Government mulls stricter data breach laws. How will this affect Australian employers?

Amid the recent Telstra scandal, hope emerges with new law to curb 'inadequate' measures

Government mulls stricter data breach laws. How will this affect Australian employers?

As serious data breaches become increasingly rampant, the Albanese government plans to introduce legislation next week that will increase penalties for repeated or severe privacy violations.

Recently, HRD reported on the Telstra privacy breach, in which approximately 30,000 names and email addresses of past and present company employees were posted on the dark web.

According to the government, such privacy breaches proved that existing measures to safeguard data are inadequate and should be addressed.

“It’s not enough for a penalty for a major data breach to be seen as the cost of doing business,” Attorney-General Mark Dreyfus said. “The Albanese government is committed to protecting Australians’ personal information and to further strengthening privacy laws.”

Key points of the Bill

According to the attorney general’s media release, the 2022 Privacy Legislation Amendment (Enforcement and Other Measures) Bill plans to raise the maximum penalties applicable under the Privacy Act 1988 for a severe or repeated privacy violation.

The current penalty is $2.22 million, and the proposed legislation aims to increase it to whichever is greater of “$50 million; three times the value of any benefit obtained through the misuse of information; or 30 percent of a company’s adjusted turnover in the relevant period,” the attorney-general said.

Aside from increasing the penalty, the bill will also allow the Australian Information Commissioner (AIC) to exercise greater powers to address privacy breaches.

Additionally, the proposed legislation will “strengthen the Notifiable Data Breaches scheme to ensure the Australian Information Commissioner has comprehensive knowledge and understanding of information compromised in a breach to assess the risk of harm to individuals,” according to the government.

Lastly, the bill will provide the AIC and the Australian Communications and Media Authority with strengthened information-sharing powers.

Dreyfus said that the proposed legislation is in addition to a thorough review of the Privacy Act by the Attorney-General’s Department that will be completed this year, with recommendations anticipated for further reform.

“I look forward to support from across the Parliament for this bill, which is an essential part of the government’s agenda to ensure Australia’s privacy framework is able to respond to new challenges in the digital era,” Dreyfus said.

Recent articles & video

Join us for an unforgettable night at the Australian HR Awards 2024

'Right to disconnect' hits Australia: Everything you need to know about new legislation

Request for additional training leads to 'forced resignation'

Ex-director dismissed at 76 years old, cries unfair dismissal

Most Read Articles

'Right to disconnect' hits Australia: Everything you need to know about new legislation

Director 'forces’ manager to leave before end of notice period: Is it dismissal?

FWC awards compensation despite worker's poor performance, attendance