The Commonwealth Government has announced plans to introduce a new penalty regime for the misuse of personal information under the Privacy Act (“the Act”).
The aim of the new regime is to increase the protection of data and personal information online by increasing the penalties for breaching the Act, and by expanding the powers of the Office of the Australian Information Commissioner (“OIAC”).
While the new penalties are primarily targeted towards social media and technology platforms that capture, analyse and share personal information of users, the amendments will have consequences for all entities to which the Privacy Act and Australian Privacy Principles apply.
The amendments will introduce the following changes to the Act:
1. Increased penalties for all entities covered by the Act.
The current maximum penalty for serious or repeat breaches of the Act will be increased from $2.1 million to $10 million or three times the value of any benefit obtained through the misuse of personal information or 10 per cent of a company’s annual domestic turnover – whichever is greater.
2. Expanded powers for the OIAC
The OIAC will be provided with new powers to issue infringement notices to entities that have breached the Act. These powers will be supported by new penalties for failure to cooperate with efforts to resolve minor breaches of up to $63,000 for corporate entities and $12,600 for individuals.
3. Specific rules to protect children and vulnerable groups
The amendments will introduce specific rules to protect the personal information of children and other vulnerable groups.
There is currently only general information available about the content of the amendments, with legislation to be drafted and made available for consultation in the second half of 2019.
CRH Law will continue to monitor the progress of the changes to the Privacy Act. In the meantime, the original media release is available on the Government’s website or via this link.