Those caught in Australia’s proposed data re-identification laws that criminalise the intentional re-identification and disclosure of de-identified Commonwealth datasets now will be expected to prove their innocence. According to the Attorney-General’s Department (ADG), “the defendant entity or agency bears the evidential burden for each of the exceptions,” a reversal of the criminal law principle. The changes will be applied retrospectively from Sept. 29, 2016, for anyone who intentionally re-identifies a de-identified dataset from a federal agency. Those who do not work in a university or other state government body, or has a contract with the federal government to allow such work to be conducted faces two years’ imprisonment. The AGD admitted the legislation was proposed as a response to an improperly de-identified dataset released by the Department of Health and said that individual legitimate research should not be discouraged. Attorney-General George Brandis stressed the importance of the privacy of the citizens, while Australian Information and Privacy Commissioner Timothy Pilgrim encouraged agencies to have the capabilities to manage personal information in accordance with the Privacy Act.