In 2018 the government introduced the Notifiable Data Scheme which legislated new obligations for Australian Government agencies and private sector organisations that have existing information security obligations under the Privacy Act (Privacy Act 1988 (Cth)) to carry out assessments whenever they suspect a loss of, unauthorised access to, or unauthorised disclosure of personal information that they hold. If a breach is likely to result in serious harm, they must notify affected individuals so they can be prepared for possible consequences. They must also notify the Office of the Australian Information Commissioner (OAIC).

In the first year of the scheme alone there were 964 Notifiable Data Breaches and 60% of these were malicious or from criminal attacks.


Now Parliament has passed a new Bill (The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022) which will see much higher penalties for companies who have data breaches. The maximum penalty for companies committing serious or repeated privacy breaches will increase from $2.2 million to the greater penalty between:
  • $50 million
  • Three times the value of any benefit obtained from the misuse of information
  • 30 per cent of the company’s adjusted turnover in the relevant period of time.
The Bill also increases the maximum penalty for non-corporate entities from $444,000 to $2.22 million.

The Privacy Commissioner also receives new powers under the Amendment which include the power to obtain information regarding a data breach, to share information with other authorities, and to disclosure information when it is in the public interest.

The amendment comes in response to recent high profile cyberattacks, including Optus and Medibank, which have caused serious harm and inconvenience to many Australians.

Cyber Insurance includes cover for the cost of notifying and dealing with a breach and is an essential part of all Insurance Programs in today’s market.

For more information and a quotation, please contact our office.
Back To Top

Leave a Reply

Your email address will not be published.*