Privacy mid-year review 2023
During the first six months of 2023, a number of significant privacy events shaped the regulatory landscape in Australia. Australian regulators and lawmakers were active in response to high-profile data breaches and privacy incidents.
Privacy and data protection continue to be a hot topic for businesses, industries and sectors across Australia and internationally. The fallout from major data breaches and anticipated privacy law reform has refocused organisations' efforts to uplift privacy compliance and data governance.
We continue to monitor privacy developments with interest, and anticipate more privacy regulatory and reform activity in the second half of 2023.
Lander & Rogers’ Digital Economy practice has been closely following key privacy developments in Australia amid growing regulatory activity and clampdowns on the privacy practices of companies.
Our Privacy: Mid-year review 2023 summarises these key privacy developments. Download the resource or explore by topic below.
Timeline of key events
16 February 2023: Privacy Act Review
Attorney-General's Department releases final report.
1 March 2023: OAIC report
Notifiable Data Breaches Report: July to December 2022 published.
7 March 2023: OAIC v Facebook
Full Court of the High Court of Australia revokes Facebook Inc's special leave to appeal to the High Court seeking to appeal the Full Federal Court's decision that held the Information Commissioner had established prima facie that Facebook Inc was carrying on a business in Australia.
3 May 2023: Privacy Commissioner
Standalone Privacy Commissioner role announced by the Attorney-General.
8 May 2023: Clearview Inc v Australian Information Commissioner
Administrative Appeals Tribunal hands down decision.
10 May 2023: Latitude Finance data breach
Office of the Australian Information Commissioner and New Zealand Office of the Privacy Commissioner commence joint investigation into Latitude Group.
27 June 2023: Medibank Private cyber incident
APRA imposes $250 million capital adequacy requirement on Medibank Private following its examination of Medibank's information security environment.
26 July 2023: ACCC v Facebook
Federal Court orders $20 million fine against Facebook subsidiaries in ACCC misleading and deceptive conduct case.
Lander & Rogers PrivacyComply
Privacy impact assessments are a useful risk management tool to assess and manage the privacy impacts of a project. The Privacy Act Review has recommended a PIA must be conducted for all activities with high privacy risks.
In the wake of sustained cyber attacks and failures in data management across Australian businesses, Lander & Rogers has developed a privacy-by-design / privacy impact assessment software product to help businesses embed privacy-awareness and risk mitigation practices in their businesses, without delay.
Our goal is to ease the compliance burden, improve privacy protection across SMEs and large corporations with our tool, PrivacyComply.
White paper: Evolving world of privacy compliance
The privacy and data protection landscape is a tapestry of complex and competing laws. Lander & Rogers recently co-authored a white paper to provide businesses with a pathway to navigate this landscape.
The white paper accompanied a "Privacy Roadshow" that our clients were invited to attend to learn more about an enterprise-wide, cross-disciplinary approach to data and privacy management.