- Federal attorney-general Mark Dreyfus mentioned the Optus data breach while introducing legislation that will increase potential penalties for Privacy Act breaches.
- The new rules will apply to events happening outside of Australia.
- In response to the recent string of data breaches - including the most recent Medibank heist - the government had introduced the bill at the earliest opportunity. • The amendments tabled are deliberately chosen and w
Federal attorney-general Mark Dreyfus mentioned the Optus data breach while introducing legislation that will increase potential penalties for Privacy Act breaches. Importantly, the new rules will apply to events happening outside of Australia.
Dreyfus stated in parliament yesterday that the amendments tabled are deliberately chosen and will have a positive effect on the Optus data breach issue as well as other recent cyber incidents. He added that in response to the recent string of data breaches - including the most recent Medibank heist - the government had introduced the bill at the earliest opportunity.
He told parliament: “The government has moved swiftly at every stage of the response to the Optus data breach, giving Australians confidence that their compromised identity documents can be replaced, coordinating action between regulators, and taking steps to enable Optus to share information with financial institutions to detect and prevent fraud.”
Dreyfus stated that the government is currently discussing additional ways to reform the Privacy Act, which was originally reviewed by the attorney-general’s department.
The recent amendments to the law state that if a corporation is caught seriously or repeatedly violating someone's privacy, they will be subject to heavier penalties—either $50 million, three times the value of any benefits gained from the conduct, or 30% of their turnover (if the court cannot determine how much benefit was obtained.) Aligning the penalty with an increase in breaches of telco competition and general consumer law, the government has proposed a separate bill.
The aforementioned legislation stipulates that the authorised disclosure information pertains to ACMA’s regulating role in fields such as broadcasting, interactive gambling, radcomms and telecommunications.
The legislation also gives the Australian Communications and Media Authority the ability to disclose certain types of information to federal law enforcement entities. Dreyfus said the measure would “drive better cooperation between regulators in order to deliver better outcomes for Australians.”
The said condition will be removed as per the memorandum accompanying the legislation explaining: “The purpose of this item is to update the provision to reflect that in the digital era, organisations can use technology such that they do not collect or store information directly from Australia. However, these organisations will often still otherwise be carrying on a business in Australia and should be required to meet the obligations under the Privacy Act.”
In addition to the measures mentioned above, the bill also strengthens the powers of the Office of the Australian Information Commissioner. This includes creating a new provision in Privacy Act that would enable fines to be issued for failure to provide information, answer questions or produce documents during an investigation as an alternative to litigation.
Dreyfus commented that the bill will not only empower the Information Commissioner to assess an entity's compliance with privacy-related schemes, but also force businesses improve their practices by conducting external reviews.