In Australia, penalties for “repeated and serious” privacy violations are to be increased significantly. Attorney General Mark Dreyfus announced this over the weekend. Instead of the previously possible maximum fine of 2.2 million Australian dollars (1.43 million euros), up to 50 million Australian dollars (32.2 million euros) in the future, three times the profit derived from the misuse of data or 30% of the company’s adjusted sales during the affected period is possible. Maybe – whichever is highest. The Associated Press quoted the minister as saying that corporations could face fines of hundreds of millions of dollars.
response to data leak
With the plan, Australia’s new government is reacting to a series of sometimes serious data leaks in recent weeks. They may have shown, writes Dreyfus, that existing security measures were not sufficient. It is not enough that the penalties imposed for such data leaks are seen only as a result of business acumen. Businesses should feel the financial consequences and businesses should be motivated to protect Australian data. At the same time, recent events have raised concerns in the government that the economy may be storing too much user data for too long in hopes of eventually monetizing it. The legislation is expected later this year, the Associated Press writes.
Just a few weeks ago it became known that the personal data of more than 10 million customers at Australian telecommunications provider Optus had been tapped. This put more than a third of the population at risk of identity theft or fraud, the Associated Press said. After that, sensitive health data was stolen from health insurer Medibank. The company was threatened that key customers in particular should be contacted and confronted with their information. That’s believed to be around 200 gigabytes of data. Medibank has now admitted that the attackers proved they had data on at least 100 people.