Information Privacy and Other Legislation Amendment Act
The Information Privacy and Other Legislation Amendment Act 2023 (IPOLA Act) was passed by Parliament on 29 November 2023. The IPOLA Act amends the Information Privacy Act 2009 (IP Act), Right to Information Act 2009 (RTI Act) and related provisions in other legislation.
Overview
The amendments to the IP Act, RTI Act and related provisions in other legislation aim to:
Better protect personal information and provide appropriate responses and remedies for data breaches and misuse or mismanagement of personal information by agencies
Clarify and improve the operation of information privacy and right to information frameworks
Support the operation of the administrative scheme for the proactive release of Cabinet documents
Transfer reporting on the functions of the Acts to the Office of the Information Commissioner.
Key dates
Commenced on assent – Changed definition of photocopy (to copy)
1 March 2024 – Proactive release of Cabinet documents for the Cabinet meeting of 25th March 2024 onwards. Read more here or review the OIC Guideline
1 July 2025 – Anticipated commencement of main IPOLA Act amendments
1 July 2026 – Anticipated commencement of Mandatory Notification of Data Breach (MNDB) scheme in local government
The transfer of reporting on the functions of the Acts, to the Office of the Information Commissioner, is to be advised.
Introduction of a Mandatory Notification of Data Breach (MNDB) scheme applicable to all Queensland government agencies (delayed for local government)
Adjusted definition of personal information
A single set of Queensland Privacy Principles (QPP)
Broader control requirements for agencies, including a QPP Privacy Policy, Data Breach Policy, and publication scheme changes
Creation of a single route of access and amendment in the RTI Act, including for documents containing personal information
Reforms to the processing period for access and amendment applications
Increased scope for privacy complaints and introduction of a response period for agencies managing privacy complaints
Enhanced powers and functions for the Information Commissioner, including:
powers to investigate or act as an own motion in support of compliance with privacy principles and the MNDB scheme
power to refer documents to agencies during an external review.
Appoint a senior officer to coordinate and lead the implementation of IPOLA reforms across your agency
Develop an action plan for delivering IPOLA reforms within your agency
Undertake an audit of the information held by your agency, and identify the personal information and sensitive information held
Identify and collaborate with business areas across your agency
Consider how your agency assesses, records and manages privacy risks, and undertake privacy impact assessments where necessary
Update policies and procedures to reflect the new access and amendment arrangements, the new Queensland Privacy Principles, and the introduction of the MNDB scheme
Train agency staff on updated operational practices and their IP and RTI obligations
Check out our guidelines, resources and training materials.
IPOLA resources include:
guidelines to build knowledge of the legislative change
practical resources, including checklists and templates, to support preparation for the reforms
free training delivered in-person and online. The associated training materials are available to help agencies share key information with their stakeholders.
Please subscribe to OIC’s website news feed to get the latest information, resources and notifications.
Contact details
Telephone: (07) 3234 7373 or 1800 642 753
Email: IPOLA.Project@oic.qld.gov.au
Related links: