Australian companies are notified about facing tougher fines for privacy breaches after the country’s Parliament proposed new penalties following the recent security breach incidents on firms that exposed people’s data to threat actors.
Reports reveal that the proposed penalties for serious cybersecurity breaches of Australia’s Privacy Act include an increase from 2.2 million AUD to 50 million AUD. Moreover, a penalised company will have to pay the value of 30% of its revenues for a specified period if that amount goes above 50 million AUD.
An Australian attorney stated that the new privacy breach penalties could lead companies to pay hundreds of millions– a substantial increase from the previous standard fine.
Though, the attorney explained that this penalty is designed to challenge the companies to improve their cybersecurity measures at the workplace and protect Australian citizens’ data.
Since the country’s last Parliament on October 22, Australia has recorded several cybersecurity breaches, including one from a wireless telco giant Optus which exposed 9.8 million customer data to threat actors. According to researchers, the breach on Optus resulted in endangering more than one-third of the Australian population towards identity theft, fraud, and other potential cybercriminal risks.
In other reports, Australia’s largest health insurer, Medibank, had been victimised by an unidentified threat group who had stolen 200GB of customers’ data, including medical treatments and diagnoses. The unknown hackers demanded a massive ransom from the insurance firm after sending samples of the stolen data, holding at least 100 records out of the firm’s 3.7 million customers nationwide.
The attorney added that these two major security incidents from the Australian firms indicate the inadequacy of existing security safeguards; thus, tougher breach penalties must be implemented because the affected firms have displayed their failure to protect people’s data.
The Australian government is concerned about whether these companies hold massive amounts of customer data for an unnecessarily prolonged period. Furthermore, implementing the proposed breach penalties must be a serious lesson for the affected firms, seeing it as a deterrent for mishandling sensitive data.
Optus and Medibank will not go through the propositioned breach penalties, given that it is still in the process of becoming a law in the remaining months of this year.
