Australia hits firms hit by data breaches with higher fines

In an attempt to incentivize better security of client’s data, the Australian government has raise the fines on companies which allow data breaches.

The financial penalty imposed on companies engaged in serious or repeated privacy breaches will be increased to at least $50 million.

The current penalty is $2.2 million and the federal government believes that is insufficient given massive cyber-attacks on Optus and Medibank Private in recent weeks.

Attorney-General Mark Dreyfus will fast-track amendments to the Privacy Act when federal parliament returns next week

“When Australians are asked to hand over their personal data they have a right to expect it will be protected,” Mr Dreyfus said.

"Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate.

“It’s not enough for a penalty for a major data breach to be seen as the cost of doing business.”

The proposed legislation would see the fine for “serious or repeated privacy breaches” increased to either $50 million, three times the value of the benefit obtained through misuse of data, or 30 per cent of a company’s adjusted turnover in the relevant period.

The fine would be whichever value is the highest.