On the grounds of the recent data breaches that rocked Australia, the Albanese government will soon be significantly increasing the maximum punishment for violating privacy laws that potentially cost businesses hundreds of millions of dollars.
In legislation to be introduced to Parliament this week, the maximum penalty for serious or repeated violations of privacy laws will be increased from $2.2 million to as high as $50 million, which is three times the benefit received from the misuse of data or 30% of adjusted revenue in the relevant period.
It means that a company with $1 billion in revenue generated in the 12 months preceding a data breach could be fined up to $300 million.
Attorney-General Mark Dreyfus has announced increased penalties for companies that violate privacy laws. According to him, if companies view the current penalty regime for privacy breaches as simply the cost of doing business, it is insufficient.
He further added that Important privacy infringements in recent weeks have evidenced that existing safeguards are insufficient.
Dreyfus also said that when Australians are asked to provide personal information, they have the right to expect that it will be protected.
He also highlighted that Australia requires stronger laws to govern how businesses organise the massive amounts of data they collect and harsher penalties to encourage better behaviour.
The Attorney-General’s spokesman emphasised that the changes were being made to major penalties.
He also informed that the court would reserve discretion as to the actual fine it would enforce, while taking into consideration the facts of the case.
As a result, a $50 million turnover medium-sized business is unlikely to face a $50 million fine.
The new legislation will also give the Information Commissioner new powers to access larger information tosolve privacy breaches and bolster the data breach reporting scheme so that the commissioner has comprehensive knowledge and understanding of the information compromised in a breach.
Mr. Dreyfus informed that the government is firmly committed to safeguarding Australians’ personal details and bolstering privacy laws.
The Albanese government’s latest action to increase the size of the stick available to courts to whack offenders represents a significant increase in the importance placed on online privacy and expectations about collecting and storing people’s personal, sensitive information.
Last month, lawyers alerted that Australian businesses were ignoring privacy laws framed to prevent them from keeping personal data collected from customers for commercial use.
Companies are required by law to delete people’s information after they have used it for its intended purpose.
This law amounts to the fact that many companies don’t know the number of servers they have. Hence, many are left unpatched, which becomes a source of vulnerability.
Recently, major data breaches were revealed at telco Optus and health insurance provider Medibank.
The Australian Communications and Media Authority is investigating Optus on the fact that it took genuine steps to safeguard the personal data of 9.8 million Australians, which was stolen last month and briefly listed for sale online.
Following an initial denial on information stolen in a recent cyber raid, Medibank confirmed on Thursday that criminals had gained access to and taken sensitive customer data, including healthcare claims information.
On Friday, the health insurer’s stock remained suspended as it assessed the damage caused by a breach that compromised customers’ sensitive health data.
Prime Minister Anthony Albanese, a Medibank customer, said he wasn’t worried about his data potentially becoming public. However, he was concerned about the broader impact of what is a severe criminal act.
Mr. Albanese also informed us that the brightest and the best of our security and law enforcement agencies are working hard to reduce the disruption and impact of this criminal activity.
With so much complex information on data security rules shared, you and your business would need an expert to simplify the information and help you understand it.
You don’t have to worry when Anitech’s ISMS consultants are here to help!
Our consultants are experienced in the cyber security field and have more than 15 years of experience with major multinational companies in performing root cause analysis, finding gaps in IT security, Vulnerability management, Firewall rule review, IPS/IDS, Malware management, Penetration testing and various different branches of IT security.
Our ISMS consultants are specialization in the analysis of finding gaps in inventory management and can guide you in implementing the security controls in your company such that you do not attract any penalties
To get in touch with our ISMS consultants, you can call 1300 802 163 or email info@anitechgroup.com.
