With high-profile cyber attacks hitting millions of Australians in the last few weeks, Attorney-General Mark Dreyfus announced that the federal government will be introducing new laws that will increase penalties for companies subject to major data breaches.
Telcos, financial and government sectors have been on high alert after the country’s second-largest telco Optus revealed that 10 million accounts had their personal data stolen in a data breach last month.
The attack on Optus was followed by another data attack on a telco. Early this month, Telstra announced that up to 30,000 of its former and current workers have had their personal data uploaded into the dark web.
The data leak was said to have caused by a cyber security breach from a third party that was offering a rewards program for Telstra staff.
Another cyber incident has been recently reported, this time with the healthcare sector. Health insurer Medibank Private, which covers one-sixth of Australians, revealed that 100 of their customers’ personal information was stolen as part of the theft of 200 gigabytes of data.
The Attorney-General issued an official statement that the federal government will move to “significantly increase penalties for repeated or serious privacy breaches” with amendments to privacy laws this week.
The proposed changes would lift maximum penalties for serious or repeated privacy breaches from the current $2.22 million to the greater of $50 million, three times the value of the benefit obtained through the misuse of information or 30% of turnover in the relevant period.
When Australians were asked to hand over personal data to companies, the Attorney-General said they had a right to expect it would be protected.
“Significant privacy breaches in recent weeks have shown existing safeguards are inadequate. It’s not enough for a penalty for a major data breach to be seen as the cost of doing business,” he said.
“We need better laws to regulate how companies manage the huge amount of data they collect, and bigger penalties to incentivise better behaviour.”
The Attorney-General’s announcement comes after the federal government revealed plans to overhaul consumer privacy rules earlier this month. The overhaul was said to would help facilitate targeted data sharing between telecommunication firms and banks following the breach at Optus.