The Federal Government has heralded major changes to the Privacy Act 1988 (Cth) (Privacy Act), including tougher penalties for breaches of privacy and other measures to ensure safety online.
The Attorney-General Christian Porter MP announced the increased penalties saying that the current regime under the Privacy Act “falls short of community expectations”.
The proposed amendments are a response to the boom of companies trading in personal information and the hitherto lag in legislation protecting online data security.
The new regime will increase the maximum penalties for misuse of personal information from $2.1 million for serious or repeated breaches, to the greater of:
- $10 million
- three times the value of any benefit obtained through the misuse of information
- 10% of a company’s annual domestic turnover
The amendments would also see the OAIC armed with greater enforcement powers; an additional AUD$25 million to investigate and respond to data breaches.
Although draft legislation has not yet been produced, the amendments would bring Australia more closely in line with other tougher privacy regimes around the world, in particular, the General Data Protection Regulation (GDPR) in the European Union (see our earlier article on the GDPR here).
So far news coverage has focussed on the potential fines for tech giants such as Google and Facebook, however the proposed changes could have a significant financial impact for all Australian businesses.
What does this mean for you?
If passed, the changes will impact the privacy compliance landscape. The potential for increased financial penalties and an OAIC with more teeth creates additional risks to reputation and bottom line. And while the progress of any potential enhancements to the Privacy Act depend on the outcome of the Federal Election in May, the signalled changes do reinforce the need for businesses to treat privacy risk as a significant whole of business issue.
At a bare minimum, business owners should ensure they have taken steps to support adequate systems and processes to achieve Privacy Act compliance. This includes improving information handling practices, having a data breach response plan in place and ensuring regular document destruction.
We can provide your complete document destruction solution; for everything from business and personal information shredding to computer hardware disposal. We’re happy to talk to you about how your business can implement a regular document destruction plan to ensure Privacy Act compliance.
Call us on 1300 788 719 for a free no obligation quote or click here to order online.