On 22 October 2022, the Australian Government announced that it will introduce legislation next week to significantly increase penalties for repeated or serious privacy breaches.
The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 (Bill) will increase maximum penalties for serious or repeated privacy breaches under the Privacy Act 1988 (Cth) (Act) from the current $2.22 million penalty to whichever is the greater of:
The “breach turnover period” will be the longer of either:
This marks not only a significant increase to the current penalties, it is also a significant increase on earlier draft reforms to the current penalties, proposed last year.
Additionally, the Bill will:
The timeliness at which the legislation has been introduced has come largely as a response to the recent cyber breaches which have occurred in Australia.
Last week, Prime Minister Anthony Albanese formally added cybercrime to the Attorney General’s (the Hon Mark Dreyfus KC) responsibilities, highlighting the importance of cyber security in the current environment. “When Australians are asked to hand over their personal data, they have a right to expect it will be protected,” said Dreyfus. “I look forward to support from across the Parliament for this Bill.”
The Bill is being introduced amidst a more comprehensive review of the Act that is due to be completed by the end of 2022.
It seems at least possible that the pace of those other reforms and indeed the scope of them will also be accelerated.
For more information, please contact Hamish Fraser, Belyndy Rowe, James Hoy, Emma Croft and Lukas Mitterlechner.