Jump to content
  • Australia will now fine firms up to AU$50 million for data breaches

    alf9872000

    • 1 comment
    • 425 views
    • 3 minutes
     Share


    • 1 comment
    • 425 views
    • 3 minutes

    The Australian parliament has approved a bill to amend the country's privacy legislation, significantly increasing the maximum penalties to AU$50 million for companies and data controllers who suffered large-scale data breaches.

     

    The financial penalty introduced by the new bill is set to whichever is greater:

    • AU$50 million
    • Three times the value of any benefit obtained through the misuse of information
    • 30% of a company's adjusted turnover in the relevant period

     

    Previously, the penalty for severe data exposures was AU$2.22 million, considered wholly inadequate to incentivize companies to improve their data security mechanisms.

     

    The new bill comes in response to a series of recent cyberattacks against Australian companies, including ransomware and network breaches, resulting in the exposure of highly sensitive data for millions of people in the country.

     

    "The Albanese Labor government has wasted no time in responding to recent major data breaches. We have announced, introduced, and delivered legislation in just over a month," reads the media announcement.

     

    "These new, larger penalties send a clear message to large companies that they must do better to protect the data they collect."

     

    The most notable incidents were the Optus telecommunication provider data breach that impacted 11 million people and the Medibank insurance firm ransomware attack that exposed the data of 9.7 million.

     

    "Significant privacy breaches in recent months have shown existing safeguards are outdated and inadequate. These reforms make clear to companies that the penalty for a major data breach can no longer be regarded as the cost of doing business." - Australian Government.

     

    Apart from setting higher fines, the new bill also gives greater powers to the Office of the Australian Information Commissioner (OAIC) to get more involved in the privacy breach resolution and scope determination process.

     

    OAIC has welcomed the passing of the amendment and promised Australians that it would use its enhanced role to protect individuals and the country's economy better.

     

    "The updated penalties will bring Australian privacy law into closer alignment with competition and consumer remedies and international penalties under Europe's General Data Protection Regulation," stated Commissioner Angelene Falk.

     

    "In seeking penalties or taking regulatory action, our approach will continue to be pragmatic, evidence-based, and proportionate."

     

     

    For comparison, Europe's GDPR sets fines of up to 10 million Euros or (whichever is higher) up to 2% of the global turnover of the preceding fiscal year.

    For "especially severe violations," the above is doubled to 20 million Euros and 4% of the annual turnover.

     

    Source


    User Feedback

    Recommended Comments



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...