Written by The introduction of the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022, which took force in December 2022, reflects the shifting public sentiment on privacy and the importance of reforming how confidential information is collected and managed.
The rise in high-profile cyber-attacks has accelerated the need for legislative changes to strengthen and modernise privacy protections. The recent data breach suffered by Optus in September 2022 affected millions of Australians and resulted in exposure of customers’ names, dates of birth, phone numbers, email addresses, and for a subset of customers, their addresses and ID document numbers.
The Act significantly increases the maximum penalty for serious or repeated interference with the privacy of an individual. The maximum penalty for individuals has increased from $444,000 to $2.5 million.
These reforms demonstrate the importance for entities to review their privacy regimes and data governance frameworks.