Changes to Australia’s Privacy Act: Overview and Preparation Checklist

In the wake of the recent wave of high-profile data breaches at Optus, Medibank and MyDeal, the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 was passed by Federal Parliament on 28 November 2022. The Attorney-General referred to the data breaches as having highlighted ‘the potential to cause serious financial and emotional harm to Australians’ and that the Bill sends a clear message that the government takes privacy, security and data protection seriously. Penalties have been significantly increased under the Privacy Act 1988 (Cth), and the Privacy Commissioner now has increased powers to resolve privacy breaches. The Notifiable Data Breaches Scheme has also been strengthened. Increased penalties Penalties for a serious or repeated breach of privacy have significantly increased from a maximum of $2.22 million to not more than the greater of: $50 million; three times the value of any benefit obtained through the misuse of the information; or, if the value of the […]