Australia Passes Bill Increasing Data Breach Fines from $2.2 to $50 Million

The image shows a legal official dressed in a suit holding a gavel on a flat, wooden surface.
Companies may face hefty fines for data breaches in the future after the passing of the amendment bill.
Source: Pexels

The Australian Parliament has passed the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, authorizing the Office of the Australian Information Commissioner (OAIC) to clamp down on Big Tech companies that are doing little to prevent online data breaches on their platforms. The amendment bill, which awaits Royal Assent to become law, increases the penalty for failure to prevent a data breach from 2.2 to 50 million AUD (or 1.5 to 33 million USD).

Although the 50 million AUD would be the standard penalty for a data breach, the bill provides two other mechanisms for finalizing penalties. According to the bill, a violating entity may be fined in one of three ways, depending on which amounted to more: 

  1. Fifty million AUD
  2. Three times the value of the profit the company gained from the breach
  3. Thirty percent of the company’s adjusted turnover for the period 

“Companies which fail to take adequate care of customer data will face much higher penalties following today’s passage of the Albanese Government’s legislation to significantly increase penalties for repeated or serious privacy breaches,” attorney General Mark Dreyfus KC, MP of the Australian Albanese Labor Government, said.

The amendment bill puts the OAIC in charge of overseeing and investigating data breaches. OAIC’s Commissioner Angelene Falk welcomed the bill’s passing as a step in the right direction toward increasing Australia’s competitiveness and bringing the region in line with the European General Data Protection Regulation (GDPR). 

Events That Led to The Amendment Bill

The image shows an Apple keyboard with a healthcare mask on top.
The Australian Bill comes shortly after major data breaches at two large medical companies.
Source: Pexels

Recent data breaches in Australia compelled authorities to promulgate the amendment bill. In September, for instance, a massive data breach at Optus exposed 2.1 million medical customer records. Similarly, in another data breach, cybercriminals successfully breached 9.7 million medical customer records held by Medibank

Meta has also violated user privacy on several occasions, either by deliberately colluding with other third parties or by neglecting its duty to prevent data breaches on its platforms. The Cambridge Analytica case is a prime example of how the company colluded with a political firm, allowing it access to customer records. 

More recently, the Irish Data Protection Commission (DPC) fined Meta €265 million for failing to safeguard 533 million users’ information from data scrapers. And in yet another instance, plaintiffs in an ongoing lawsuit claimed Facebook’s pixel technology illegally (and knowingly) scraped the medical information of millions of patients for targeted advertising.

Will The Amendment Bill Prevent Data Breaches?

Under the amendment, companies involved in data breaches will have to pay penalties three times the size of the value obtained from misinformation, or 30% of the company’s adjusted turnover. And these seemingly draconian clauses could prove to be effective deterrents against companies that intentionally violate user information.

The bill’s proponents argue that the harsher penalties will force Big Tech companies to strengthen their data-privacy practices. Since data breaches and cybercrime have increased in recent years, the bill’s harsher penalties may be a proportionate response.

The image shows a laptop screen showing rows of colored data against a dark background.
Companies will have to put in place stricter practices on their platforms to deter data breaches.
Source: Pexels

The bill’s opponents point out that many data breaches also occur in government institutions, so punishing only commercial entities for such breaches is unfair. To them, the bill is a blatant government attempt to exert regulatory power over economic and personal affairs. 

How Does The Bill Help Individuals and SMBs? 

Presently, no industry — healthcare, banking, social media, etc. — is off-limits for cybercriminals. With so many attack vectors available to cybercriminals, consumers need to tread with greater caution online. But, if the Australian authorities enforce the bill in its true spirit, it may restore user confidence.

Small and medium-sized business owners will still need to safeguard and test their networks regularly with third-party providers. These precautions show that an SMB has done their part to prevent a data breach. And this could potentially reduce the penalty in the event that one occurs through social engineering attacks and other means. 

The bill is a warning to the Big Tech companies. They can no longer get away with shunning responsibility for preventing data breaches. Hefty penalties may also deter them from knowingly compromising user data for advertising. 

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top