- / Blog
- / Increased SME penalties for data breaches
Increased SME penalties for data breaches
Recent data breaches fuel new penalties
The recent, high-profile, Optus and Medibank, data breaches have resulted in changes to the Privacy Act 1988, including substantially larger penalties for companies and individuals. These changes also bring Australia’s privacy legislation into closer alignment with the European GDPR Privacy laws (General Data Protection Regulation).
Penalties for major breaches of the Privacy Act
Serious or repeated non-compliance with the Privacy Act, existing penalties have increased for individuals from $444,000 to $2.5 million per breach.
For companies, the greater of the following three penalties can now apply:
Up to $50 million (increased from $2.2 million) per breach;
3x the value of any benefit the business gains; and
30% of the business’s adjusted Australian revenue, during the period of non-compliance.
New powers for the OAIC
In addition, the powers of the OAIC (Office of the Australian Information Commissioner), have been widened to:
The right to conduct an assessment of an organisation’s compliance with the Notable Data Breaches Scheme under the Privacy Act;
The right to require information regarding an actual or suspected data breach;
The right to share information with other enforcement agencies and the public;
The right to make public any finding following an investigation; and
The right to issue infringement notices for failure to provide requested information.
How to protect your business from breaching the Privacy Act
SMEs with an annual turnover above $3 million must comply with thie Privay Act. However, some businesses with less than $3 Million turnover must comply, if they are in the medical or health sectors or deal in personal information.
Cyber risk management is your first line of defence against successful data breaches. These include only collecting and holding essential customer information and do so for no longer than necessary. It’s also important that cyber security policies are updated across your organisation and that all employees have ongoing training..
Cyber Insurance is also a great way to protect your company from the financial cost of any breach or investigation. . This insurance is specifically designed to help your business recover from a data breach by, for example, covering the costs of data recovery and restoration, legal defence, cyber extortion and crisis management.
Does your business have cyber insurance?
Contact us today
SUMMARY
TITLE: Increased SME penalties for data breaches
The Optus and Medibank data breaches have galvanised both the public and the government. The result is a set of amendments to the Privacy Act that brings us into line with the European GDPR and major increases in fines for non-compliance and greater powers for the OAIC to investigate and deal with breaches.