“We need better laws to regulate how companies manage the huge amount of data they collect, and bigger penalties to incentivise better behaviour.”

The changes will be made via an amendment to the country’s privacy laws, following a long process of consultation on reforms.

Dreyfus said the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 will increase the maximum penalties that can be applied under the Privacy Act 1988 for serious or repeated privacy breaches from the current AUS $2.22 million (~$1.4M) penalty to whichever is the greater of:

The change of government, earlier this year, also means there’s a new broom at work.

Additional changes trailed by Dreyfus include greater powers for the Australian information commissioner and a beefed up Notifiable Data Breaches scheme to provide the privacy watchdog with a more comprehensive view of what’s been compromised in a breach, also so it can assess the risk of harm to individuals.

The information commissioner and the Australian Communications and Media Authority will also be furnished with greater information sharing powers to enable more regulatory joint-working.

Both agencies opened investigations of Optus following last month’s breach.

The Attorney-General’s Department is also undertaking a comprehensive review of the Privacy Act that’s due to be completed this year, with recommendations expected for further reform, it said.

“I look forward to support from across the Parliament for this Bill, which is an essential part of the Government’s agenda to ensure Australia’s privacy framework is able to respond to new challenges in the digital era. The Albanese Government is committed to protecting Australians’ personal information and to further strengthening privacy laws,” added Dreyfus.

Australia to toughen privacy laws with huge hike in penalties for breaches by Natasha Lomas originally published on TechCrunch