The government has secured passage of a sizable increase in civil penalties for organisations that experience “serious” or “repeated” privacy breaches.
The new penalties will come into effect a day after Royal Assent by the Governor-General.
The bill passed the senate on Monday with only one minor wording amendment, and was then approved by the lower house later in the afternoon.
The catalyst for government action was a series of high-profile privacy breaches in Australia, for which the maximum fine payable is $2.22 million.
Penalties are now up to $50 million, or 30 percent of adjusted turnover or three times any financial benefit obtained through data misuse for more egregious breaches.
“The government has wasted no time in responding to recent major data breaches,” Attorney-General Mark Dreyfus said in a statement.
“We have announced, introduced and delivered legislation in just over a month.
“These new, larger penalties send a clear message to large companies that they must do better to protect the data they collect.”
Senate passage had been on the cards since late last week when a senate committee recommended the bill be passed.
Opposition from segments of industry on the quantum of potential penalties did not lead to the penalty amounts being reduced.
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
