Western Australia will implement state-based privacy legislation for public sector organisations from July 2026, establishing new compliance obligations for government agencies and contracted service providers.

The Privacy and Responsible Information Sharing Act 2024 and Information Commissioner Act 2024 received Royal Assent in December 2024. Privacy and technology expert Annelies Moens has been appointed as the state's first Information Commissioner, commencing July 28, 2025.

The legislation introduces 11 Information Privacy Principles (IPPs) governing collection, use, disclosure, security and disposal of personal information. It applies to Western Australian government agencies, departments, statutory authorities, local governments, ministers and contracted service providers.

Most privacy provisions commence July 1, 2026, giving organisations a 12-month preparation period. A notifiable information breach scheme begins January 1, 2027.

IPP entities must designate privacy officers, publish privacy policies, issue collection notices when gathering personal information, and conduct privacy impact assessments before high-risk activities. Organisations must develop internal procedures for handling privacy complaints before individuals can escalate to the Information Commissioner.

The breach notification scheme requires entities to notify the Information Commissioner and affected individuals of serious information breaches involving unauthorised access, disclosure or loss of personal information likely to cause serious harm.

The WA government claims the legislation is "first of its kind in Australia" regarding automated decision-making protections and de-identified information safeguards.

The Commonwealth Privacy Act 1988 already covers Australian Government agencies and private organisations with annual turnover exceeding $A3 million. The interaction between state and federal privacy laws, particularly for organisations operating across jurisdictions, remains unclear.

The WA legislation creates new obligations requiring system updates, staff training and policy development. CIOs and IT managers face technical requirements for breach detection and notification systems.

The establishment of a Chief Data Officer role signals increasing focus on secure data sharing capabilities.