Get all your news in one place.
100’s of premium titles.
One app.
Start reading
AAP
AAP
Politics
Andrew Brown

New laws to crack down on data hacking

Attorney-General Mark Dreyfus says higher penalties will make companies have strong cyber security. (Mick Tsikas/AAP PHOTOS) (AAP)

Companies will soon face tougher fines if their customer data is hacked, under new laws introduced to federal parliament.

The laws brought in by the government in the wake of the Optus and Medibank data breaches, will increase the penalty for data breaches from $2.2 million to at least $50 million.

Attorney-General Mark Dreyfus said recent breaches had shown the serious impact data hacking had on Australians.

"Governments, businesses and other organisations have an obligation to protect Australians' personal data, not to treat it as a commercial asset. The law must reflect this," he told parliament on Wednesday.

"Setting these penalties at a higher level will accord with the Australian community expectations about the importance of protecting their personal data."

Under the new laws, companies will be fined whichever is greater of $50 million, 30 per cent of the company's turnover in the relevant period or three times the value of any benefit gained from the stolen data.

"Penalties for privacy breaches cannot be seen as simply the cost of doing business," Mr Dreyfus said.

"Entities must be incentivised to have strong cyber and data security safeguards in place to protect Australians."

Changes will also see the Australian information commissioner provided with new powers to be able to resolve privacy breaches effectively.

The commissioner will have greater information sharing powers with the communications watchdog to make sure the regulators can work better together.

In the wake of the Optus and Medibank breaches affecting millions of customers, Mr Dreyfus said it was important to act as quickly as possible.

"Data breaches have the potential to cause serious financial and emotional harm to Australians, and this is unacceptable," he said.

"These amendments are targeted and measured. They respond to the most pressing issues arising from the Optus data breach and other recent cyber incidents."

The introduction of the bill was fast tracked following the Optus data breach.

It follows from revelations the Medibank data breach was bigger than first thought.

The health insurer has been contacting current and former customers who might have had their personal information stolen in the hack.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.