Australia flags increased penalties subsequent cyber attacks
Australia's telco, financial and government sectors have been on high alert after Singtel-owned Optus, the nation's second-largest telecom was closed on September 22 following a hack that resulted in the theft of personal data from up to 10 million accounts.
Attorney-General Mark Dreyfus stated that Australia would submit regulations to Parliament that would strengthen the penalty for companies that suffer significant data breaches, following high-profile hacks that affected millions of Australians in recent weeks.
The attack was followed by a data breach at health insurer Medibank Private, which provides coverage for one-sixth of Australians, resulting in the theft of 200 gigabytes of data and the personal information of 100 customers, comprising medical diagnoses and procedures.
Dreyfus stated that the government would alter privacy regulations the following week to "substantially enhance penalties for persistent or major privacy violations."
According to him, the proposed amendments would increase the maximum financial penalties for serious or persistent privacy violations from the present A$2.22 million ($1.4 million) to A$50 million, three times the value of the advantage acquired through the misuse of information, or 30% of turnover in the respective period.
The attorney general stated that Australians have a right to assume that their personal information would be protected when asked to provide it to companies.
"Recent significant privacy violations have demonstrated that the current protections are insufficient. A big data breach penalty alone cannot be considered a necessary expense of doing business" explained Dreyfus.
"We want stronger rules to control how companies handle the enormous amounts of data they acquire, as well as harsher punishments to encourage better conduct."
The government announced plans to overhaul consumer privacy rules in order to facilitate targeted data sharing between telecommunications companies and banks, following the Optus breach. Following the Optus hack, two Australian regulators launched investigations into the company, which has come under fire for failing to prevent the hack, which was one of the largest on record in Australia.