Australian companies to face fines of $50m for data breaches

In wake of Optus and Medibank leaks, serious or repeated breaches of customer information will attract heavy penalties under new legislation

Companies that fail to adequately protect people’s data could face fines of $50m or more under new legislation to be introduced next week.

After Optus and Medibank reported significant breaches of customer data, including sensitive health information, the Albanese government was now moving to increase penalties for serious or repeated breaches of customer data.

The attorney general, Mark Dreyfus, who has had cybercrime added to his portfolio, will introduce the legislation that would increase penalties for serious or repeated data breaches from $2.2m to whatever is higher; $50m, three times the value of any benefit obtained through the misuse of information, or 30% of a company’s adjusted turnover in the relevant period.

“When Australians are asked to hand over their personal data they have a right to expect it will be protected,” Dreyfus said.

“Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate. It’s not enough for a penalty for a major data breach to be seen as the cost of doing business.”

The number of individuals potentially involved, whether sensitive information has been accessed, and the potential for further consequences from the information’s release are among the factors considered in whether or not to categorise a data breach as serious.

Deliberate or reckless conduct, the type of data – for example, health – or a history of serious interference with privacy, or disregard for keeping data safe would also be considered.

The legislation would also give the Australian information commissioner greater powers to resolve breaches. It would seek to ensure more information on the nature of the breach and compromised information goes to the commissioner so they could judge the risk of harm to individuals. It would also give the commissioner greater information-sharing powers.

That was in addition to the review of the privacy act the attorney general has already ordered, which was due to be handed back by the end of the year. Those recommendations could lead to further law changes.

The amendments to the privacy legislation will be introduced during one of the busiest weeks the government has had so far, with Labor also handing down its first budget and introducing industrial relations legislation aimed at overhauling bargaining.

The Coalition has already pressed the Labor government to do more on privacy laws after the Optus hack, and was expected to support the legislation which should ensure its transition through the parliament.

The privacy reforms add to the list of legislation the government wants passed by the end of the year, with the national anti-corruption commission and industrial relations bills already a priority. The crossbench hopes the territory rights private member’s bill would also be brought to a vote.

Employers have revolted against proposed changes to multi-employer bargaining, which would include both a “supported” stream for low-paid industries, and a “single interest” stream, where workers with a “common interest” can bargain together.

In a joint statement the Business Council of Australia, Australian Chamber of Commerce and Industry and Australian Industry Group warned against the “undue expansion of multi-employer bargaining”.

The Acci chief executive, Andrew McKellar, warned if “proposals for multi-employer bargaining force unwanted terms and conditions on workplaces irrespective of whether productivity gains are realised, jobs and small business will be at risk”.

The workplace relations minister, Tony Burke, has rejected calls to delay the reform until next year, warning that “getting wages moving” is essential to help with the cost of living so the bill must proceed with “absolutely urgency”.


Amy Remeikis and Paul Karp

The GuardianTramp

Related Content

Article image
Russian Medibank hackers could be first targets of Australian sanctions against cyber-attackers
Dfat confirms it has provided advice to minister Penny Wong about using cyber-related powers introduced last year

Daniel Hurst

14, Dec, 2022 @2:00 PM

Article image
Real estate agents push back against Australian privacy law changes designed to protect personal data
Real Estate Institute of Australia president says ‘another component of risk that might prove detrimental to free enterprise’

Paul Karp Chief political correspondent

18, May, 2023 @3:00 PM

Article image
Labor to appoint dedicated privacy commissioner to combat data breaches
The Office of the Australian Information Commissioner will also be restored to a three-commissioner structure after defunding by Coalition

Stephanie Convery

02, May, 2023 @11:00 AM

Article image
What the ghosts of campaigns past – and Dirty Dancing – can teach the PM about the voice referendum | Katharine Murphy
The lessons from the republic, marriage equality and climate fights? Don’t get bogged down in detail, Indigenous Australians have to lead and avoid partisan biffo

Katharine Murphy

27, Jan, 2023 @2:00 PM

Article image
US group campaigning against Australia’s reversal of recognition of West Jerusalem as Israeli capital
StandWithUs places ad in the Weekend Australian and asks readers to email Anthony Albanese and Penny Wong about issue

Daniel Hurst Foreign affairs and defence correspondent

03, Nov, 2022 @12:30 AM

Article image
Medicare review: what changes can we expect to see - and what’s still missing?
Health sector welcomes the broad vision of taskforce report, but worries it’s short on details, a timeline and money

Josh Butler

03, Feb, 2023 @2:00 PM

Article image
State and territory leaders to sign joint statement backing Indigenous voice to parliament
Move will give a fresh push to Labor’s referendum plans, with Liberals and Greens yet to agree their positions

Paul Karp

31, Jan, 2023 @2:00 PM

Article image
Guardian Essential poll: most think RBA rate hikes an overreaction as shine comes off Albanese
Majority believe government at least partially to blame for rises but don’t assume Coalition would manage them better

Katharine Murphy Political editor

20, Feb, 2023 @2:00 PM

Article image
Australia can’t blow another decade of climate action – it’s now up to Labor and the Greens | Katharine Murphy
Key people are talking but there’s frustration in both camps. The weeks ahead will require maturity and dexterity

Katharine Murphy

17, Feb, 2023 @7:00 PM

Article image
Aukus: nuclear submarines deal will cost Australia up to $368bn
‘Rotational forces’ of US and UK nuclear-powered submarines set to visit Australia from 2027 as part of landmark pact

Daniel Hurst and Julian Borger

13, Mar, 2023 @8:08 PM