Commonwealth Numbered Acts

[Index] [Table] [Search] [Search this Act] [Notes] [Noteup] [Previous] [Next] [Download] [Help]

CYBER SECURITY ACT 2024 (NO. 98, 2024) - SECT 8

Definitions

    In this Act:

"ASD" means the Australian Signals Directorate.

"benefit" includes any advantage and is not limited to property.

"business" has the same meaning as in the Income Tax Assessment Act 1997 .

"Chair" means the Chair of the Cyber Incident Review Board.

"civil penalty provision" has the same meaning as in the Regulatory Powers Act.

Commonwealth body means:

  (a)   a Minister of the Commonwealth; or

  (b)   a Department of State of the Commonwealth; or

  (c)   a body (whether incorporated or not) that:

  (i)   is established, or continued in existence, for a public purpose by or under a law of the Commonwealth; and

  (ii)   is not an authority of the Crown.

"Commonwealth enforcement body" means:

  (a)   the Australian Federal Police; or

  (b)   the Australian Prudential Regulation Authority; or

  (c)   the Australian Securities and Investments Commission; or

  (d)   the Inspector of the National Anti - Corruption Commission; or

  (e)   the Office of the Director of Public Prosecutions; or

  (f)   the National Anti - Corruption Commissioner; or

  (g)   Sport Integrity Australia; or

  (h)   another Commonwealth body, to the extent that it is responsible for administering, or performing a function under, a law that imposes a penalty or sanction for a criminal offence.

"Commonwealth officer" has the same meaning as in Part   5.6 of the Criminal Code .

"computer" has the same meaning as in the Security of Critical Infrastructure Act 2018 .

"coronial inquiry" means a coronial inquiry, coronial investigation or coronial inquest under a law of the Commonwealth, or of a State or Territory.

"critical infrastructure asset" has the same meaning as in the Security of Critical Infrastructure Act 2018 .

"Cyber Incident Review Board" or Board means the Cyber Incident Review Board established by section   60.

cyber security incident has the meaning given by section " " 9.

"designated Commonwealth body" means:

  (a)   a Department, or a body established by a law of the Commonwealth, specified in the rules; or

  (b)   if no rules are made for the purposes of paragraph   (a)--the Department and ASD.

draft review report has the meaning given by subsection " " 51(1).

"entity" means any of the following:

  (a)   an individual;

  (b)   a body corporate;

  (c)   a partnership;

  (d)   an unincorporated association that has a governing body;

  (e)   a trust;

  (f)   an entity that is a responsible entity for a critical infrastructure asset.

"Expert Panel" means the Expert Panel established by the Board under section   70.

"final review report" has the meaning given by subsection   52(1).

"intelligence agency" means:

  (a)   the agency known as the Australian Criminal Intelligence Commission established by the Australian Crime Commission Act 2002 ; or

  (b)   the Australian Geospatial - Intelligence Organisation; or

  (c)   the Australian Secret Intelligence Service; or

  (d)   the Australian Security Intelligence Organisation; or

  (e)   ASD; or

  (f)   the Defence Intelligence Organisation; or

  (g)   the Office of National Intelligence.

"internet-connectable product" has the meaning given by subsection   13(4).

"manufacturer" has the same meaning as in the Australian Consumer Law.

"National Cyber Security Coordinator" means:

  (a)   the officer of the Department known as the National Cyber Security Coordinator; and

  (b)   the APS employees, and officers or employees of Commonwealth bodies, whose services are made available to the officer in connection with the performance of any of the officer's functions or the exercise of any of the officer's powers under this Act.

"network-connectable product" has the meaning given by subsection   13(5).

"permitted cyber security purpose" for a cyber security incident has the meaning given by section   10.

"personal information" has the same meaning as in the Privacy Act 1988 .

"protected review report" has the meaning given by subsection   54(1).

"ransomware payment" has the meaning given by subsection   26(1).

"ransomware payment report" means a report given by an entity under subsection   27(1).

"Regulatory Powers Act" means the Regulatory Powers (Standard Provisions) Act 2014 .

"relevant connectable product" has the meaning given by subsection   13(2).

"reporting business entity" has the meaning given by subsection   26(2).

"responsible entity" , for an asset, has the same meaning as in the Security of Critical Infrastructure Act 2018 .

"Secretary" means the Secretary of the Department.

"sensitive information" has the same meaning as in the Privacy Act 1988 .

"sensitive review information" has the meaning given by subsection   53(2).

"significant cyber security incident" has the meaning given by section   34.

"State body" means:

  (a)   a Minister of a State or Territory; or

  (b)   a Department of State of a State or Territory or a Department of the Public Service of a State or Territory; or

  (c)   a body (whether incorporated or not) that:

  (i)   is established, or continued in existence, for a public purpose by or under a law of a State or Territory; and

  (ii)   is not an authority of the Crown.

"supply" has the same meaning as in the Australian Consumer Law and supplied and supplier have corresponding meanings.


AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback