On 25 November 2024, the Cyber Security Act 2024 (Cth) (the Act) was passed by the Federal Parliament as part of a broader legislative effort to bolster Australia’s cyber defences. This legislative package was introduced in response to [insert trigger event(s) or catalyst], and aims to position Australia as a global leader in cybersecurity by 2030. As of 10 June 2025, the Act is officially in force, marking a significant shift in how cyber risks are regulated and managed. 

We previously outlined the key components of this legislation in our article, It is here! The Cyber Security Act 2024 (Cth). Since its passage, stakeholders across the cyber, digital governance, and privacy sectors have been closely monitoring its implementation, anticipating significant impacts on regulatory compliance, corporate governance, and incident response practices. 

One of the most impactful components of this Bill is Schedule 2, titled “Statutory Tort for Serious Invasions of Privacy”. This addition introduces, for the first time at a federal level, a general legal right to privacy, filling a longstanding gap in Australian law.  

Until now, no statutory cause of action existed for serious invasions of privacy, despite repeated proposals and occasional lower court recognition of such a right. The introduction of this tort is expected to trigger a wave of legal activity as individuals test the new boundaries of personal data protection and pursue claims for intrusions into their private lives. 

The inclusion of this tort reflects growing concern over the adequacy of existing privacy protections in an increasingly digital society. It has been [insert assessment - e.g., "welcomed as a necessary reform" or "criticised as overly broad and uncertain in scope"], and is expected to [insert anticipated impacts - e.g., "empower individuals to seek redress for serious privacy breaches" or "create legal uncertainty for media organisations and data-driven businesses"]. 

In particular, the new tort is likely to [insert specific groups or sectors that may benefit - e.g., "benefit individuals whose sensitive information is mishandled"], while potentially [insert those who may face challenges - e.g., "social media users, tech platforms and other entities handling personal data"]. 

If you have a query about how these proposed reforms may impact you or your business, please contact any of our Digital Governance, Cyber & Privacy team.