Show all guides
Worldwide
Other

Australian Clinical Labs hit with first civil penalty under Privacy Act for 2022 data breach

Last update:
Oct 9, 2025

Australia’s Federal Court ordered Australian Clinical Labs (ACL) to pay A$5.8 million in civil penalties following a 2022 data breach at its Medlab Pathology division that exposed data of over 223,000 individuals. 

This marks the first civil penalty under Australia’s Privacy Act 1988 (Cth). The court found ACL failed to take reasonable steps to secure personal data, did not promptly investigate or notify the Australian Information Commissioner of the breach, and neglected its obligations under the Act. The ruling is described as a turning point for privacy enforcement in Australia and warns organisations that serious data failures will now incur meaningful penalties.

The full guidelines can be found
here

Related Guides

Maryland Passes Radical Data Privacy Law

April 22, 2024

Maryland's new law includes limits on the processing of sensitive data and an outright ban on the sale of sensitive data, among other important elements.
North America
Other

EU Begins Enforcement of the Digital Services Act (DSA)

May 1, 2025

The Digital Services Act begins enforcement in the EU, mandating transparency, content moderation, and user protection obligations for online platforms.
Europe
Other
The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only