Data and Privacy Reforms: What the Optus data breach means for your business

Optus is facing two potential class actions after it was the subject of Australia’s largest ever data breach, with the personal information of millions of customers hacked and stolen.

As a result the Government is promising swift and deliberate action on data and privacy laws, a reform that has been on the legal and political agenda and desperately needed for some time. In fact, the Privacy Act Review Discussion Paper was released in October 2021 and received hundreds of submissions on the subject of digital legislative data reform, submissions which are still under review by the Attorney General’s Office.

One proposal is to increase the maximum penalty for breaches of the Privacy Act 1988 (Cth) from a little over $2 million to the greater of $10 million, three times the benefit of the misconduct or 10% of the organisation’s domestic annual turnover. For Optus, this would mean a fine of $780 million. What would it mean for your business? (Note that fines of this magnitude are unlikely to be applied to small businesses who are currently exempt).

The Privacy Act sets out 13 Australian Privacy Principles that organisations must adhere to in the collection, use, storage and management of their clients’ personal information and data. Do you know your obligations in respect of the client and customer personal information that you collect through your business? Do you have appropriate safeguards in place to protect that data? Do you have an up to date and legally compliant privacy policy for your customers?

If not, Lang Legal can assist. Contact us for a no obligation discussion today.