Following high-profile hacks that affected millions of Australians in recent weeks, Attorney-General Mark Dreyfus announced that Australia would submit regulations to parliament that would strengthen the penalty for businesses that suffer significant data breaches.
Since Optus, the second-largest telco in Australia and controlled by Singtel, reported on September 22 a hack that resulted in the theft of personal data from up to 10 million accounts, the telco, financial, and government sectors in that country have been on high alert.
This month, a data breach at health insurance Medibank Private, which provides coverage for one-sixth of Australians, resulted in the theft of 200 terabytes of data and the personal information of 100 customers, including medical diagnoses and procedures.
In a formal statement released on Saturday, Dreyfus stated that the government would alter privacy regulations the following week to “substantially enhance penalties for persistent or major privacy violations.”
The maximum fines for major or persistent privacy violations will increase from the current A$2.22 million ($1.4 million) to the greater of A$50 million, three times the amount of the profit received via the abuse of information, or 30% of turnover in the relevant period, he added.
Australians have a right to assume that their personal information would be protected when asked to provide it to businesses, according to the attorney general.
“Significant privacy breaches in recent weeks have shown existing safeguards are inadequate. It’s not enough for a penalty for a major data breach to be seen as the cost of doing business,” Dreyfus said.
“We need better laws to regulate how companies manage the huge amount of data they collect, and bigger penalties to incentivise better behaviour” he added.
Following the Optus data breach, the government earlier this month announced intentions to update consumer privacy laws to make it easier for targeted data exchange between banks and telecommunications companies.
Two Australian authorities started looking into Optus after the incident, and the corporation has come under fire for failing to stop the breach, one of the biggest in Australian history.
