In April 2022, the Department of Home Affairs (under the Morrison Government) released a discussion paper seeking views on the development of Australia’s National Data Security Action Plan (Action Plan). The Action Plan forms part of the government’s ‘Digital Economy Strategy’ and aims to define a set of national, whole-of-economy expectations for data security for governments, businesses and individuals. Consultation on the Action Plan closed in June 2022.
‘Data security’ is defined in the Discussion Paper as a ‘broad term that refers to protecting the information collected, processed and stored on digital systems and networks.’ In contrast to privacy, which seeks to protect personal and sensitive information from unauthorised access, data security seeks to address unauthorised access to all data types.
In the Discussion Paper, the government notes that the current data security regulatory environment is ‘complex and contested’, with different initiatives targeting different parts of the economy. It notes that there is no common standard for the protection of similar data sets held by different jurisdictions Action Plan seeks to align and build on existing data security settings across the economy.
In developing the Action Plan, the government plans to consider:
Three pillars (security, accountability and control) will underpin the Action Plan. The Action Plan complements the recent reforms to the Security of Critical Infrastructure Act 2018.
Public consultation on the Action Plan closed on 24 June 2022 with 81 submission papers received. The Department of Home Affairs has advised that engagement with industry, and state and territory governments will remain ongoing as they continue to develop and implement the Action Plan.
*Information is accurate up to 27 November 2023