The Anthony Albanese administration has stated it would introduce new legislation in parliament to harshly penalise repeat perpetrators of ‘privacy breaches’ weeks after Australian telecom firm Optus disclosed a significant data leak. According to a report from Reuters, the law outlines a plan to raise the maximum punishment for repeated offences from the existing $1.4 million to $32 million, or 30% of the turnover in the relevant period, or three times the value of any advantage derived by the abuse of information.
‘These past several weeks have seen a number of significant privacy violations, which proves the effectiveness of the current protections. A fine for a significant data breach is insufficient to qualify as a business expense ‘, said Mark Dreyfus, attorney general. To control the enormous quantity of data that businesses gather, he continued, ‘we need better rules, and higher fines to reward better behaviour’.
Data breaches have been increasingly common in Australia in recent months. Following the incident, Optus revealed that databases with information on approximately 40% of the population’s addresses, licence numbers, and passport numbers were compromised. The company said that the attacker’s IP address appeared to alternate between several European nations. While the Optus event was still fresh in people’s minds, a similar attack also affected Medibank Private Ltd., the largest health insurer in Australia.
According to WION, Medibank, which insures one-sixth of Australians, said that a significant data breach resulted in the theft of its clients’ medical information. Following the occurrences, Prime Minister Albanese declared he intended to amend the policy to safeguard the customers. ‘We want to be sure that we update some of the privacy protections there so that the banks can be informed if individuals are caught up in this way so that they can safeguard their consumers as well’.