Tougher penalties for serious data breaches
The Albanese Government will next week introduce legislation to significantly increase penalties for repeated or serious privacy breaches.
When Australians are asked to hand over their personal data they have a right to expect it will be protected.
Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate. It's not enough for a penalty for a major data breach to be seen as the cost of doing business.
We need better laws to regulate how companies manage the huge amount of data they collect, and bigger penalties to incentivise better behaviour.
The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 will increase maximum penalties that can be applied under the Privacy Act 1988 for serious or repeated privacy breaches from the current $2.22 million penalty to whichever is the greater of:
- $50 million;
- three times the value of any benefit obtained through the misuse of information; or
- 30 per cent of a company's adjusted turnover in the relevant period.
The Bill will also:
- provide the Australian Information Commissioner with greater powers to resolve privacy breaches;
- strengthen the Notifiable Data Breaches scheme to ensure the Australian Information Commissioner has comprehensive knowledge and understanding of information compromised in a breach to assess the risk of harm to individuals; and
- equip the Australian Information Commissioner and the Australian Communications and Media Authority with greater information sharing powers.
This Bill is in addition to a comprehensive review of the Privacy Act by the Attorney-General's Department that will be completed this year, with recommendations expected for further reform.
I look forward to support from across the Parliament for this Bill, which is an essential part of the Government's agenda to ensure Australia's privacy framework is able to respond to new challenges in the digital era.
The Albanese Government is committed to protecting Australians' personal information and to further strengthening privacy laws.