New $50 Million Fine for Cyber-Attacks.
You trust them with some of your most private information after a lot of cyber-attacks, now companies that put your data at risk, or are hacked by cybercriminals, could face a minimum 50 million dollar fine.
Optus, Medibank and MyDeal are among companies to have disclosed large data breaches in recent weeks.
“We need better laws to regulate how companies manage the huge amount of data they collect, and bigger penalties to incentivise better behaviour,” Dreyfus said.
The penalties proposed include a fine of “up to $50 million”, “three times the value of any benefit obtained through the misuse of information”, or “30 percent of a company’s adjusted turnover in the relevant period”.
Dreyfus said the higher figure of those three would be the one payable.
Seriousness would be measured against several criteria.
“[The definition of] serious is going to be determined by how many people are affected, by how serious the information that has been leaked is, what the consequences of the breach are, and how reckless the company was,” Dreyfus said.
The proposed privacy legislation amendment will also give the information commissioner “greater” – though unspecified powers “to resolve privacy breaches”.
“The information commissioner has been asking for these powers now for years,” he said.
Dreyfus also flagged changes to the mandatory notifiable data breach (NDB) scheme, aimed at ensuring the commissioner “has comprehensive knowledge and understanding of information compromised in a breach to assess the risk of harm to individuals”.
The scheme has had past issues where organisations did not report ransomware attacks due to a loophole that they were not required to unless they were absolutely sure that data exfiltration had taken place.
Dreyfus also said the commissioner and the Australian Communications and Media Authority would be equipped with “greater information sharing powers.”
Dreyfus said that a comprehensive review of the Privacy Act is continuing and is likely to result in “further reform” once it is completed later this year.