Australia: Data Security

Latest developments

In April 2022, the Department of Home Affairs (under the Morrison Government) released a discussion paper seeking views on the development of Australia’s National Data Security Action Plan (Action Plan). The Action Plan forms part of the government’s ‘Digital Economy Strategy’ and aims to define a set of national, whole-of-economy expectations for data security for governments, businesses and individuals. Consultation on the Action Plan closed in June 2022.

Discussion Paper

‘Data security’ is defined in the Discussion Paper as a ‘broad term that refers to protecting the information collected, processed and stored on digital systems and networks.’ In contrast to privacy, which seeks to protect personal and sensitive information from unauthorised access, data security seeks to address unauthorised access to all data types.

In the Discussion Paper, the government notes that the current data security regulatory environment is ‘complex and contested’, with different initiatives targeting different parts of the economy. It notes that there is no common standard for the protection of similar data sets held by different jurisdictions Action Plan seeks to align and build on existing data security settings across the economy.

In developing the Action Plan, the government plans to consider:

  • How to strengthen and coordinate data security across the broader economy;
  • Measures to ensure that the data of all Australians is appropriately controlled and accountable;
  • Ensuring all Australians know their rights, roles and responsibilities when it comes to the secure handling, storing and managing of data;
  • Ensuring data security guidance, in both policy and legislation, is consistent across jurisdictions;
  • Promoting alignment across data security requirements established under other data and digital initiatives, including the Consumer Data Right;
  • Outlining Australia’s international data security obligations and the risks posed to national security if data is obtained by foreign actors or cyber criminals; and
  • Policy options to support whole of economy data security uplift and digitalisation to support the aim of becoming a leading digital economy by 2030.

Three pillars (security, accountability and control) will underpin the Action Plan. The Action Plan complements the recent reforms to the Security of Critical Infrastructure Act 2018.

Next steps

Public consultation on the Action Plan closed on 24 June 2022 with 81 submission papers received. The Department of Home Affairs has advised that engagement with industry, and state and territory governments will remain ongoing as they continue to develop and implement the Action Plan.

*Information is accurate up to 27 November 2023


Cybersecurtiy - Explore further sections

Explore other chapters in the guide

Data as a key digital asset

Crypto assets

AI as a digital asset

Privacy & Data Protection


Digital Identity and Trust Services