The Australian Government has proposed the Privacy Legislation Amendment (Enforcement and Other Measures) Bill to strengthen Australia’s privacy and security framework following the increased data breaches.
The Bill covers four main objectives:
- Significantly increase penalties for serious or repeated privacy breaches – most notably, the penalty cap will be raised from $2.22 million to greater of $50 million, 3x the value of any benefit obtained via the breach, or 30% of the entity’s adjusted turnover during the relevant period.
- Give the Office of the Australian Information Commissioner (OAIC) enhanced powers to request information and conduct compliance assessments of the notifiable data breach regime
- Give the OAIC new enforcement powers, allowing the OAIC to require entities to conduct external reviews of their internal procedures and to publish notices about specific privacy breaches to affected individuals, and
- Introduce new information-sharing powers for the OAIC and the Australian Communications and Media Authority, and impose corresponding penalties for failure to provide information
The Bill is also designed in a manner which responds to the different needs of Australian sectors. The Bill will require entities to meet the obligations of privacy legislation if they “carry on business” in Australia. Additionally, the OAIC will be empowered to make determinations following the investigation of complaints. This will enable the OAIC to engage an independent advisor to review the acts or practices that are subject to a complaint and institute remediation accordingly.
If passed, the Bill will introduce sweeping changes to ensure entities protect user data and limit the chance of further sensitive data breaches. However, commentators have noted that the efficacy of the new penalties may fall short as the OAIC has never imposed a penalty under the Privacy Act and instead it may be more beneficial to endow the OAIC with an active role in assisting entities in managing their compliance with privacy legislation rather than threatening them with higher penalties.
For a full reading of the Bill, see here.