Like in many countries, Australia has been experiencing an increase in cybersecurity incidents. The Australian Cyber Security Centre (ACSC) received over 76,000 cybercrime reports during the 2021-2022 financial year, an increase of nearly 13% from the previous year.
In addition, the ACSC indicated 95 cyber incidents impacted critical infrastructure last fiscal year. Recent incidences and the sounding of the alarm by the ACSC has prompted the Australian government to act. On November 28, 2022, parliament approved the Australian government’s Privacy Act (aka privacy penalty bill), which will enforce increased penalties to companies failing to take adequate care of customer data resulting from repeated or serious privacy breaches.
The recently announced bill increases the maximum penalties from the current A$2.22 million penalty up to whichever is greater: “$50 million; three times the value of any benefit obtained through the misuse of information; or 30% of a company’s adjusted turnover in the relevant period.”
It’s important to note that this new law will not only apply to Australian companies but to any organization doing business in Australia, whether personal information is collected or not.
“This is a massive step in the right direction. We’ve seen cyber incidences increase all over the world, and we don’t expect it to ease,” says Jayce Yeo, regional director for CSC’s APAC region. “Our recent Domain Security Report shows that even the largest companies, in this case, Forbes Global 2000, are still overlooking full implementation of foundational domain security measures. In today’s day and age, this is just not good enough. So, for the Australian government to step in and approve this bill shows how important adequate security measures are for its citizens as well as companies and organizations.”
Like the General Data Protection Regulation (GDPR) in Europe that went into effect on May 25, 2018, this new law will bring a new level of security regarding the personal information of consumers in Australia.
The review of the Privacy Act is still ongoing, yet in light of a strong reaction of the Australian prime minister and its government, those new legislations will likely be introduced much faster than expected. Therefore, organizations need to stay informed and make sure they’re ready to stay compliant and not risk any penalties.
To assess your security hygiene and brand protection, download the domain security recommendations to safeguard your domains and brands from online abuse and fraud. For a more in-depth consultation, please reach out to your CSC representative.