ENG

Data Protection - Tougher Penalties for Serious Data Breaches

Published

Oct 28 2022

Written By

emma croft Module
Emma Croft

Senior Associate
Australia

I am a senior associate in our Dispute Resolution Group in Sydney, specialising in media and technology disputes, commercial litigation and privacy and cybersecurity advisory work.

Related

Practices

Regions

Countries

Offices

On 22 October 2022, the Australian Government announced that it will introduce legislation next week to significantly increase penalties for repeated or serious privacy breaches.

The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 (Bill) will increase maximum penalties for serious or repeated privacy breaches under the Privacy Act 1988 (Cth) (Act) from the current $2.22 million penalty to whichever is the greater of:

  1. $50 million;
  2. three times the value of any benefit obtained through the misuse of information; or
  3. 30% of a company’s adjusted turnover, during the breach turnover period if the court cannot determine the value of the benefit under (b).

The “breach turnover period” will be the longer of either:

Full article available on Disputes +

Read More

Latest insights

More Insights
featured image

Key takeaways from the ICO’s final anonymisation guidance

1 minute Apr 16 2025

Read More
Curiosity line teal background

ASIC v FIIG Securities – AFSL Holders on Notice for Cyber Failures

Apr 16 2025

Read More
featured image

KSA: Public consultation on Draft “AI Hub” Law

4 minutes Apr 15 2025

Read More
More Insights