Organizations found to be responsible for a privacy breach now face a maximum penalty of AUD 50 million, 30% of adjusted annual domestic turnover, or three times the value of any benefit obtained through the misuse of the leaked information.
The announcement has raised questions in some circles as to what the extent of the cyber task force's plans are. "Hacking back" is a very contentious concept that exists in a murky international water of cyber engagement norms and unspoken rules.
Medibank has opted to ignore demands for ransom payments for the recent data breach of about 9.7 million health data records. Criminals have published a fraction of the stolen data on the dark web, including those of high-profile politicians.
Privacy act draft proposes a maximum penalty of the greater of $50 million, three times the value of any benefit obtained through the misuse of information stolen in data breaches, or 30% of the company's annual domestic turnover.
Medibank is Australia’s largest health insurance provider with some 3.7 million customers. In some cases, medical records are among the health insurance policies and the thief had named about 1,000 high-profile or at-risk people.
Following Optus hack, the Telstra data breach appears to be limited to the signup process of a third-party rewards system for company staff, but two telcos losing personal information in two weeks has caused serious concern.
The breach of Optus, the second-largest telecoms company in Australia, created a leak of about 10 million records of personal information. The government says that it is time for new privacy rules.
Optus disclosed a cyber attack that compromised the personal data of up to 10 million Australians with a threat actor initially demanding $1 million and several sources suggesting human error as the cause.
The advertising industry would like to see Australia’s privacy law kept loose enough to allow "legitimate" data collection, a "tech neutral" posture and rules that are no stronger than the ones at play in the EU and UK.
Australia's privacy commissioner has ruled that Clearview AI has violated the privacy of the country's residents, and that means it will be forced to delete its cache of their facial recognition data.










