IPOLA Overview
The Information Privacy and Other Legislation Amendment Act 2023 (IPOLA Act) was passed by Parliament on 29 November 2023. The IPOLA Act amends the Information Privacy Act 2009 (IP Act), Right to Information Act 2009 (RTI Act) with commencement from 1 July 2025.
Overview
What has commenced
Our guidelines and information sheets have been updated to reflect current law, including the below:
- Mandatory Notification of Data Breach (MNDB) scheme for Queensland government agencies (delayed for local government)
- Launch of the OIC Agency Portal – a platform that enables agencies to act on their voluntary or mandatory MNDB obligations
- A single set of Queensland Privacy Principles (QPP)
- Broader control requirements for agencies, including a QPP Privacy Policy, Data breach policy, and publication scheme changes
- Adjusted definition of personal information
- Simplified application process for access to documents and amendment of personal information, with all applications now made under the RTI Act
- Simplified processing period for access and amendment applications
- Increased scope for privacy complaints and introduction of a response period for agencies managing privacy complaints
- Enhanced powers and functions for the Information Commissioner, including:
- powers to investigate or act as an own motion in support of compliance with privacy principles and the MNDB scheme
- power to refer documents to agencies during an external review.
- Proactive release of Cabinet documents (from March 2024).
What has not yet commenced
- 1 July 2026 – Commencement of MNDB scheme in local government
- 2026–2027 – First reporting period on which OIC will report on the operation of the Acts
Where to find information
Now that the IPOLA reforms have commenced, we have updated our website content to reflect current law.
- Guidelines and resources for government
- Information Sheets for the community
- Transitional guidelines including:
- for access and amendment applications received and not finalised prior to 1 July 2025
- for privacy compliance issues which occurred prior to 1 July 2025
- OIC Agency Portal
- For information on the application of MNDB in local government.
Local Government Mandatory Notification of Data Breach scheme
The MNDB scheme for local government will commence on 1 July 2026.
Our guidelines will help local government agencies understand the scheme and transitional guidelines remain available to support agencies prepare for the roll-out of the scheme.
Are you still preparing for IPOLA?
IPOLA has commenced and is now law, with the exception of the MNDB scheme for local government, which commences 1 July 2026.
We understand some agencies will still be implementing IPOLA and progressing towards compliance with these new reforms, while others will be fully prepared to comply with the new QPPs, access and amendment processes and MNDB obligations.
We will continue supporting agencies to build capability to comply with the updated IP Act and RTI Act. Ongoing resources include:
- guidelines to build knowledge of the legislative change
- practical resources, including checklists and templates, to support preparation for the reforms
- free training including recorded webinars and associated training materials are available to help agencies share key information with their stakeholders.
Please subscribe to OIC’s website news feed to get the latest information, resources and notifications.
Contact details
For more information, please contact us
