Following two significant cybersecurity breaches that exposed millions of people to illegal activity, Australia on Saturday recommended stiffer sanctions for businesses that don't protect customer data.
The maximum punishment for recurrent offenses will be raised from the current $1.4 million to $32 million under amendments that will be presented to the Australian Parliament, according to a report from Reuters. In addition, if a company's revenue for a given period surpassed AU$50 million ($32 million), it might be fined the equivalent of 30% of that turnover.
Big firms might be liable for penalties of up to hundreds of millions of dollars, as per Attorney General Mark Dreyfus. It's designed to elicit thought in businesses. It's intended to act as a deterrent to urge businesses to safeguard Australians' data.
Tuesday marks the first day of parliament since the mid-September recess. Unknown hackers have stolen the personal information of 9.8 million users of Optus, Australia's second-largest wireless telecommunications provider since Parliament last met. Data theft has increased the danger of identity theft and fraud for more than one-third of Australia's population.
Unknown cybercriminals claimed to have stolen 200 terabytes of customer data, including medical diagnosis and treatments and demanded ransom from Medibank, Australia's largest health insurer, this week. There are 3.7 million clients of Medibank. According to the business, the hackers have established that they possess at least 100 people's personal information.
The government worries that businesses are holding on to excessive amounts of customer data for far too long in the hopes of making money out of it in addition to failing to safeguard personal information.
In the final 4 weeks that Parliament shall meet this year, Dreyfus expects that the suggested revisions will pass into law. Any new fines won't apply retroactively and won't have an impact on Optus or Medibank.