New Privacy Law Regime – $10 million in Penalties
The Federal Government has announced important changes to the Privacy Act 1988 (Cth). These include supplemental powers for the Office of the Australian Information Commissioner (OAIC) and stringent financial penalties for the misuse of personal information.
The Privacy Act needed a more current regime in response to the surge of online companies dealing with personal data according to the Attorney-General. Attorney-General Christian Porter said:
“Existing protections and penalties for misuse of Australian’s personal information under the Privacy Act fall short of community expectations, particularly as result of the explosion in major social media and online platforms that trade in personal information over the past decade.”
If the legislation is enacted the penalties will increase from $ 2.1 million to a maximum of the higher of:
- $ 10 million for serious or repeated breaches
- Three times the value of any benefit taken from the misuse of personal information
- 10% of an entity’s annual domestic turnover
The new penalties will bring Australia more in line with the General Data Protection Regulation (GDPR) penalty regulation where the penalties for the misuse of personal information are up to €20 million or 4% of annual global turnover.
There will be additional $25 million in funding to the OAIC to investigate and respond to breaches and new powers to issue infringement notices.
The OAIC will have the power to issue infringement notices of up to $ 63,000 for bodies corporate and $12,600 for individuals.
The new legislation will also require social media and online platforms to take reasonable action to stop using or disclosing personal information when requested by an individual.
Stronger laws will apply to protect the personal information of children.
Take Away Points
- Who should know about the new privacy laws? Individuals, small businesses, private sector and not-for-profit organisations with annual turnovers of $3 million or more per year.
- What you should know? There are stiff penalties for the misuse of personal information.
- What you need to do? You must ensure that you comply with the Privacy Act. Understand your obligations when collecting personal information online and ensure you respond to data breaches in accordance with the privacy laws.
Jaclyn-Mae Floro, BCompSc
Contact W3IP Law on 1300 776 614 or 0451 951 528 for more information about any of our services or get in touch at firstname.lastname@example.org.
Disclaimer. The material in this post represents general information only and should not be taken to be legal advice.