content requirements:

  • Identity and contact details of the breached organization
  • Description of the serious data breach
  • Kinds of information possibly breached
  • Recommendations about steps individuals should take in response to the breach

Notifications can be sent through the normal method of communication with affected individuals.


Failure to properly notify the required parties can lead to heavy fines and consequences for organizations. The highest penalty is set for $1.8 million AUD for noncompliant organizations.

It’s important to consult with counsel and review the definitions in the law to determine if an eligible data breach has occurred affecting personal information. However, in the accompanying  several examples of notifiable data breaches were given:

  • A malicious breach of the secure storage or handling of information – i.e. cybersecurity incident with compromised data
  • Accidental loss – i.e. theft of IT equipment, laptops, or hard copy documents
  • Negligent or improper disclosure of information

The effective date for the new law has not yet been set.