The Australian Parliament has approved the government’s privacy penalty bill that pertains to imposing heavier fines on defaulting companies. This privacy legislation amendment (enforcement and other measures) bill 2022 sees a considerable increase in the maximum penalties for repeated privacy breaches. With this bill, the Australian information commissioner will exercise greater power in resolving privacy incidents.
The bill just got pricey
The current penalty stands at $2.22 million. According to the new Bill, repeat offences as well as serious data breaches may incur a penalty of $50 million, three times the value from profits made by misusing breached data, or 30% of a company’s adjusted turnover in the applicable time period, whichever is higher.
The Albanese government had previously passed the privacy penalty bill on 9 November 2022. The legislation has now been passed by the parliament and is ready to be applied. Australia had earlier initiated a privacy act, which never took off. The former privacy act review began in 2020 but was never completed. Coincidentally, that Act also promised severe penalties but the plan was never put into action.
Optus, Medibank, and more
The Optus data breach that impacted over 9 million users, the cyberattack on Medibank with the shareholder’s at the AGM questioning the security measures the insurance company missed putting in place, the Harcourt data breach, and the data breach at the Australian defence e-communication platform are some of the major cyberattacks the country suffered recently.
The severe penalties and other actions will be implemented a day after it is given the Royal Assent. The Privacy Act will receive a final overhaul and complete review by the Attorney-General’s department as it is being finalized.
Significant privacy breaches in recent months have shown existing safeguards are outdated and inadequate. These reforms make clear to companies that the penalty for a major data breach can no longer be regarded as the cost of doing business,” Attorney-General of Australia and Cabinet Secretary Mark Dreyfus said in a government announcement.
