Mandatory data breach notification scheme a step closer

Published Thursday, 12 October, 2023 at 04:24 PM

Attorney-General and Minister for Justice and Minister for the Prevention of Domestic and Family Violence
The Honourable Yvette D'Ath

  • Mandatory data breach notification scheme for government agencies introduced as recommended by the Coaldrake Review.
  • Queensland to strengthen its privacy laws.
  • Right to information reforms to reduce red tape and deliver efficiencies.


The Palaszczuk Government has today introduced legislation to establish a mandatory data breach notification scheme in Queensland, as recommended by the Coaldrake Review.

The Information Privacy and Other Legislation Amendment Bill 2023 implements critical reforms that will improve transparency and accountability of Queensland Government agencies and improve privacy protections available to individuals.

It will increase protections for individuals’ personal information held by government agencies and modernise legislation that is fit-for-purpose in today’s digital world.

The Bill responds to a range of reviews and recommendations made by a number of reports ranging back to 2017, including two key reports of the Crime and Corruption Commission (CCC), a statutory review and the Coaldrake review into the Queensland public sector.

It establishes a mandatory data breach notification scheme to strengthen and regulate the response to data breaches by government agencies.

The scheme will introduce requirements to notify affected individuals and the Office of the Information Commissioner of eligible data breaches that would likely result in serious harm.

Queensland will join New South Wales as the only other state to introduce such a scheme in Australia.

The scheme empowers individuals to take steps to manage risks and mitigate harm that may arise from a data breach.

It will also provide greater transparency of data security by agencies and encourage them to maintain vigilance and take proactive steps to prevent and manage data breaches.

The Bill will also include:

  • Amendments to support the implementation of the scheme for the proactive release of Cabinet documents.
  • Reforms to improve consistency with the Commonwealth Privacy Act, including a single set of privacy principles aligned with the Australian Privacy Principles. This will provide a steppingstone for further reform following any legislation arising out of the Commonwealth Government’s review of the Privacy Act.
  • Reforms to the Right to Information framework that will reduce red tape and deliver efficiencies for applicants and agencies.

Quotes attributable to Attorney-General, Minister for Justice, and Minister for the Prevention of Domestic and Family Violence Yvette D’Ath:

“This is the third Bill to implement recommendations from Professor Peter Coaldrake’s 2022 report and demonstrates this Government’s commitment to integrity and transparency.

“A significant aspect of this Bill is the establishment of a mandatory data breach notification scheme.

“Recent high profile data breaches demonstrate that loss or unauthorised access or disclosure of personal information has the potential to result in serious harm to individuals. 

“That’s why we are establishing this scheme so there are clear, consistent requirements to notify individuals of data breaches of Queensland government agencies, so that individuals are empowered to take steps to reduce the risk of harm resulting from a data breach. 

“The reforms will also ensure Queensland’s privacy laws remain contemporary and relevant given the changes to the use of technology, and to the way in which personal information is collected, used, accessed, stored and disclosed in today’s digital world.

“By also strengthening Queensland’s privacy framework, public sector agencies will be able to continue to manage the challenges of digital service delivery while meeting community expectations around privacy.”