Amid the recent Telstra scandal, hope emerges with new law to curb 'inadequate' measures
As serious data breaches become increasingly rampant, the Albanese government plans to introduce legislation next week that will increase penalties for repeated or severe privacy violations.
Recently, HRD reported on the Telstra privacy breach, in which approximately 30,000 names and email addresses of past and present company employees were posted on the dark web.
According to the government, such privacy breaches proved that existing measures to safeguard data are inadequate and should be addressed.
“It’s not enough for a penalty for a major data breach to be seen as the cost of doing business,” Attorney-General Mark Dreyfus said. “The Albanese government is committed to protecting Australians’ personal information and to further strengthening privacy laws.”
According to the attorney general’s media release, the 2022 Privacy Legislation Amendment (Enforcement and Other Measures) Bill plans to raise the maximum penalties applicable under the Privacy Act 1988 for a severe or repeated privacy violation.
The current penalty is $2.22 million, and the proposed legislation aims to increase it to whichever is greater of “$50 million; three times the value of any benefit obtained through the misuse of information; or 30 percent of a company’s adjusted turnover in the relevant period,” the attorney-general said.
Aside from increasing the penalty, the bill will also allow the Australian Information Commissioner (AIC) to exercise greater powers to address privacy breaches.
Additionally, the proposed legislation will “strengthen the Notifiable Data Breaches scheme to ensure the Australian Information Commissioner has comprehensive knowledge and understanding of information compromised in a breach to assess the risk of harm to individuals,” according to the government.
Lastly, the bill will provide the AIC and the Australian Communications and Media Authority with strengthened information-sharing powers.
Dreyfus said that the proposed legislation is in addition to a thorough review of the Privacy Act by the Attorney-General’s Department that will be completed this year, with recommendations anticipated for further reform.
“I look forward to support from across the Parliament for this bill, which is an essential part of the government’s agenda to ensure Australia’s privacy framework is able to respond to new challenges in the digital era,” Dreyfus said.