Australia: Privacy and Other Legislation Amendment Act 2024 including cross-border data transfer regulation received Royal Assent

On 10 December 2024, the Privacy and Other Legislation Amendment Act 2024 received Royal Assent. The Act amends the existing privacy regime, including the creation of an "Eligible Data Breach Declaration" by the Minister in cases of significant privacy risks. This declaration will specify what personal information is affected, which entities may access or disclose it, and for what permitted purposes, primarily to prevent harm such as identity theft, fraud, or cybersecurity threats. Entities that reasonably believe that an individual may be at risk due to a data breach are authorised to collect, use or disclose relevant personal information under strict conditions. The Act also introduces penalties for improper disclosure of personal information obtained through a breach, including fines and potential criminal liability.