Australia’s biggest companies could be slapped with fines worth hundreds of millions of dollars for Optus and Medibank-style privacy breaches under a massive increase in penalties to be introduced by the Albanese government.
Penalties could be even higher than $50 million, based on company turnover and the estimated value of the stolen data. The government decided to fast-track the changes after recent breaches saw Australians’ sensitive personal data stolen and put up for ransom on the internet. Attorney-General Mark Dreyfus said increased penalties were necessary to encourage companies to take cybersecutrity seriously.“It’s not enough for a penalty for a major data breach to be seen as the cost of doing business. We need better laws to regulate how companies manage the huge amount of data they collect, and bigger penalties to incentivise better behaviour.”
The government will also beef up the Australian Information Commissioner with more powers to resolve privacy breaches and equip the Australian Communications and Media Authority with greater information sharing powers. On Friday Cybersecurity Minister Clare O’Neil said recent breaches showed Australia was “behind the eight-ball” when it comes to protecting customer data.