Australia recently announced that it would be significantly strengthening its online privacy laws in light of recent data breaches, such as the Optus telco breach from last month.
In recent weeks, many privacy breaches have shown insufficient security measures. According to attorney-general Mark Dreyfus, these penalties should not be considered a cost of doing business in his statement this weekend.
“We need better laws to regulate how companies manage the huge amount of data they collect, and bigger penalties to incentivize better behavior.”
After numerous consultations on improving the nation’s privacy laws, amendments will finally be implemented.
Dreyfus stated that the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 would raise the maximum penalties able to be given under the Privacy Act 1988 for repeated or severe privacy breaches from AUS $2.22 million (~$1.4M) to whichever is greater of:
- AUD 50 million (~$32M).
- Three times the value of any benefits obtained through information misuse.
- 30% of a company’s money made during the relevant period.
The current reform proposed much higher penalties than an earlier version from the last year––when the maximum fines were AUS $10 million or 10% of revenue.
Optus and Medibank Private are just two examples of significant data breaches that have happened recently. These incidents have gotten the attention of lawmakers, who are now starting to focus on this issue.
The change in Government that occurred earlier this year has resulted in new policies and initiatives.
Dreyfus has made additional changes, including giving more power to the Australian information commissioner and making the Notifiable Data Breaches scheme stronger so that there is a better understanding of what was lost in a data breach and how much risk it poses to individuals.
The information commissioner and the Australian Communications and Media Authority will be given increased sharing powers to enable more regulatory joint working.
After last month’s breach, both agencies opened investigations of Optus.
In addition, the Attorney-General’s Department is reviewing the Privacy Act with plans to finish by the end of this year. Once completed, they will offer recommendations for further changes that need to be made.
“I look forward to supporting from across the Parliament for this Bill, which is an essential part of the Government’s plan to ensure Australia’s privacy framework can respond to new challenges in the digital era. The Albanese Government is committed to protecting Australians’ personal information and to further strengthening privacy laws,” added Dreyfus.
