Australia announces tougher punishments for data breaches in the wake of significant cyberattacks
The changes will raise the maximum penalties by three times the value of the benefit obtained through the misuse of the information in Australia.
Attorney General Mark Dreyfus said Australia would introduce legislation to Parliament to increase penalties for companies exposed to major data breaches after high-profile cyber attacks that hit millions of Australians in recent weeks.
Australia’s telecommunications, financial, and government sectors have been on high alert since Optus, owned by Singtel, the country’s second-largest telecommunications company, revealed a breach on September 22 that saw the personal data of up to 10 million accounts.
This attack was followed this month by a data breach at health insurance company Medibank Private, which covers one-sixth of Australians, which led to the theft of 100 personal information of customers, including diagnoses and medical procedures, as part of the theft of 200 gigabytes of data.
In an official statement issued on Saturday, Dreyfus said the government would move next week to “significantly toughen penalties for serious and repeated breaches of privacy” with amendments to privacy laws.
The proposed changes would raise the maximum penalties for serious or repeated privacy breaches from A$2.22 million ($1.4 million) to A$50 million, whichever is greater, three times the value of the benefit obtained through misuse of information, or 30% billed. . In the same period, he said.
The attorney general said that when Australians were asked to hand over personal data to companies, they had a right to expect it to be protected.
“Serious privacy breaches in recent weeks have shown that existing safeguards are inadequate. It is not enough for a penalty for a major data breach to be seen as the cost of doing business,” Dreyfus said.
“We need better laws to regulate how companies handle the vast amount of data they collect and stronger penalties to incentivize better behaviour.”
The announcement comes after the government revealed plans to review consumer privacy rules that would help facilitate the sharing of specific data between telcos and banks in the wake of the Optus breach.
In the wake of the Optus attack, two Australian regulators opened investigations into the company, which has come under fire for failing to prevent the attack, one of the largest on record in Australia.
To read More News Updates, Visit our Site, InsightFello.