Increased penalties under the Privacy Act

On 25 March 2019, the Federal Government announced plans to increase penalties for breaches of Australia’s privacy laws. Legislation is being drafted for consultation in the second half of 2019.

Although targeted at social media platforms, the new increased penalties will affect all entities required to comply with the Privacy Act 1988 (Cth) (‘Privacy Act’).

What are the increased penalties?

The amendments to the Privacy Act will increase penalties for breaches from the current maximum of $2.1 million for serious or repeated breaches to the greater of either:

  • $10 million;
  • three times the benefit obtained from the misuse of information; or
  • 10% of a company’s annual domestic turnover.

The Office of the Australian Information Commissioner (OAIC) will be backed by a broader enforcement power and larger financial penalties for lack of compliance with minor breaches:

  • up to $63,000 for corporate bodies; or
  • $12,600 for individuals.


How does this affect your business?

This is a timely reminder for businesses to get their privacy practices up to scratch.

If your business:

  • has an annual turnover of $3 million or more; and/or
  • collects information relating to an individual’s health (regardless of turnover); or
  • routinely discloses personal information to third parties (regardless of turnover),

but does not have a Privacy Policy or Data Breach Policy in place, it is time to contact Freya Sinickas.