Commonwealth Floats Increased Penalties For Privacy Breaches
It was in November, 2012, when the first time The Australian Privacy Commissioner announced that under a new law, it will be able to issue million-dollar fines to government agencies, and companies for serious and repeated privacy breaches.
The Commonwealth Attorney at that time was -General Nicola Roxon. He stated this move to be the most significant changes to privacy laws in more than 20 years. Companies will also now be responsible for the way their customers’ personal information is handled by their offshore counterparts, such as call centres.”
In 2019 an article in Zdnet, Chris Duckett reports, “Commonwealth floats increased penalties for privacy breaches.”
Attorney-General Christian Porter and Minister for Communications Mitch Fifield have said the Coalition government will increase the penalties within the Privacy Act, but consultation on the draft legislation will only begin in the second half of the year, after the upcoming federal election.
Under the proposed changes, the current maximum penalty for serious or repeat offenders would be raised from AU$2.1 million to the greater of AU$10 million; or three times the value of any benefit obtained through the misuse of information; or 10 percent of a company’s annual Australian turnover.
It was also proposed that the Office of the Australian Information Commissioner (OAIC) would issue new infringement notices that carry penalties of up to AU$63,000 for corporate bodies, and AU$12,600 for individuals, as well as publish prominent notices about breaches and ensure breaches have third-party reviews.
Further, the proposed changes would allow Australians to request online platforms to stop the use or disclosure of their data, with stronger provisions if the person is a minor or deemed to be vulnerable.
“Existing protections and penalties for misuse of Australians’ personal information under the Privacy Act fall short of community expectations, particularly as a result of the explosion in major social media and online platforms that trade in personal information over the past decade,” Porter said.
“This penalty and enforcement regime will be backed by legislative amendments which will result in a code for social media and online platforms which trade in personal information. The code will require these companies to be more transparent about any data sharing and requiring more specific consent of users when they collect, use and disclose personal information.”
Should the changes become law, OAIC would gain an additional AU$25 million in funding over three years to handle the changes. In February, Commissioner Angelene Falk was pressed by Senators to state that her office was understaffed, with the office having taken up to a year to deal with some of its workload. Falk said, however, the office needed to “work proactively” to handle its increased work.
Porter said the changes follow on from previous government changes such as the Online Safety Charter and Online Safety Research program, and the Consumer Data Right (CDR).
While consultation on the changes to the Privacy Act has been flagged as something to occur after the looming federal election, the legislation that will introduce the CDR is facing a rush against time to pass Parliament before it rises.
Critics of the CDR have said the legislation is rushed, and does not have sufficient privacy protection, but the Senate Economics Legislation Committee said last week it should still be passed.
“At the very least, it will improve on current arrangements; and it has the potential to protect and empower consumers and drive competition and innovation,” the committee wrote. “The committee particularly welcomes the endorsement of the bill from innovative high technology companies.”
Late last year, the Australian Competition and Consumer Commission flagged concerns about the lack of transparency surrounding how the tech giants use data.
“Companies with market power and often sensitive data are in a strong position to decide what to do with it and who to share it with. Questions obviously arise around the role government should play and what fundamental rights exist in relation to privacy and data,” Sims said.
“It’s important that government and regulators globally are alive to these issues to make sure regulations remain appropriate for the digital age.”
Julia Sowells922 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.