Information Privacy and Other Legislation Amendment Act

The Information Privacy and Other Legislation Amendment Act 2023 (IPOLA Act) was passed by Parliament on 29 November 2023. The IPOLA Act amends the Information Privacy Act 2009 (IP Act), Right to Information Act 2009 (RTI Act) and related provisions in other legislation.

IPOLA

Overview

The amendments to the IP Act, RTI Act and related provisions in other legislation aim to: 

  • Better protect personal information and provide appropriate responses and remedies for data breaches and misuse or mismanagement of personal information by agencies 

  • Clarify and improve the operation of information privacy and right to information frameworks 

  • Support the operation of the administrative scheme for the proactive release of Cabinet documents 

  • Transfer reporting on the functions of the Acts to the Office of the Information Commissioner. 

Key dates

  • Commenced on assent – Changed definition of photocopy (to copy) 

  • 1 March 2024 – Proactive release of Cabinet documents for the Cabinet meeting of 25th March 2024 onwards. Read more here or review the OIC Guideline 

  • 1 July 2025 – Anticipated commencement of main IPOLA Act amendments 

  • 1 July 2026 – Anticipated commencement of Mandatory Notification of Data Breach (MNDB) scheme in local government 

  • The transfer of reporting on the functions of the Acts, to the Office of the Information Commissioner, is to be advised. 

  • Introduction of a Mandatory Notification of Data Breach (MNDB) scheme applicable to all Queensland government agencies (delayed for local government) 

  • Adjusted definition of personal information 

  • A single set of Queensland Privacy Principles (QPP) 

  • Broader control requirements for agencies, including a QPP Privacy Policy, Data Breach Policy, and publication scheme changes 

  • Creation of a single route of access and amendment in the RTI Act, including for documents containing personal information 

  • Reforms to the processing period for access and amendment applications 

  • Increased scope for privacy complaints and introduction of a response period for agencies managing privacy complaints 

  • Enhanced powers and functions for the Information Commissioner, including: 

    • powers to investigate or act as an own motion in support of compliance with privacy principles and the MNDB scheme 

    • power to refer documents to agencies during an external review. 

  • Appoint a senior officer to coordinate and lead the implementation of IPOLA reforms across your agency 

  • Develop an action plan for delivering IPOLA reforms within your agency 

  • Undertake an audit of the information held by your agency, and identify the personal information and sensitive information held  

  • Identify and collaborate with business areas across your agency 

  • Consider how your agency assesses, records and manages privacy risks, and undertake privacy impact assessments where necessary 

  • Update policies and procedures to reflect the new access and amendment arrangements, the new Queensland Privacy Principles, and the introduction of the MNDB scheme 

  • Train agency staff on updated operational practices and their IP and RTI obligations

  • Check out our guidelines, resources and training materials.  

IPOLA resources include: 

  • guidelines to build knowledge of the legislative change  

  • practical resources, including checklists and templates, to support preparation for the reforms  

  • free training delivered in-person and online. The associated training materials are available to help agencies share key information with their stakeholders.  

Please subscribe to OIC’s website news feed to get the latest information, resources and notifications.