Australia to increase maximum data breach penalty to $50 million
The country's government is looking to raise the maximum fine from $2 million AUD and introduce new legislation to handle cyber attacks better
The Australian government is set to introduce new legislation this week to increase penalties for repeated or serious privacy breaches in the wake of a series of high-profile cyber attacks targeting the region.
The attorney general revealed that the new maximum penalties will be introduced by the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 which will amend the existing statutes under the Privacy Act 1988.
This will introduce a rise from a maximum of $2.22 million (£1.2 million) to a new maximum which will be whichever is greater out of three possible figures: $50 million (£27 million), three times the value of any benefit obtained through the misuse of information, or 30% of a company's adjusted turnover in the relevant period.
Significant privacy breaches in recent weeks have shown that the current safeguards are inadequate, said attorney general Mark Dreyfus on 22 October. He added that it’s not enough for a penalty for a major data breach to be seen as the cost of doing business.
Dreyfus underlined the need for better laws to regulate how companies manage the huge amount of data they collect, and bigger penalties to incentivise better behaviour.
Customer 360 for data leaders
Create your ideal 360° customer view solutionFree Download
“I look forward to support from across the Parliament for this Bill, which is an essential part of the government's agenda to ensure Australia's privacy framework is able to respond to new challenges in the digital era,” said Dreyfus.
The Bill will also look to provide the Australian information commissioner with greater powers to resolve privacy breaches. It will also seek to strengthen the Notifiable Data Breaches scheme to ensure the commissioner has comprehensive knowledge and understanding of information compromised in a breach to assess the risk of harm to individuals.
Additionally, it will aim to equip the commissioner and Australian Communications and Media Authority with greater information-sharing powers.
Australia has been rocked by a number of cyber attacks in the last couple of months, exposing the details of millions of Australian citizens. Optus and Telstra, the nation's two largest telcos, suffered data breaches in September and October. The Optus breach affected around two million customers, while the Telstra incident affected 30,000 people.
This was followed by online retail marketplace mydeal, a Woolworths subsidiary, which revealed in October its CRM system had been compromised, affecting around 2.2 million customers.
Most recently Medibank was also affected by an unknown ransomware group in October, with the company revealing that the hacker had entered negotiations with the firm over the release of client data.
2022 State of the multi-cloud report
What are the biggest multi-cloud motivations for decision-makers, and what are the leading challengesFree Download
The Total Economic Impact™ of IBM robotic process automation
Cost savings and business benefits enabled by robotic process automationFree Download
Multi-cloud data integration for data leaders
A holistic data-fabric approach to multi-cloud integrationFree Download
MLOps and trustworthy AI for data leaders
A data fabric approach to MLOps and trustworthy AIFree Download