How Will the Parliament Approved Privacy Penalty Bill Impact Companies?

Privacy Penalty Bill

The Australian business landscape witnessed several data breaches, such as those at Optus Telecom, Latitude Financial, and many others. These breaches were mainly the result of inadequate cybersecurity measures in these organisations. So, to safeguard customers’ interests and protect their data, the Australian parliament stipulated higher penalties for companies that fail to take adequate care of customer data. In fact, the government lost no time in responding to major data breach incidents. Within a month of the much-publicised incidents, the Albanese government introduced the legislation. The higher penalties approved by the parliament are part of the privacy bill that seeks to send a clear message to large companies that inadequate or half measures for cybersecurity will not be accepted. They need to do better to protect the data of their customers.

Known as the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, it raised the maximum penalties for repeated or serious data breaches from the existing $2.22 million to whichever is greater of the following:

$50 million;

3 times the value of the benefit received through the misuse of information;

30 percent of a company’s turnover in the relevant period

The bill vests the Australian Information Commissioner with greater powers to share information about data breaches and resolve them to protect customers’ interests.

Large privacy breaches in the recent past have brought outdated and inadequate cybersecurity safeguards to the fore. The bill makes it abundantly clear that data breaches due to inadequate cybersecurity measures will no longer be tolerated, and companies have to pay the price for not upholding customer interests. Also, the penalties tell companies that they cannot regard them as the cost of doing business anymore.

The Albanese government, through this bill, seeks to protect the personal information of Australians and strengthen the privacy laws. Companies, on their part, should do more to strengthen their cybersecurity infrastructure and preempt the machinations of cyber criminals.

What Should Companies Do to Address Cybersecurity Challenges?

It is important for companies to prioritize cybersecurity and avoid underestimating the threats they face from cyber criminals. To achieve this, they should enhance their security measures, address vulnerabilities, provide workforce training, and adhere strictly to industry regulations. If they find these steps expensive or challenging, they can engage cybersecurity firms like Cybernetic Global Intelligence, a globally accredited cybersecurity company with extensive knowledge and experience in proactively assessing, managing, and mitigating cybersecurity risks.

Cybernetic Global Intelligence offers various services to achieve this, including managed services where cybersecurity specialists perform live monitoring and real-time analysis of threat data. The company can also help businesses obtain ISO 27001 certification and guarantee the security of sensitive information. Additionally, Cybernetic Global Intelligence conducts risk assessments and security audits based on industry standards, providing insights into potential risks and ways to manage or resolve them. Other services include red team testing to enhance cybersecurity measures, consulting for PCI compliance certification, and penetration testing to identify and mitigate vulnerabilities cybercriminals are likely to exploit.


The Australian government is getting tough with companies that do not strengthen their cybersecurity defences. The Privacy Penalty Bill is an answer to the repeated acts of data breaches and sliding customer confidence in companies and institutions. It seeks to restore the confidence of the public by levying higher fines on defaulting companies. Companies should do well to heed the warning and shore up their cybersecurity defences. Also, given the increasing sophistication and frequency of cyber attacks, no company can be considered to be immune from threats as cybercriminals continue to exploit vulnerabilities.

This is where the companies operating in Australia, New Zealand, or the Asia Pacific region need to shore up their cybersecurity infrastructure by hiring the services of a globally accredited cybersecurity firm Cybernetic Global Intelligence. To know more about the cybersecurity company and how it can help companies mitigate cybersecurity risks, call 1300 292 376 or send an email to

Post a Comment