As many in the data privacy compliance space will be aware, the federal Attorney General has been leading an overdue review of The Privacy Act 1988 to ensure privacy settings empower consumers, protect their data, and best serve the Australian economy. Earlier this week and in the wake of high profile data breach incidents The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 has passed both houses of Parliament which will then be presented to the Governor – General for assent.
There are a few elements to now be aware of as the penalties for serious or repeated interference of privacy has been significantly increased. As a quick reminder, The Privacy Act 1988 (Cth) (Privacy Act) applies to the handling of personal information by most Australian government agencies and by private companies, excluding “small” businesses with annual turnover of less than AUD$3 Million. Currently, the maximum civil penalty for “serious or repeated interferences with privacy” is AUD$2.22 Million.
Under the Bill, the maximum penalty for incorporated entities would be increased to the greater of:
- AUD$50 Million
- Three times the value of any benefit obtained through the misuse of information; or
- 30% of a company’s adjusted turnover in the relevant period (i.e., the period of non-compliance with the Privacy Act)
For unincorporated entities (including individuals, sole traders, and partnerships), the penalty will increase from the current maximum of AUD$440,000 to AUD$2.5 Million. It is widely understood, when this bill does come into full effect, it will carry penalties for breach of data privacy law that are similar to GDPR which is widely considered to be the strongest and most stringent in the world to date.
To all business and corporates, as DataBench is here to help you understand and address your PI governance and compliance obligations through high levels of automation, as an implementation partner we recommend you keep pushing these privacy matters higher up the risk register and ensure they stay on the board’s agenda.
Additionally for some overall general guidance you can look over the website for the Office of the Australian Information Commissioner – https://www.oaic.gov.au/privacy/the-privacy-act/review-of-the-privacy-act
For further details or to discuss how DataBench can help you on your privacy program journey please go to www.databench.com.au and click on ‘Get In Touch’.