Australian Government proposes “up to $50m” fines for serious data breaches
The government is pushing to rapidly pass new privacy laws that, among other things, would see the maximum fine for “repeated or serious” data breaches increase from $2.2 million to a possible $50 million or 30% of turnover.
On Saturday morning, Attorney-General Mark Dreyfus said that the current penalties for organisations who breached The Privacy Act were “seen as a cost of doing business”.
“The maximum fine at the moment is $2.2 million, and for a really big company that’s just … something that they can safely ignore,” Dreyfus said.
“What we need is really large penalties that will concentrate the minds of corporations who are storing Australians’ data, making sure that in the future they will look after that.”
“We need better laws to regulate how companies manage the huge amount of data they collect, and bigger penalties to incentivise better behaviour,” Dreyfus said.
The penalties proposed include a fine of “up to $50 million”, “three times the value of any benefit obtained through the misuse of information”, or “30 percent of a company’s adjusted turnover in the relevant period”.
Dreyfus noted that the higher number of the three would be what is owed.
“[The definition of] serious is going to be determined by how many people are affected, by how serious the information that has been leaked is, what the consequences of the breach are, and how reckless the company was,” Dreyfus said.
The legislative amendments will be put before the parliament this week.
Dreyfus said that a review of the Privacy Act is continuing and will surely result in “additional reform” once it is completed at the end of this year.
Oper8 Global has a proven track record of helping organisations encrypt and protect their customer and internal data, being Thales Cloud Security‘s only Australian Owned Platinum Partner, with recent success with Gadens, delivering trusted cloud security with Thales’ CipherTrust Manager Solution.
Oper8 Global is offering until the end of the year a free Data Protection Consultation, to book, please submit your details below, and one of our consultants will get in touch.