Patrick Gunning from King & Wood Mallesons reports that, on November 2, 2023, the Australian Information Commissioner filed proceedings in the Federal Court of Australia against Australian Clinical Labs Limited seeking a civil penalty in connection with the company’s response to a data breach that occurred in February 2022.
Continue Reading Australian Privacy Regulator Sues in Data Breach Case

On February 13, 2017, the Parliament of Australia passed legislation that amends the Privacy Act of 1988 and requires companies with revenue over 3 million AUD (2.3 million USD) to notify affected Australian residents and the Australian Information Commissioner in the event of an “eligible data breach.”
Continue Reading Australia Enacts New Data Breach Notification Law

On February 11, 2015, the International Association of Privacy Professionals Australian New Zealand (“iappANZ”) will host a discussion on the risk-based approach to privacy in Sydney, Australia. Richard Thomas, Global Strategy Advisor for the Centre for Information Policy Leadership at Hunton & Williams (the “Centre”), will present the Centre’s contributions to this topic including the outcomes from the workshops held in Paris and Brussels. Other guest speakers include Timothy Pilgrim, Australian Privacy Commissioner; Dr. Elizabeth Coombs, New South Wales Privacy Commissioner; and Olga Ganopolsky, General Counsel of Privacy and Data at Macquarie Group Limited. Together, they will discuss the benefits and challenges of a risk-based approach and the implications for businesses and regulators.
Continue Reading Risk-Based Approach – New Thinking for Regulating Privacy

On August 6-10, 2014, the APEC Data Privacy Subgroup and the Electronic Commerce Steering Group met in Beijing to focus on the further implementation of the APEC Cross-Border Privacy Rules system and related work relevant to cross-border interoperability. The Centre for Information Policy Leadership at Hunton and Williams participated as part of the U.S. delegation and provides highlights in this blog entry.
Continue Reading APEC Privacy Update – Beijing Meetings

On March 20, 2014, a breach notification bill was re-introduced in the Australian Senate after having lapsed at the end of the previous Parliament. If passed, the bill would impose a mandatory breach notification requirement for data breaches that pose a “real risk of serious harm” to affected individuals.
Continue Reading Australian Data Breach Notification Bill Re-Introduced

On March 5, 2013, the French Data Protection Authority announced that the French High Council of Statutory Auditors and the U.S. Public Company Accounting Oversight Board signed a Statement of Protocol on January 31, 2013, to govern the exchange of information. including personal data, between them.
Continue Reading French High Council for Statutory Auditors and U.S. Public Company Accounting Oversight Board Sign Agreement for the Exchange of Audit Information