The Bill includes amendments to the Privacy Act 1988 (Cth) (Privacy Act), including:
Many of the proposed amendments to the Privacy Act were foreshadowed by the previous Government's release of the Exposure Draft to the Online Privacy Bill last year (see our briefing here). However, the increase to the penalties is especially significant, with the previous proposal at $10 million rather than $50 million.
The introduction of the Bill this week was undoubtedly accelerated by recent high-profile data breaches in Australia. Whether a data breach occurs as the result of a malicious actor, internal error or the failings of a third-party service provider, the Government had clearly signalled its increased focus on enforcing privacy compliance with stronger financial consequences for failures to do so.
What steps should organisations take?
The Bill, and other adjacent legislative and regulatory developments (including recent reforms to the Security of Critical Infrastructure Act),1 have elevated privacy, data protection and information security as critical considerations that all companies must proactively manage. Given the very real regulatory, reputational and business interruption consequences that cyber-attacks or data and privacy breaches cause, it is unsurprising that cyber security and cyber resilience are rated as a top risk by Boards today.
In this context, entities must ensure they have appropriate privacy and data security practices and procedures in place, commensurate to the increased level of technological, regulatory, legal and ..
Support the originator by clicking the read the rest link below.
