Cybersecurity 2025

AUSTRALIA Law and Practice Contributed by: Dennis Miralis and Jack Dennis, Nyman Gibson Miralis

ritory levels. These offences broadly encompass two categories: • offences that are directed at computers or other devices and involve hacking-type activi - ties; and • cyber-enabled offences where such devices are used as a key component of the offence, including in online fraud, online child abuse offences and cyberstalking. Federally, cybercrime is criminalised under Parts 10.6 and 10.7 of the Schedule to the Criminal Code Act 1995 (Cth) (the “Criminal Code”), which set out a variety of offences with maxi - mum penalties ranging from fine-only through to life imprisonment. Organisations should note that in addition to the Criminal Code: • the TIA Act also makes it a federal offence for an individual to (without authorisation) inter - cept or access private telecommunications without the knowledge of those involved; and • state and territory laws criminalise computer offences similar to those criminalised under the Criminal Code (eg, Part 6 of the Crimes Act 1900 (NSW) provide for multiple computer offences regarding unauthorised access, modification or impairment of restricted data and electronic communications). Australian states and territories also have their own criminal laws which govern cybercrime offences. Other Laws Areas that are also related to cybersecurity include:

• the Broadcasting Services Act 1992 (Cth) (the “Broadcasting Act”) regulates broadcasting services through internet and other means in Australia and enables the creation of industry codes of practice regulating the content of such services; • the Online Safety Act 2021 (Cth) (OSA) estab - lishes complaint systems for cyberbullying of children, non-consensual sharing of intimate images, cyber-abuse of adults, and the online/social media availability of content that would be subject to broadcasting classifica - tions (restricted or age 18 years and over); • The Spam Act 2003 (Cth) (the “Spam Act”) prohibits the use of electronic communica - tions for the purpose of sending unsolicited marketing materials to individuals; and • The Do Not Call Register Act 2006 (Cth) (the “DNCR Act”) prohibits unsolicited telemar - keting calls being made to phone numbers registered on a Do Not Call Register. 1.3 Cybersecurity Regulators Australia has a range of federal, state and ter - ritory regulators and agencies which deal with cybersecurity. The overarching government agencies are: • the Department of Home Affairs (DoHA); and • the Australian Signals Directorate (ASD). The key regulators and enforcement bodies include: • the Office of the Information Commissioner (OAIC); • the Critical Infrastructure Centre (CIC); • the Australian Communications and Media Authority (ACMA); • the Australian Securities and Investments Commission (ASIC);

12

CHAMBERS.COM

Powered by