Aussies face $1.1m fines for data breaches

By Darren Pauli on May 23, 2012 3:11 PM
Filed under Security

Proposed reforms for lost data.

Australian organisations that lose sensitive customer data through hacking or privacy gaffes could face fines of up to $1.1 million under proposed reforms to the Privacy Act.

The Federal Privacy Commissioner can currently push for agreed determinations but lacks powers to enforce penalities on offending organisations.

If passed, the legislation would give the Commissioner new teeth to impose financial penalties against individuals and organisations.

"I could for instance identify flaws in security systems and require organisations to patch those flaws or adopt a stronger security system," Privacy Commissioner Timothy Pilgram told CRN sister site SC Magazine.

Under the proposed legislation small-scale offenders could be taken to court and fined up to $22,000 for individuals, and $110,000 for organisations.

Repeat and serious offenders face financial penalties of up to $220,000 for individuals or $1.1 million for organisations.

The Privacy Commissioner will consult with industry to detail the constitution of an offence in the nine months following its theoretical passing into law.

The Bill (Privacy Amendment (Enhancing PrivacyProtection) Bill 2012) would replace the ageing National Privacy Principles (NPP) governing the private sector and Information Privacy Principles (IPP) covering government with a single federal framework, the Australian Privacy Principles (APP).

It would not replace state privacy laws.

Data breach disclosure reforms were first recommened by the Australian Law Reform Commission in 2008 and are already in place in the US and Europe.

The reforms would also respond to concerns from security experts over the lack of guidelines regarding the handling of biometric data.

Organisations would be required under the Privacy Act to implement minimum security arrangements to collect, store and disseminate biometric data.

The dissemination of biometric data, such as fingerprint and iris scans would still be allowed for the purposes of law enforcement.

The Biometrics Institute in March revoked a series of voluntary privacy principles for the handling of biometric data ahead of the introduction of the Privacy Act.

Other reforms under the Bill include:

  • clearer and tighter regulation of the use of personal information for direct marketing
  • extending privacy protections to unsolicited information
  • making it easier for consumers to access and correct information held about them
  • tightening the rules on sending personal information outside Australia
  • a higher standard of protection to be afforded to “sensitive information” – which includes health related information, DNA and biometric data
  • enhancing the powers of the Privacy Commissioner to improve the Commissioner’s ability to resolve complaints, conduct investigations and promote privacy compliance.

The reforms also covered credit reporting arrangements, including:

  • making a clear obligation on organisations to substantiate, or show their evidence to justify, disputed credit listings
  • making it easier for individuals to access and correct their credit reporting information
  • prohibiting the collection of credit reporting information about children
  • simplifying the complaints process by removing requirement to complain to the organisation first, complaints can be made directly to the Privacy Commissioner, and by introducing alternative dispute resolution to more efficiently deal with complaints.
 
Follow us on Facebook and Twitter
 

Copyright © SC Magazine, Australia

Aussies face $1.1m fines for data breaches
Tags
 
 
 
 
 
Top Stories
 
Telco rapped for unsolicited phone calls
Breached Do Not Call rules.
 
NTT Data grabs slice of $150m SAP project
Dollars flow from major Transport for NSW programme.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
Which mobile device couldn't you live without?


Latest Comments
CRN Magazine

Issue: 328 | June 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.