Publication
Proposed changes to Alberta’s Freedom of Information and Protection of Privacy Act
Alberta is set to significantly change the privacy landscape for the public sector for the first time in 20 years.
Author:
Australia | Publication | October 2024
This article was co-authored with Amanda Wescombe.
On 9 October 2024, a number of Australian security reforms were released in draft legislation. This article outlines the key takeaways of the Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill 2024 (Bill) which will amend the Security of Critical Infrastructure Act 2018 (SOCI Act).
The changes contemplated by the Bill give effect to the legislative reforms outlined in Shield 4 (Protected critical infrastructure) of the 2023-2030 Australian Cyber Security Strategy. It is intended to improve the resilience of Australia’s critical infrastructure and essential government systems against increasingly sophisticated cyber-attacks.
Below, we outline some of the key changes that may impact a range of entities, the potential level of impact and our suggestions as to how affected entities can start preparing for these reforms.
This amendment includes expanding the definition of “critical infrastructure assets” to include data storage systems used in connection with critical infrastructure assets which store or process “business critical data”, where vulnerabilities in those systems could have a “relevant impact” on the primary critical infrastructure.
Impact on: Responsible entities with current critical infrastructure assets
Potential level of impact: Medium
Some practical considerations for your action plan:
This amendment includes expanding the application of current government powers under Part 3A of the SOCI Act from “cyber security incidents” to “incidents” more broadly to allow specific directions to be made to respond to and manage the consequences of a nationally significant incident.
Impact on: Relevant entities (responsible entity, direct interest holder, operator or managed service provider)
Potential level of impact: High
Some practical considerations for your action plan:
This amendment includes a revised definition of “protected information” which incorporates a harms-based assessment requiring an analysis of the harm or risk caused by the disclosure to the Australian public, the security of the asset, commercial interests, the socioeconomic stability, national security or defence of Australia. The amendment also introduces new authorisation provisions to facilitate more effective and timely sharing of information under the SOCI Act.
Impact on: Holders or recipients of “protected information” (including other entities which may be assisting with the relevant entity’s business, professional, commercial or financial affairs)
Potential level of impact: Medium
Some practical considerations for your action plan:
This amendment includes the creation of a directions power for the regulator which can be exercised where a CIRMP has been identified as “seriously deficient”.
Impact on: Responsible entities
Potential level of impact: Medium
Some practical considerations for your action plan:
This amendment includes integrating various security requirements for critical telecommunication assets in Part 14 of the Telecommunications Act 1997 into the SOCI Act, with enhancements to align key regulatory obligations and clarify telecommunications-specific obligations.
Impact on: Owners and operators of critical telecommunications assets as defined by Part 14 of the Telecommunications Act.
Potential level of impact: High
Some practical considerations for your action plan:
This amendment includes streamlining obligations by removing direct interest holders from the administrative obligations relating to systems of national significance (SoNS).
Impact on: All critical infrastructure asset owners and direct interest holders of SoNS.
Potential level of impact: Low
Some practical considerations for your action plan:
Critical infrastructure entities and assets are at risk of being targets for malicious attacks that could result in significant disruptions to the community at large. The introduction of the SOCI Bill represents the priority of the Department of Home Affairs to ensure Australia is well positioned to prevent and respond to evolving security threats, including cyber-attacks.
Norton Rose Fulbright offers one of Australia’s largest and most experienced legal teams to support your SOCI Act risk and security review, compliance, implementation, and assurance needs. Please reach out to any of us below for a confidential discussion regarding your SOCI compliance.
Publication
Alberta is set to significantly change the privacy landscape for the public sector for the first time in 20 years.
Publication
On December 15, amendments to the Competition Act (Canada) (the Act) that were intended at least in part to target competitor property controls that restrict the use of commercial real estate – specifically exclusivity clauses and restrictive covenants – came into effect.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023