A bill that would substantially increase the penalties for serious or repeated data breaches has passed the lower house of parliament, even as industry raised concerns with its contents via a senate inquiry.
The bill will now proceed to the Senate. However, the the Senate inquiry isn’t due to report until November 22.
As the government promised when it announced the legislation, the Privacy Legislation Amendment increases the maximum penalties for “serious or repeated privacy breaches” to whichever is the greater of $50 million; three times the value of any benefit obtained through the misuse of information; or 30 percent of a company’s “adjusted turnover” in the relevant period.
As iTnews reported this morning, the penalties have raised concerns from across industry sectors, including from the Australian Banking Association (ABA), the Australian Information Industries Association (AIIA), and Amazon Web Services.
Both the ABA and the AIIA want some kind of safe harbour, so that organisations that meet recognised privacy or security standards can avoid the heaviest penalties.
“A safe harbour from penalties for businesses that can demonstrate good faith and due diligence in reporting, including by implementing best-practice cyber security frameworks, would ensure that the system encourages transparency and willingness to both resolve major data breaches and seek assistance in doing so,” the AIIA stated.
In addition to the fines, the bill gives the Australian Information Commissioner greater powers to resolve breaches, and share information to help protect customers.