Data Protection - Tougher Penalties for Serious Data Breaches
On 22 October 2022, the Australian Government announced that it will introduce legislation next week to significantly increase penalties for repeated or serious privacy breaches.
The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 (Bill) will increase maximum penalties for serious or repeated privacy breaches under the Privacy Act 1988 (Cth) (Act) from the current $2.22 million penalty to whichever is the greater of:
- $50 million;
- three times the value of any benefit obtained through the misuse of information; or
- 30% of a company’s adjusted turnover, during the breach turnover period if the court cannot determine the value of the benefit under (b).
The “breach turnover period” will be the longer of either:
