Government passes bill increasing data breach penalties to $50m
The Australian Government has passed a bill that will significantly increase the penalty for businesses that suffer repeated or major data breaches.
The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 will increase the civil penalty from $2.2 million, to the penalty that bears the most financial weight:
- $50 million
- 30 per cent of adjusted turnover for the period or
- three times the financial gain from the misuse of data in the case of outstandingly shocking breaches.
The bill passed through the senate and then the lower house on Monday after it was slightly reworded to target organisations that suffer “serious” or “repeated” breaches.
Concerns have been raised over the lack of definition of serious and repeated incidents’, and that small to medium businesses may be hit by the same penalties as large organisations.
“Reforms to clarify key definitions in the Privacy Act, developed a tiered penalty regime, provide greater clarity on the applications of penalties and enhance security guidelines are being considered through the Privacy Act review,” said Labor Senator and Agriculture Minister Murray Watt.
The increase in penalties is a direct response to recent major data breaches in Australia, with government aiming to send a clear message to large companies; they must do better to protect the data they collect.
Do you know your Cyber Security capabilities, and your level of risk? Do you have a clear plan on how to improve your capabilities? Would you know what do to do if you had a cyber security incident?
If you are concerned about these new penalties, and don’t understand what your level of risk is request a free assessment to start your journey on protecting your company, employees and customers below.