Australia to increase fines for data breaches

Australian companies that fail to protect customers’ data will face fines worth tens of millions of dollars under new laws proposed by the government, Attorney-General Mark Dreyfus said on Saturday.

In a statement, Dreyfus said he would introduce legislation to Parliament that will increase the maximum fines for serious or repeated data breaches from the current limit of A$2.2 million ($1.3 million), reports Xinhua news agency.

Under the changes, the maximum penalty will become whichever is highest A$50 million, 30 per cent of a company’s turnover in the relevant period, or three times the value of any financial benefit obtained through the misuse of data.

It comes after a series of high-profile data breaches in Australia.

Telecommunications giant Optus in September disclosed a major cyber attack that compromised the data of approximately 10 million current and former customers.

On October 13, health insurance provider Medibank revealed hackers stole 200 gigabytes of data including details of customers’ medical procedures.

“When Australians are asked to hand over their personal data they have a right to expect it will be protected,” Dreyfus said on Saturday.

“Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate. It’s not enough for a penalty for a major data breach to be seen as the cost of doing business.”

The Optus and Medibank breaches have been referred to the Australian Federal Police (AFP), Australian Cyber Security Centre, and Australian Signals Directorate for investigation.

If passed by Parliament, the amendments to the Privacy Act would also give the national information commissioner greater powers to resolve data breaches.




Please enter your comment!
Please enter your name here