Advertisement

New laws to crack down on data hacking

Whistleblower protection laws are bound for parliament, Attorney-General Mark Dreyfus says.

Whistleblower protection laws are bound for parliament, Attorney-General Mark Dreyfus says. Photo: AAP

Companies will soon face tougher fines if their customer data is hacked, under new laws introduced to federal parliament.

The laws brought in by the government in the wake of the Optus and Medibank data breaches, will increase the penalty for data breaches from $2.2 million to at least $50 million.

Attorney-General Mark Dreyfus said recent breaches had shown the serious impact data hacking had on Australians.

“Governments, businesses and other organisations have an obligation to protect Australians’ personal data, not to treat it as a commercial asset. The law must reflect this,” he told parliament on Wednesday.

“Setting these penalties at a higher level will accord with the Australian community expectations about the importance of protecting their personal data.”

Under the new laws, companies will be fined whichever is greater of $50 million, 30 per cent of the company’s turnover in the relevant period or three times the value of any benefit gained from the stolen data.

“Penalties for privacy breaches cannot be seen as simply the cost of doing business,” Mr Dreyfus said.

“Entities must be incentivised to have strong cyber and data security safeguards in place to protect Australians.”

Changes will also see the Australian information commissioner provided with new powers to be able to resolve privacy breaches effectively.

The commissioner will have greater information sharing powers with the communications watchdog to make sure the regulators can work better together.

In the wake of the Optus and Medibank breaches affecting millions of customers, Mr Dreyfus said it was important to act as quickly as possible.

“Data breaches have the potential to cause serious financial and emotional harm to Australians, and this is unacceptable,” he said.

“These amendments are targeted and measured. They respond to the most pressing issues arising from the Optus data breach and other recent cyber incidents.”

The introduction of the bill was fast tracked following the Optus data breach.

It follows from revelations the Medibank data breach was bigger than first thought.

The health insurer has been contacting current and former customers who might have had their personal information stolen in the hack.

– AAP

Advertisement
Stay informed, daily
A FREE subscription to The New Daily arrives every morning and evening.
The New Daily is a trusted source of national news and information and is provided free for all Australians. Read our editorial charter.
Copyright © 2024 The New Daily.
All rights reserved.