Read Time:1 Minute, 38 Second

The government has announced that it will increase the maximum sanctions for companies with major or recurring data privacy breaches to AU$50 million.

A wave of cybersecurity incidents that compromised client data, including the most recent involving the insurance company Medibank, prompted the move to strengthen sanctions for violators.

Attorney-General Mark Dreyfus announced intentions to present legislation this week that would increase the current AU$2.22 million ($1.4 million) maximum fine for privacy violations.

The Australian Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 will set forth new regulations, which will be applicable under the Privacy Act 1988 for “severe or recurrent” privacy violations.

“When Australians are asked to hand over their data, they have a right to expect it will be protected. Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate. It’s not enough for a penalty for a major data breach to be seen as the cost of doing business,” Dreyfus said.

“We need better laws to regulate how companies manage the huge amount of data they collect and bigger penalties to incentivise better behaviour,” he added. 

Following a significant breach involving the local telco Optus, which exposed the data of 9.8 million subscribers, including email addresses, phone numbers, and other personal identity information, Australian policymakers pushed for more punitive sanctions.

While recently, Medibank disclosed on October 13 that it had discovered “strange activity” on its network, which eventually turned out to have compromised the personal information of both domestic and foreign student customers under its subsidiary.

Australian Prudential Regulation Authority (APRA), the industry regulator for financial services, released a statement on Monday in response to the incident, reminding participants in the sector to implement data security procedures and ensure they conformed with sectoral legislation.

According to the government agency, APRA-regulated entities should have clearly defined cybersecurity roles and responsibilities and follow the requirements outlined in Prudential Standard CPS234 Information Security. 

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
Cyber Security Previous post Australia’s Latest Budget Focuses on the Digital Divide and Cyber Security
$12.6 Million Investment Next post $12.6 Million Investment Announced in Budget 2022 to Combat Scams and Online Fraud