Queensland’s parliament has recently approved a mandatory data breach notification scheme. The scheme will be implemented for state agencies from mid-2025 and for local governments from mid-2026. Queensland now joins NSW as the only two states in Australia to have such a scheme in place. The NSW scheme has already been launched earlier this week.
It is worth noting that there is already a mandatory data breach notification scheme at the federal level, but it primarily affects federal agencies and private organizations that exceed a certain annual turnover threshold. The new scheme in Queensland will ensure that data breaches in state agencies are promptly reported and managed, thereby improving data security measures. This will also enhance public confidence in privacy laws in the state.
Attorney-General Yvette D’Ath emphasized the importance of notifying individuals about data breaches and empowering them to take action to minimize any risks or harm. The scheme aligns with some of the recommendations outlined in key reports and is part of broader privacy-related changes in Queensland, including aligning with the Commonwealth Privacy Act and strengthening criminal sanctions for the misuse of restricted computers.