The Australian government recently passed a bill to increase financial penalties for data privacy violators, pushing maximum fines for serious or repeated breaches to AU$50 million. The parliament has ‘intensified’ the new bill in response to recent cyberattacks against Australian companies. The most noteworthy incidents were the Optus telecommunication provider data breach that impacted 11 million people and the Medibank insurance firm ransomware attack that exposed the data of 9.7 million. In this article at Bleeping Computer, Bill Toulas explains why the Australian government has ramped up the data breach penalty.
Data Breach Penalty for Law Breaches
The amended data breach penalty for cyber incidents is as follows:
For more giant corporations, law breaches can lead to a fine of,
- AU$ 50 million, or
- 30% of adjusted turnover (this will reflect turnover during the breach period and will be a minimum of 12 months), or
- 3x the value of the benefit obtained through the misuse of information
The updated penalties for individuals include,
- AU$ 2.5 million, and
- The criminal sanctions of up to 10 years in jail for cartel conduct
These new maximum penalties represent a five-fold increase from the current liabilities. According to the Australian government, the amended penalties will apply to competition and consumer law breaches. Furthermore, this change will impact a more significant number of foreign organizations conducting business in Australia.
“Apart from setting higher fines, the new bill also gives greater powers to the Office of the Australian Information Commissioner (OAIC) to get more involved in the privacy breach resolution and scope determination process,” says Toulas.
What Does This Mean for Businesses?
Businesses must now ensure:
- They have consumer compliance processes.
- Staff is well-trained to identify security flaws, empowered to seek advice, and escalate any concerns.
- Directors, C-suite executives, senior management, and all employees know that competition and consumer law breaches will attract personal liability.
To read the original article, click on https://www.bleepingcomputer.com/news/security/australia-will-now-fine-firms-up-to-au50-million-for-data-breaches/.
