The Australian government will next week introduce legislation to significantly increase penalties for privacy breaches after the huge hack at mobile phone operator Optus.
The legislation will boost the maximum penalty for serious or repeated privacy breaches to A$50 million (S$45 million), three times the value of any benefit obtained through the misuse of information, or 30 percent of a company’s adjusted turnover in the relevant period, whichever is greater.
The current level is a A$2.22 million penalty.
Australia needs better laws to regulate how companies manage the large amount of data they collect and bigger penalties to incentivize good behavior, Attorney-General Mark Dreyfus said in a statement on Saturday.
“Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate,” he said. “It is not enough for a penalty for a major data breach to be seen as the cost of doing business.”
The Bill will also provide the Australian Information Commissioner with greater powers to resolve privacy breaches.
Optus, an Australian subsidiary of Singtel, last month revealed that a vast security breach had exposed the details of 9.8 million former and current customers in one of the country’s biggest-ever hacks.
More than two million people had identity document numbers compromised, triggering concerns about wide-scale financial fraud.
The hack is threatening to become a crisis for Optus and its Singapore parent.
The company is already paying for replacement driving licenses and passports, and total costs including bills and fines could stretch into hundreds of millions of dollars, according to estimates.
Singtel this month said a second Australian business, Dialog, also suffered a cyber attack. Data on fewer than 20 clients and 1,000 current and former staff may have been accessed in the hack.
Earlier this month, Australian phone company Telstra called for a review of laws governing data retention after scams targeting customers reached new highs.