Canberra: Australian companies that fail to protect customers’ data will face fines worth tens of millions of dollars under new laws proposed by the government.
Attorney-General Mark Dreyfus said on Saturday that he would introduce legislation to Parliament that will increase the maximum fines for serious or repeated data breaches from the current limit of 2.2 million Australian dollars (1.3 million US dollars), reports news agency Xinhua.
Under the changes, the maximum penalty will become whichever is highest 50 million Australian dollars (31.7 million US dollars), 30 per cent of a company’s turnover in the relevant period, or three times the value of any financial benefit obtained through the misuse of data.
It comes after a series of high-profile data breaches in Australia.
Telecommunications giant Optus in September disclosed a major cyber attack that compromised the data of approximately 10 million current and former customers.
On October 13, health insurance provider Medibank revealed hackers stole 200 gigabytes of data including details of customers’ medical procedures.
“When Australians are asked to hand over their personal data they have a right to expect it will be protected,” Dreyfus said on Saturday.
“Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate. It’s not enough for a penalty for a major data breach to be seen as the cost of doing business.”
The Optus and Medibank breaches have been referred to the Australian Federal Police (AFP), Australian Cyber Security Center, and Australian Signals Directorate for investigation.
According to the report, If passed by Parliament, the amendments to the Privacy Act would also give the national information commissioner greater powers to resolve data breaches.
