N

Our legal experts will keep you up to date on all relevant and current developments.

Reforms to the Privacy Act 1988 Brings Significant Penalties for Serious or Repeated Privacy Breaches
Reforms to the Privacy Act 1988 Brings Significant Penalties for Serious or Repeated Privacy Breaches
Tuesday 8 November 2022 / by Tal Williams posted in Business, Corporate & Commercial Franchising & Retail Technology Law Data Breach Privacy Breach Privacy Act 1988 OAIC Australian Privacy Principles Cyber Attack Privacy

There is no question that one of the most high-profile legal issues at the moment relates to privacy and data control.   

Recent privacy breaches have highlighted that Australia’s laws may not be as effective as we would like in requiring businesses to take appropriate precautions to prevent the inappropriate release of private information and personal data.

In part, this may be because Australia has a very low penalty regime with respect to privacy breaches. This, and other relevant matters, are currently being considered - and an update to the Privacy Act 1988 has now been drafted and introduced into Parliament.

The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 considers some of the core elements referred to in the 2021 Exposure Draft. In particular it increases penalties for data breach.  Currently, a corporate entity could be exposed to penalties of up to $2.22 million.

Moving forward, under the new regime, penalties will be the greater of:

  • $50 million;

  • 3 times the value of the benefit obtained by the company; or

  • 30% of the adjusted turnover of the company during the period in which the privacy breach occurred.

Non-corporate entities and individuals will have their penalties raised from $444,000 to $2.5 million.

READ MORE
New obligations to report cyber incidents - critical infrastructure
New obligations to report cyber incidents - critical infrastructure
Tuesday 5 July 2022 / by Tal Williams posted in Business, Corporate & Commercial Technology Law Cyber Attack Data Breach Ransomware Attack Essential Eight Critical Infrastructure Assets Mandatory Cyber Incident Response Requirements Cyber Security Incident Reporting

With the increasing prevalence of malicious cyberattacks, new regulations have been introduced to ensure that the government has knowledge of cyber incidences affecting specific entities in the following industries:

  • electricity
  • communications
  • data storage or processing
  • financial services
  • water
  • healthcare and medical
  • higher education and research
  • food and grocery comment transport
  • space technology

By implementing a mandatory reporting regime, the government seeks to strengthen the security and resilience of critical infrastructure, by empowering the relevant authorities to more immediately address critical cyber incidents - and to develop responses and protections to minimise the risk of future incidents occurring.

READ MORE
What Is A Mandatory Data Breach Notification?
Tuesday 18 April 2017 / by Tal Williams & Lucy Williams posted in Business, Corporate & Commercial Technology Law Data Breach Data Breach Notification

If you store personal information of any kind you have strict obligations under the Privacy Act not to disclosure that information to third parties. Systems, however, can be breached.

READ MORE

Recent Posts

Tempo Holidays Pty Ltd (in liq) v Tully & Berkley Insurance Australia

22 April 2024

NSW Supreme Court Ruling Highlights Difficulty in Relying on Limitations Defence

19 April 2024

Can you believe everything you read from social media influences? The ACCC is investigating.

10 April 2024

Australian Securities and Investments Commission v Auto & General Insurance Company Limited [2024] FCA 272

04 April 2024

The Importance of Workplace Consultation

21 March 2024

MORE LINKS

CONTACT US

Privacy Policy

|

Copyright HolmanWebb 2024