Long awaited increase to privacy breach penalties – a step closer to reality

By Cameron Abbott, Rob Pulham, Max Evans and Ella Richards

On October 25 the Australian Attorney-General’s Department released a draft bill amending the Privacy Act 1988 (the Draft Bill), inviting industry submissions by 6 December 2021.

We have been hearing about an alignment with Australian consumer and competition law penalties for quite some time – and the Draft Bill does not disappoint.

Under the Draft Bill, the maximum penalties applicable to companies for serious or repeated privacy breaches will increase to the greater of:

  • $10 million
  • three times the value of any benefit obtained through the misuse of information, or
  • 10% of the corporate group’s annual Australian turnover.

The Draft Bill also enables the introduction of an online privacy code, covering a wide scope of organisations to regulate social media services, large online platforms and data brokerage services. It is expected that industry will be given the first opportunity to develop the code, for approval by the Commissioner – with the ability for the Commissioner to develop the code in certain circumstances.

Finally, the Draft Bill introduces information sharing powers to facilitate greater engagement between the Information Commissioner and law enforcement bodies, alternative complaint bodies and State, Territory or foreign privacy regulators. This means the Information Commissioner or the receiving authority will be able to share information and documents to more effectively exercise their respective functions and powers.

With regulators banding together, maximum penalties becoming meaningful and a binding online privacy code on the horizon – there has never been a better time to get your Privacy house in order!

Copyright © 2019, K&L Gates LLP. All Rights Reserved.