Aussie biz face $1.1 million for repeat breaches

Powered by SC Magazine
 

Proposed reforms could mandate patching, security upgrades.

Australian organisations that lose sensitive customer data through hacking or privacy gaffes could face fines of up to $1.1 million under proposed reforms to the Privacy Act.

The Federal Privacy Commissioner can currently push for agreed determinations but lacks powers to enforce penalities on offending organisations.

If passed, the legislation would give the Commissioner new teeth to impose financial penalties against individuals and organisations.

"I could for instance identify flaws in security systems and require organisations to patch those flaws or adopt a stronger security system," Privacy Commissioner Timothy Pilgram told SC.

Under the proposed legislation small-scale offenders could be taken to court and fined up to $22,000 for individuals, and $110,000 for organisations.

Repeat and serious offenders face financial penalties of up to $220,000 for individuals or $1.1 million for organisations.

The Privacy Commissioner will consult with industry to detail the constitution of an offence in the nine months following its theoretical passing into law.

The Bill (Privacy Amendment (Enhancing PrivacyProtection) Bill 2012) would replace the ageing National Privacy Principles (NPP) governing the private sector and Information Privacy Principles (IPP) covering government with a single federal framework, the Australian Privacy Principles (APP).

It would not replace state privacy laws.

Data breach disclosure reforms were first recommened by the Australian Law Reform Commission in 2008 and are already in place in the US and Europe.

The reforms would also respond to concerns from security experts over the lack of guidelines regarding the handling of biometric data.

Organisations would be required under the Privacy Act to implement minimum security arrangements to collect, store and disseminate biometric data.

The dissemination of biometric data, such as fingerprint and iris scans, would still be allowed for the purposes of law enforcement.

The Biometrics Institute had in March revoked a series of voluntary privacy principles for the handling of biometric data ahead of the introduction of the Privacy Act.

Other reforms under the Bill include:

  • clearer and tighter regulation of the use of personal information for direct marketing
  • extending privacy protections to unsolicited information
  • making it easier for consumers to access and correct information held about them
  • tightening the rules on sending personal information outside Australia
  • a higher standard of protection to be afforded to “sensitive information” – which includes health related information, DNA and biometric data
  • enhancing the powers of the Privacy Commissioner to improve the Commissioner’s ability to resolve complaints, conduct investigations and promote privacy compliance.

The reforms also covered credit reporting arrangements, including:

  • making a clear obligation on organisations to substantiate, or show their evidence to justify, disputed credit listings
  • making it easier for individuals to access and correct their credit reporting information
  • prohibiting the collection of credit reporting information about children
  • simplifying the complaints process by removing requirement to complain to the organisation first, complaints can be made directly to the Privacy Commissioner, and by introducing alternative dispute resolution to more efficiently deal with complaints.

Copyright © SC Magazine, Australia


Aussie biz face $1.1 million for repeat breaches
Tags
 
 
 
Top Stories
Westpac interim CIO resigns
Group CIO yet to be appointed.
 
Earning the right to innovate
Breaking down the barriers to innovation is a long, but rewarding process, says Bank of Queensland Group CIO, Julie Bale.
 
Telstra prepares to shut down 2G network
Update: Will farewell "old friend" by end of 2016.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  26%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  23%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  5%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 906

Vote