IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Australia to increase maximum data breach penalty to $50 million

The country's government is looking to raise the maximum fine from $2 million AUD and introduce new legislation to handle cyber attacks better

The Australian government is set to introduce new legislation this week to increase penalties for repeated or serious privacy breaches in the wake of a series of high-profile cyber attacks targeting the region.

The attorney general revealed that the new maximum penalties will be introduced by the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 which will amend the existing statutes under the Privacy Act 1988.

This will introduce a rise from a maximum of $2.22 million (£1.2 million) to a new maximum which will be whichever is greater out of three possible figures: $50 million (£27 million), three times the value of any benefit obtained through the misuse of information, or 30% of a company's adjusted turnover in the relevant period.

Significant privacy breaches in recent weeks have shown that the current safeguards are inadequate, said attorney general Mark Dreyfus on 22 October. He added that it’s not enough for a penalty for a major data breach to be seen as the cost of doing business.

Dreyfus underlined the need for better laws to regulate how companies manage the huge amount of data they collect, and bigger penalties to incentivise better behaviour.

Related Resource

Customer 360 for data leaders

Create your ideal 360° customer view solution

Whitepaper cover with title and IBM logo and overhead image of a desk and male hands assembling a motherboardFree Download

“I look forward to support from across the Parliament for this Bill, which is an essential part of the government's agenda to ensure Australia's privacy framework is able to respond to new challenges in the digital era,” said Dreyfus.

The Bill will also look to provide the Australian information commissioner with greater powers to resolve privacy breaches. It will also seek to strengthen the Notifiable Data Breaches scheme to ensure the commissioner has comprehensive knowledge and understanding of information compromised in a breach to assess the risk of harm to individuals.

Additionally, it will aim to equip the commissioner and Australian Communications and Media Authority with greater information-sharing powers.

Australia has been rocked by a number of cyber attacks in the last couple of months, exposing the details of millions of Australian citizens. Optus and Telstra, the nation's two largest telcos, suffered data breaches in September and October. The Optus breach affected around two million customers, while the Telstra incident affected 30,000 people. 

This was followed by online retail marketplace mydeal, a Woolworths subsidiary, which revealed in October its CRM system had been compromised, affecting around 2.2 million customers.

Most recently Medibank was also affected by an unknown ransomware group in October, with the company revealing that the hacker had entered negotiations with the firm over the release of client data.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

Why Japan finds it so hard to digitally transform
digital transformation

Why Japan finds it so hard to digitally transform

1 Dec 2022
MSG giant Ajinomoto's chipmaking foray helps break financial records
Business strategy

MSG giant Ajinomoto's chipmaking foray helps break financial records

30 Nov 2022
India to trial digital rupee from December 2022
digital currency

India to trial digital rupee from December 2022

30 Nov 2022
Japan considers creating new cyber defence agency as attacks ramp up in region
cyber attacks

Japan considers creating new cyber defence agency as attacks ramp up in region

24 Nov 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022