Law Council of Australia

Media

Cyber Security Legislative Package 2024

8 November 2024
 

Caption (L-R): Nathan MacDonald, Deputy-General Manager, Policy Division; John Keeves, Executive Member, Business Law Section; 
Annie Haggar, Committee Member, Futures Committee

On 1 November 2024, John Keeves from the Business Law Section and LCA’s Futures Committee member Annie Haggar, alongside Policy Division Deputy-General Manager Nathan MacDonald, attended the Parliamentary Joint Committee on Intelligence and Security’s hearing into Review of the Cyber Security Legislative Package 2024. The legislative package comprises three bills: Cyber Security Bill 2024the Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill 2024 and the Intelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024. We support the intent of these measures, and welcome steps towards implementing an important part of the 2023–2030 Cyber Security Strategy.

We provided a detailed submission to the Committee setting out recommendations that are directed to promoting proportionality, consistency, and certainty within the regulatory landscape, while acknowledging the importance of a legislative framework that addresses whole-of economy cyber security issues.

One area of concern about the Cyber Security Bill 2024 relates to the Bill’s regard for legal professional privilege when setting out reporting obligations on entities. Currently, the Bill states that the provision of information does not otherwise affect a claim of legal professional privilege that anyone may make in relation to that information. However, we are concerned that the provision of information under the scheme could amount to a waiver of privilege, to the detriment of the discloser.

A further key element of the Cyber Security Bill 2024 is the establishment of a Cyber Incident Review Board to conduct post-incident reviews into significant cyber security incidents. At the hearing, there was some discussion of the need to address the risk of regulatory duplication and uncertainty and to ensure the membership of the Board includes experts drawn from industry.

There was also extensive discussion of regulatory burdens imposed by new mandatory security standards for smart devices; mandatory obligations on certain businesses to report ransomware and cyber extortion payments.

At the hearing Deputy Chair Andrew Wallace MP expressed gratitude to the Law Council for making available eminent practitioners with expertise advising clients on emerging cyber security risks. The work of the Law Council championing the rule of law and contributing to evidence-based policy analysis and scrutiny depends on volunteers like John and Annie. We are also grateful to others who reviewed the submission, and for contributions from the Business Law Section, the Law Society of New South Wales, the Queensland Law Society, the Law Institute of Victoria and the Victorian Bar.

Last Updated on 22/11/2024

Share

Tags

Most recent items


Trending Items