Data fines hiked
The Federal Government says it will greatly increase fines for serious data breaches.
In response to a series of high-profile data thefts, Attorney-general Mark Drefuys says a regulatory crackdown for corporates and businesses will put the onus back on them to clean up their own information security.
Fines for serious data breaches will be increased to $50 million - 22.5 times higher than the present maximum fines of $2.22 million.
Legislation for the changes is being rushed into parliament during Budget week.
The bill includes another penalty that allows for fines of “three times the value of any benefit obtained through the misuse of information” or “30 per cent of a company’s adjusted turnover in the relevant period”.
“We need better laws to regulate how companies manage the huge amount of data they collect, and bigger penalties to incentivise better behaviour,” Mr Dreyfus said.
“Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate. It’s not enough for a penalty for a major data breach to be seen as the cost of doing business.”
There is some concern that the approach essentially penalises victims, many of which will have purchased technology applications that house data from managed service providers and cloud providers, who are not liable for breaches.
Mr Dreyfus said the new laws and penalties also “provide the Australian Information Commissioner with greater powers to resolve privacy breaches” and will “strengthen the Notifiable Data Breaches scheme to ensure the Australian Information Commissioner has comprehensive knowledge and understanding of information compromised in a breach to assess the risk of harm to individuals”.