Cybersecurity 2025

AUSTRALIA Law and Practice Contributed by: Dennis Miralis and Jack Dennis, Nyman Gibson Miralis

capabilities for the Australian Defence Force (ADF). • The Department of Foreign Affairs and Trade (DFAT) advances Australia’s international cyber-affairs agenda, which includes digital trade, cybersecurity, cybercrime, international security, internet governance and co-opera - tion, human rights and democracy online, and The OAIC is the federal privacy and information regulator with a range of functions and powers to investigate and resolve privacy complaints, enforce privacy compliance, make determina - tions and provide remedies for breaches under the notifiable data breach (NDB) scheme. The OAIC operates by reference to the Privacy Act, the My Health Records Act, the Telecommunica - tions Act, the TIA Act, and recently the Digital ID Act. technology for development. Data Protection and Privacy The remedies range from enforceable under - takings to civil penalties of 2,000 penalty units (approximately AUD626,000); but may also involve imprisonment. Since December 2022, serious and repeated interferences with privacy may attract a penalty of up to: • for entities, not body corporates – AUD2.5 million; or • for body corporates – the greater of AUD50 million, three times the value of the benefit attributable to the conduct or 30% of the adjusted turnover for the relevant period. There are also state and territory privacy com - missioners which administer state and territo - ry-based privacy and health information laws. These include:

• the NSW Information and Privacy Commis - sion who administers, inter alia, the Privacy and Personal Information Protection Act 1998 (NSW) and Health Records and Information Privacy Act 2002 (NSW); and • the Office of the Victorian Information Com - missioner who administers the Privacy and Data Protection Act 2014 (Vic) and the Victorian Health Complaints Commissioner handles breaches of the Health Records Act 2001 (Vic). Critical Infrastructure Cybersecurity The CIC is part of the DoHA and is the federal regulator of the SOCI Act and certain provisions of the Telecommunications Act with powers to investigate, audit and enforce on compliance matters. The CIC also has the ability to make recommen - dations to DoHA and the Home Affairs Minister on whether their information-gathering powers and directions powers should be exercised. The CIC also has enforcement powers which allows it to issue penalties for non-compliance that range from performance injunctions, enforce - able undertakings, civil penalties of up to 250 penalty units (AUD78,250) or seek two years’ imprisonment. Telecommunications, Broadcasting and Marketing Cybersecurity The ACMA is Australia’s regulator for broadcast - ing, telecommunication and certain online con - tent and provides licensing to industry providers. ACMA has specific regulatory powers under the Telecommunications Act, the TIA Act, the Spam Act, and the DNCR Act to investigate and resolve complaints and enforce compliance. In dealing with non-compliance, ACMA is empowered to issue warnings, infringement notices, enforcea - ble undertakings and remedial directions. ACMA

14

CHAMBERS.COM

Powered by