After two significant cybersecurity breaches exposed millions of people to criminal activity, Australia on Saturday recommended stiffer sanctions for businesses that fail to secure consumers’ personal data.
According to changes that will be presented to Parliament the following week, the fines for significant violations of the Privacy Act would rise from the current 2.2 million Australian dollars ($1.4 million) to AU$50 million ($32 million), Attorney-General Mark Dreyfus stated. If a company’s revenue exceeds AU$50 million ($32 million) for a certain time, it may additionally be subject to a punishment equal to 30% of that amount.
Unknown criminals have stolen the personal information of 9.8 million users of Optus, Australia’s second-largest cellular telecommunications provider, since Parliament last met. The breach has increased the danger of identity theft and fraud for more than one-third of Australia’s population. Unknown hackers claimed to have stolen 200 terabytes of client data, including medical diagnosis and treatments, and demanded ransom from Medibank, Australia’s largest health insurance, this week. There are 3.7 million clients of Medibank. According to the business, the hackers have established that they possess at least 100 people’s personal information.
According to reports, the criminals have threatened to reveal the medical histories of famous Medibank clients. Both breaches, according to Dreyfus, demonstrated that “current measures are insufficient.”
The government is concerned that businesses are hanging on to excessive amounts of consumer data for too long in the hopes of making money out of it in addition to failing to secure personal information.
Dreyfus stated, “We need to ensure that when a data breach occurs, the punishment is sufficiently significant, that it’s a truly substantial consequence on the corporation, and that it can’t just be overlooked, paid as a part of a cost of doing business.”
In the remaining four weeks that Parliament will meet this year, Dreyfus expects that the suggested revisions will pass into law. Any additional fines won’t apply retroactively and won’t have an impact on Optus or Medibank.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.