Australia to introduce tougher penalties for data breaches

Optus last month revealed a vast security breach had exposed details of 9.8 million former and current customers. PHOTO: REUTERS

SYDNEY – The Australian government will later in October introduce legislation to significantly increase penalties for privacy breaches after the huge hack at mobile phone operator Optus.

The legislation will boost the maximum penalty for serious or repeated privacy breaches to A$50 million (S$45 million), three times the value of any benefit obtained through the misuse of information, or 30 per cent of a company’s adjusted turnover in the relevant period, whichever is greater. The current level is a A$2.22 million penalty.

Australia needs better laws to regulate how companies manage the large amount of data they collect and bigger penalties to incentivise good behaviour, Attorney-General Mark Dreyfus said in a statement on Saturday.

“Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate,” he said. “It is not enough for a penalty for a major data breach to be seen as the cost of doing business.”

The Bill will also provide the Australian Information Commissioner with greater powers to resolve privacy breaches.

Optus, an Australian subsidiary of Singtel, last month revealed that a vast security breach had exposed the details of 9.8 million former and current customers in one of the country’s biggest-ever hacks. More than two million people had identity document numbers compromised, triggering concerns about wide-scale financial fraud.

The hack is threatening to become a crisis for Optus and its Singapore parent. The company is already paying for replacement driving licences and passports, and total costs including bills and fines could stretch into hundreds of millions of dollars, according to some estimates.

Singtel said in October that a second Australian business, Dialog, also suffered a cyber attack. Data on fewer than 20 clients and 1,000 current and former staff may have been accessed in the hack.

Earlier in the month, Australian phone company Telstra called for a review of laws governing data retention after scams targeting customers reached new highs. BLOOMBERG

Join ST's Telegram channel and get the latest breaking news delivered to you.