Senator Paterson on Privacy Act changes
Shadow minister for cyber security and shadow minister for countering foreign interference, Liberal Senator James Paterson says the opposition will be closely monitoring reforms to the Privacy Act to ensure no additional regulatory burden is placed on individuals and businesses.
Recent changes to Australian privacy legislation were recently passed by the government in response to major cyber attacks on Medibank and Optus. These include a significant increase in penalties for individuals and organisations.
He explained that the opposition had proposed a tiered arrangement, where smaller firms pay smaller fines that are appropriate to them, and larger firms pay larger fines.
“Those who are guilty of repeated data breaches bear the greatest responsibility. If they have taken reasonable steps to secure themselves, then they shouldn’t be paying severe penalties. But if you are totally negligent in protecting data, then further penalties should follow,” Mr Paterson said.
“We will be watching very closely the broader Privacy Act reforms that the government is contemplating in light of the attacks against Optus and Medibank. It will be important to ensure a balance is struck on not creating too much of a regulatory burden and adequately protecting our privacy.”
In May this year, the Federal Court made a ruling against the Australian Financial Services Licence (AFSL) holder RI Advice, which was found to have breached the Corporations Act by not having adequately addressed its cyber risks after several security breaches.
The case was brought by the Australian Securities and Investments Commission (ASIC), which alleged RI Advice did not have adequate documentation and controls in place to adequately manage cyber risks.
This was the first case of its kind in Australia where statutory obligations for AFSL holders were identified under the Corporations Act in relation to cyber security.
“Although no penalties were handed out by ASIC in this case, the Federal Court could have ordered a more severe penalty,” he noted. “The next AFSL holder to find themselves in a similar position to RI Advice may not be able to escape a penalty,” said James Makowiak, senior associate in DLA Piper’s litigation and regulatory practice.
“Cyber security risks will only increase into 2023,” he said. “We can be confident [that] major data breaches will continue to occur.
“The federal government is progressing its reform agenda, but now with greater haste.”