Skip to content

  • Home
  • COVID-19 Guide
  • Podcast library
  • Client results
  • Expertise
  • News & Insights
  • People
  • Our DNA
  • Inclusion and Diversity
  • Join us
  • Contact Us
Home / NEWS & INSIGHTS / Insight / It’s no secret – $10 million penalties to be introduced for privacy law breaches
Insight 9 April 2019

It’s no secret – $10 million penalties to be introduced for privacy law breaches


WHO SHOULD READ THIS
  • Individuals, private sector and not-for-profit organisations with annual turnovers of $3 million or more per financial year; small businesses which handle personal information.
THINGS YOU NEED TO KNOW
  • Changes to Australian privacy laws may expose APP entities to hefty fines for misuse of personal information.
WHAT YOU NEED TO DO
  • Ensure your dealings with personal information comply with the Privacy Act; and
  • review your data breach response plan (or put one in place).

The Federal Government has announced major changes to the Privacy Act 1988 (Cth) (Privacy Act), including additional powers for the Office of the Australian Information Commissioner (OAIC), and tougher penalties for misuse of personal information.

The Attorney-General stated that the Privacy Act required updating in response to the recent boom of online companies trading in personal data.  The amendments are intended to protect Australians (especially children) using the Internet, ‘without impeding the continued innovation and development of companies working in the online space.’

Big dollars at risk for not being discreet

The new regime will increase the maximum penalties for misuse of personal information by entities covered by the Privacy Act, from $2.1 million for serious or repeated breaches, to the greatest of:

  • $10 million
  • three times the value of any benefit obtained through the misuse of information
  • 10% of a company’s annual domestic turnover

The updated penalties will bring Australia more in line with the General Data Protection Regulation (GDPR) penalty regime, under which the maximum penalty for a company’s breach of privacy is €20 million or 2% of that company’s annual global turnover.

Personal information is misused if it is used by an APP entity for a purpose that is not permitted by the Privacy Act.  Misuse may be deliberate or accidental invasions of privacy; common examples are the collection or disclosure of private information about an individual, without the individual’s consent (as required under the Privacy Act).

The penalties will apply to multinational social media and online platforms operating in Australia, including tech giants Google and Facebook.  For some companies, fines under the new laws may exceed $100 million.

OAIC given the key to procure cooperation  

The OAIC will be given powers to issue infringement notices for failure to cooperate with efforts to resolve minor breaches.  Backed by new penalties of up to $63,000 for companies, or $12,600 for individuals, it is hoped these powers will encourage collaboration and assistance.

The Government also intends to provide the OAIC with more options to ensure breaches are addressed, via third-party reviews, and/or publication of notices about specific breaches, in order to ensure individuals who are directly affected are aware of threats to their personal information.

The recently announced 2019 budget includes a $25.1 million increase to the OAIC’s funding over the next three years, to handle the changes and enforce compliance.  This is on top of the 2018 $12.9 million increase received by the OAIC in relation to the Consumer Data Right regime.

Individuals to be able lock down access to their personal Information

In addition to the above changes, online companies would be required to stop using or disclosing an individual’s personal information upon request.

Specific rules have also been proposed to protect the personal information of children and other vulnerable groups.

Behind the scenes action

It is understood that legislation addressing the above changes will be released for public consultation later this year.  We will continue to monitor developments in this space, and provide updates in due course.


For further information on any of the issues raised in this alert please contact the below team.

This publication covers legal and technical issues in a general way. It is not designed to express opinions on specific cases. It is intended for information purposes only and should not be regarded as legal advice. Further advice should be obtained before taking action on any issue dealt with in this publication.

About the authors

  • Belinda Breakspear

    Partner
  • Matthew McMillan

    Partner
  • Alex Hutchens

    Partner

Hannah Fas
Lawyer

In other news

Branding on trend: Certification of Australian Fashion

10 May 2022Insight

Verification of identity: a refresher

10 May 2022Insight

Categorising land for rating purposes used for both permanent residential and temporary tourist accommodation

4 May 2022Insight

Court of Appeal decision brings welcome relief to local councils

4 May 2022Insight

VIEW ALL NEWS & INSIGHTS

BRISBANE

Level 11, 66 Eagle Street
Brisbane QLD 4000
GPO Box 1855
Brisbane QLD 4001
Tel +61 7 3233 8888
Fax +61 7 3229 9949

 

GET IN TOUCH

    Contact form

    We handle your personal information in accordance with our privacy policy.

    Please do not send us any confidential information. By submitting this form, you agree that our review of the information you submit will not create a lawyer-client relationship between you and our firm (or any lawyer in our firm) and it will not prevent us from representing a party in any matter where the information you submit is relevant, even if that information could be used against you.

    sydney

    Level 32, MLC Centre
    19 Martin Place
    Sydney NSW 2000
    GPO Box 462
    Sydney NSW 2001

    Tel +61 2 8241 5600
    Fax +61 2 8241 5699

     

    GET IN TOUCH

      Contact form


      We handle your personal information in accordance with our privacy policy.

      Please do not send us any confidential information. By submitting this form, you agree that our review of the information you submit will not create a lawyer-client relationship between you and our firm (or any lawyer in our firm) and it will not prevent us from representing a party in any matter where the information you submit is relevant, even if that information could be used against you.

      melbourne

      Level 27, 101 Collins Street
      Melbourne VIC 3000
      GPO Box 2924
      Melbourne VIC 3001

      Tel +61 3 9067 3100
      Fax +61 3 9067 3199

       

      GET IN TOUCH

        Contact form

        We handle your personal information in accordance with our privacy policy.

        Please do not send us any confidential information. By submitting this form, you agree that our review of the information you submit will not create a lawyer-client relationship between you and our firm (or any lawyer in our firm) and it will not prevent us from representing a party in any matter where the information you submit is relevant, even if that information could be used against you.

        follow us

        CLIENT LOGIN

        newcastle

        92 Young Street
        Carrington NSW 2294
        PO Box 394
        Newcastle NSW 2300

        Tel +61 2 4914 6900
        Fax +61 2 4914 6999

         

        GET IN TOUCH

          Contact form


          We handle your personal information in accordance with our privacy policy.

          Please do not send us any confidential information. By submitting this form, you agree that our review of the information you submit will not create a lawyer-client relationship between you and our firm (or any lawyer in our firm) and it will not prevent us from representing a party in any matter where the information you submit is relevant, even if that information could be used against you.

          canberra

          Level 9, 2 Phillip Law Street
          Canberra ACT 2601

          Tel +61 2 6243 3669
          Fax +61 2 8241 5699

           

          GET IN TOUCH

            Contact form


            We handle your personal information in accordance with our privacy policy.

            Please do not send us any confidential information. By submitting this form, you agree that our review of the information you submit will not create a lawyer-client relationship between you and our firm (or any lawyer in our firm) and it will not prevent us from representing a party in any matter where the information you submit is relevant, even if that information could be used against you.

            © 2017 McCullough Robertson. Site map Disclaimer Privacy Policy Statement of Business Ethics Credit Reporting Policy

            X