Start date confirmed for Queensland’s IPOLA reforms

OIC has welcomed news from the Attorney-General that the IPOLA Act amendments will start from 1 July 2025, as anticipated.

The IPOLA reforms will improve transparency and accountability of Queensland public sector agencies and strengthen privacy protections for the community. They will introduce changes to the Information Privacy Act 2009 and Right to Information Act 2009.

This includes introducing a mandatory notification data breach (MNDB) scheme in Queensland, which will start on 1 July 2025 for most agencies (although local government will follow one year later).

Information Commissioner Joanne Kummrow welcomed the recent news, saying the IPOLA reforms were an important step forward for Queensland and would bring greater consistency with the Commonwealth Privacy Act.

“Confirmation of the IPOLA start date is positive news for the community and realises some of the recommendations from Professor Peter Coaldrake’s review and other integrity reviews,” Ms Kummrow said.

“It provides tremendous endorsement for the work undertaken by OIC to date and ongoing, to ensure agency awareness and knowledge of the reforms to our legislation.

“It also highlights the importance of transparency and integrity in the public sector by strengthening provisions to support members of the public in accessing government-held information, and a commitment to protecting citizens’ personal information.”

Ms Kummrow said the year following commencement of the IPOLA Act would be a period of transition.

“Every agency’s implementation journey will be different, however OIC will continue to provide advice and assistance while working alongside agencies to support this stage,” she said.

To help agencies prepare for implementation, OIC encourages them to:

• use the ‘Prepare for IPOLA’ workbook

• refer to the draft privacy policy (complying with the new Queensland Privacy Principles) when updating their agency’s privacy policy

• attend upcoming training to support the roll out of the MNDB scheme, including templates for a Data Breach Policy, Register and Response Plan.

More information, guidelines and resources can be found on our dedicated IPOLA webpage.

In addition, to coincide with the commencement of the reforms, the Department of Justice has advised the Right to Information Regulation 2009 and Information Privacy Regulation 2009 (the Regulations) will be remade, commencing on 1 July 2025.

The department has published a factsheet summarising the proposed approach to be taken under the new Regulations.