Data Security in Australia: The Obligation to Protect

Research output: Contribution to journalArticlepeer-review

26 Downloads (Pure)


21st century businesses rely on leveraging consumer data to target consumers more accurately, customise services and learn more about the markets in which they operate. As the use of data in business has flourished, incidents of data breaches have also increased with criminal activity, and system and human errors all playing a role in the unintended or unauthorised release of consumer data. Recent increases in the prominence of data breaches have raised questions about the obligations to protect the consumer data at law. This article undertakes a practical and example-driven review of the Australian laws applicable to data protection – primarily, the Privacy Act 1988 (Cth). This article will also briefly touch on the provisions of the Consumer Data Right as an example of a comparative approach of mandating data protection. As Australian law currently stands, corporate data protection obligations are flexible and circumstance dependent, but do not impose prescriptive obligations.
Original languageEnglish
Pages (from-to)749-765
Number of pages17
JournalAustralian Law Journal
Issue number10
Publication statusPublished - Oct 2023


  • Privacy
  • Data protection--Law and legislation
  • Business enterprises
  • Consumer protection
  • State supervision
  • Personal information management
  • Companies
  • Business
  • Office of the Australian Information Commissioner


Dive into the research topics of 'Data Security in Australia: The Obligation to Protect'. Together they form a unique fingerprint.

Cite this