All Australian firms will now face a fine that could reach a whopping AU$ 50 million if a large-scale data breach hits them. The Australian parliament approved this law.
The previous fine for the breached company has only reached a little over AU $2 million, which the parliament deemed useless as companies did not improve their security solutions.
The new bill was the Australian government’s response after their country suffered a series of cyberattacks in the previous months. The attacks have led to numerous critical data leakages for millions of Australians.
An announcement explained that the Albanese Labor government has immediately responded to the massive data breaches. They have announced, introduced, and deployed the legislation in a month.
Australian firms should now upgrade their cybersecurity.
The newly approved bill urges Australian firms to have a better protection mechanism to avoid getting breached and receiving a fine.
The most recent and notable incidents that concerned the government are the data breach on Optus telecom provider and Medibank insurance firm. The first breach has impacted more than 10 million individuals, and the latter exposed about 9.7 million data from the ransomware attack.
The new bill also gives greater authority to the Office of the Australian Information Commissioner (OAIC) and gets more involved in the privacy breach resolution and determination process.
The Australian agency has warmly accepted the approval of the amendment and assured Australian that it would upgrade its role to protect individuals and the country’s economy.
The increased penalties will align the Australian privacy law closely with competition, consumer remedies, and international sanctions under the EU’s General Data Protection Regulation.
Australian government officials also stated that they seek penalties or take regulatory action to discipline non-compliant firms. In addition, their approach will continue to be more practical and proportionate and will base on solid evidence.
They have also compared their penalties to the EU’s GDPR, which showed that they are significantly higher since Europe’s fine only reaches up to $10 million.
