AUSTRALIA: Following high-profile hacks that affected millions of Australians in recent weeks, Attorney-General Mark Dreyfus announced that Australia would submit regulations to parliament that would strengthen the penalty for businesses that suffer significant data breaches.
Since Optus, the second-largest telco in Australia and controlled by Singtel, reported on September 22 a hack that resulted in the theft of personal data from up to 10 million accounts, the telco, financial, and government sectors in that country have been on high alert.
Following that assault, health insurer Medibank Private, which provides coverage for one-sixth of Australians, experienced a data breach last month that resulted in the theft of 200 terabytes of data and the personal information of 100 customers, including medical diagnoses and procedures.
In a formal statement released on Saturday, Dreyfus stated that the government would alter privacy regulations the following week to “significantly increase penalties for repeated or serious privacy breaches.”
The maximum fines for major or persistent privacy violations will increase from the current A$2.22 million ($1.4 million) to the greater of A$50 million, three times the amount of the profit received via the abuse of information, or 30% of turnover in the relevant period, he added.
According to the attorney general, Australians have a right to assume that their personal information will be protected when asked to provide it to businesses.
Dreyfus said, “Significant privacy breaches in recent weeks have shown that existing safeguards are inadequate. It’s not enough for a penalty for a major data breach to be seen as the cost of doing business.”
Dreyfus continued, “We need better laws to regulate how companies manage the huge amount of data they collect and bigger penalties to incentivise better behaviour.”
The announcement follows earlier this month’s government revelation of measures to modify consumer privacy laws, which would make it easier for targeted data exchange between banks and telecommunications companies in the wake of the Optus hack.
Following the Optus assault, two Australian regulators launched inquiries into the organization. The corporation has come under scrutiny for failing to stop the hack, one of the biggest in Australian history.