After two high-profile data breaches, the Australian government intends to introduce in Parliament the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022. Attorney-General Mark Dreyfus says the law aims to increase the financial penalties companies face for repeated or serious breaches of privacy.
Under the proposed bill, the penalty for will be increased to the greater of an AU$50 million ($1.4 million) fine, three times the value of any benefit obtained through the misuse of information, or 30 per cent of a company’s adjusted turnover in the period in question.
“Significant privacy breaches in recent weeks have shown existing safeguards are inadequate. It’s not enough for a penalty for a major data breach to be seen as the cost of doing business. We need better laws to regulate how companies manage the huge amount of data they collect, and higher penalties to incentivize better behavior,” Dreyfus said.
The Privacy Legislation Amendment (Enforcement and Other Measures) Bill will give the Australian Information Commissioner (AIC) more powers to address privacy breaches, strengthen the Notifiable Data Breaches scheme to improve the information provided to the AIC to better enable it to assess the risk of harm, and give the AIC and the Australian Communications and Media Authority (ACMA) more powers to share information.
Following the Optus breach, the government announced plans earlier this month to overhaul consumer privacy rules to make it easier for telecoms companies and banks to share data.
The sources for this piece include an article in Reuters.