Australia set to increase penalties for data breaches following major cyberattacks

Published: Updated:
Enable Read mode
100% Font Size

Australia will introduce laws to parliament to increase penalties for companies subject to major data breaches, Attorney-General Mark Dreyfus said, after high-profile cyberattacks hit millions of Australians in recent weeks.

Australia’s telco, financial and government sectors have been on high alert since Singtel-owned Optus, the country’s second-largest telco, disclosed on September 22 a hack that saw the theft of personal data from up to 10 million accounts.

For the latest headlines, follow our Google News channel online or via the app.

That attack was followed this month by a data breach at health insurer Medibank Private, which covers one-sixth of Australians, resulting in personal information of 100 customers being stolen, including medical diagnoses and procedures, as part of a theft of 200 gigabytes of data.

Dreyfus, in an official statement issued on Saturday, said the government would next week move to “significantly increase
penalties for repeated or serious privacy breaches” with amendments to privacy laws.

The proposed changes would lift maximum penalties for serious or repeated privacy breaches from the current A$2.22 million ($1.4 million) to the greater of A$50 million, three times the value of the benefit obtained through the misuse of information, or 30 percent of turnover in the relevant period, he said.

When Australians were asked to hand over personal data to companies, they had a right to expect it would be protected, the
attorney-general said.

“Significant privacy breaches in recent weeks have shown existing safeguards are inadequate. It’s not enough for a penalty for a major data breach to be seen as the cost of doing business,” Dreyfus said.

“We need better laws to regulate how companies manage the huge amount of data they collect, and bigger penalties to incentivize better behavior.”

The announcement comes after the government earlier this month revealed plans to overhaul consumer privacy rules that would help facilitate targeted data sharing between telecommunication firms and banks following the breach at Optus.

In the wake of Optus attack, two Australian regulators opened investigations into the company, which has come under heavy fire for not preventing the hack, one of the biggest on record in Australia.

Read more: Australia subject to ‘state-based’ cybersecurity attack: PM Morrison

Top Content Trending