In response to recent data breaches, the Albanese Government wasted little time taking action. They announced, introduced, and delivered legislation in less than a month.
The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 increases the maximum penalties for serious or repeated privacy breaches from the current $2.22 million fine to whichever is the greater of:
- $50 million;
- Three times the benefit obtained through the misuse of information,
- or 30% of the turnover in a business, adjusted for the relevant period.
In addition, the government gave the Australian Information Commissioner more authority to deal with privacy violations and quickly publish or share information about its investigations with other regulators to protect consumers.
The message is clear for large organisations by these new, more severe fines that they must improve the security of the data they collect.
Although this development is excellent, we must pay attention to the specifics in this case. Only “severe or repeated” offenses are subject to the maximum fine, yet the privacy act doesn’t define these phrases in any way. The adjustments won’t be as effective and will be much more difficult to enforce if there is this much ambiguity.
Before we can be sure that the government has made securing Australians’ data a proper priority, there is still much regulatory work to be done, which means a need for a thorough revamp of the methods used to collect, handle, safeguard, and keep data.
While there is still much work to be done before the act effectively safeguards Australia’s data, the modern workplace, consumer behavior, and the complexity and sophistication of the security and danger landscape still need to be addressed by Australia’s Privacy Act and privacy principles.
In 2019 ACCC Digital Platforms inquiry made a range of privacy-related recommendations. Aside from advocating for strengthening protections in the Privacy Act, it also called for broader reform of the Australian privacy law framework. Much of this hasn’t progressed and is another example of stagnant leadership around data protection.
Even with boards and leadership teams taking data governance more seriously in the wake of the recent breaches, current data retention regulations are either completely lacking, confusing or often contradictory.
There’s little reason to invest in effective data governance for Australian organisations or businesses. Even the recently raised fines are still only a drop in the bucket for most large organisations.
There is an easy way to secure your documents and data.
Docuworx’s advice is to make an emergency plan sooner rather than later. Too many incidents happen, and the first reaction is, “What do we do now?” So, take the initiative!
Docuworx can help your organisation implement intelligent document control with artificial intelligence (AI) technology that is traceable and easily shared by all users in a secure environment. The data is stored securely and protected with encryption. Hosted in Australia and backed up in seven data centres.
While there is no standard set in Australia, DocuWare is a document management system from Germany that already complies with stringent European Union standards called GDPR. It is used very successfully around the globe by many institutions like yours, and it’s ready to use out of the box with a minimal set-up fee. DocuWare is GDPR and SOC2-compliant and offers many other benefits.
- Encrypted data for protection
- Data in DocuWare cannot be accidentally erased or deleted.
- DocuWare has workflow automation for AP and HR and many business processes eliminating paper and manual data entries and maximising productivity.
- DocuWare will easily integrate with other systems if required
- DocuWare does not require maintenance or IT infrastructure.
Talk to us to help your data stay safe! Join our short webinar this month to learn more about protecting your organisation’s data and increasing productivity