Data Protection - Tougher Penalties for Serious Data Breaches

Written By

emma croft Module
Emma Croft

Senior Associate
Australia

I am a senior associate in our Dispute Resolution Group in Sydney, specialising in media and technology disputes, commercial litigation and privacy and cybersecurity advisory work.

On 22 October 2022, the Australian Government announced that it will introduce legislation next week to significantly increase penalties for repeated or serious privacy breaches.

The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 (Bill) will increase maximum penalties for serious or repeated privacy breaches under the Privacy Act 1988 (Cth) (Act) from the current $2.22 million penalty to whichever is the greater of:

  1. $50 million;
  2. three times the value of any benefit obtained through the misuse of information; or
  3. 30% of a company’s adjusted turnover, during the breach turnover period if the court cannot determine the value of the benefit under (b).

The “breach turnover period” will be the longer of either:

Full article available on Disputes +

Latest insights

More Insights
Curiosity line teal background

China Cybersecurity and Data Protection: Monthly Update - May 2025 Issue

May 26 2025

Read More
featured image

Neurotechnologies Under The AI Act- Where Law Meets Science

9 minutes May 13 2025

Read More
featured image

Saudi Arabia: Public consultation on draft changes to the Data Protection Regulations

6 minutes May 08 2025

Read More