Skip to main content

Privacy penalty bill passes house

The Hon Mark Dreyfus KC MP
Media Release

The Albanese Government’s legislation to significantly increase penalties for repeated or serious privacy breaches has today passed the House.

The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 increases the maximum penalties for serious or repeated privacy breaches from the current $2.22 million to whichever is the greater of:

  • $50 million;
  • three times the value of any benefit obtained through the misuse of information; or
  • 30 per cent of a company’s adjusted turnover in the relevant period.

The Bill also provides the Australian Information Commissioner with greater powers to resolve privacy breaches and quickly share information about data breaches to help protect customers.

Significant privacy breaches in recent weeks have shown existing safeguards are outdated and inadequate. This bill makes clear to companies that the penalty for a major data breach can no longer be regarded as the cost of doing business.

The Albanese Government is committed to protecting Australians’ personal information and to further strengthening privacy laws. Companies must do better to prevent breaches from happening.

A comprehensive review by the Attorney-General’s Department will be completed this year, ahead of an overhaul of the Privacy Act next year.