By: Kieran Doyle, Nicole Gabryk, Stephen Morrissey, Christy Mellifont, Joseph Fitzgerald, Ellie Brooks, Rebecca Wilson, Kayleigh Maxwell, Klara Vrdoljak, Rebekah Maxton, Phoebe Nikolaou, Miles McConway, Abbey Munro, Olive Huang, Tori Pfeifer

Issue 13 of our Cyber, Privacy and Technology Report is here! Covering key developments and insights for insurers, brokers, and their customers operating in the cyber, privacy, and technology sectors.

This issue highlights major updates in Australia, including a landmark Privacy Act penalty and ongoing OAIC enforcement actions against Optus, Kmart, and Qantas. The statutory tort of privacy is now being tested in the courts, while AI oversight continues with investigations into medical imaging and enforcement against international AI providers.

Additionally, proposals from the Productivity Commission and commentary from the Attorney-General signal the next phase of privacy reform. Cyber and digital updates include the Australian Cyber Security Strategy (Horizon 2), a youth social media ban, and new Freedom of Information legislation, alongside emerging technology liability and AI-related risks.

In New Zealand, the Biometrics Processing Privacy Code comes into force on 3 November, CERT NZ has merged with the NCSC to streamline cyber incident reporting, and the Privacy Amendment Act 2025 introduces a new Information Privacy Principle 3A from 1 May 2026, alongside other important regulatory updates.

We hope you find this edition both insightful and practical in navigating the ever-evolving cyber and technology landscape.

If you’d like to discuss any of the topics covered, please don’t hesitate to reach out to a member of our team or click here to find out more.