The Albanese government will crack down on companies for serious or repeated privacy breaches under new legislation to be introduced next week.
Companies failing to protect sensitive data will face huge fines under laws to be introduced by the Albanese government.
The legislation massively increases the current penalty for serious or repeated breaches from $2.22 million to whichever is the greater of $50 million, 30 per cent of the company's turnover in the relevant period, or three times the value of any benefit gained from the stolen data.
The bill, to be introduced to parliament next week, comes during the fallout of the massive Optus data hack, and a cyber attack on private health insurance provider Medibank.
Attorney-General Mark Dreyfus said the government was committed to strengthening privacy laws.
"I look forward to support from across the parliament for this bill, which is an essential part of the government's agenda to ensure Australia's privacy framework is able to respond to new challenges in the digital era," he said.
Mr Dreyfus said the legal changes reflect the expectations Australians have about their right to have their personal data protected.
The legislation will beef up the powers of the Australian Information Commissioner to resolve privacy breaches, and bolster information sharing with the Australian Communications and Media Authority.
The notifiable data breaches scheme will be boosted to ensure the commissioner has a complete picture of the information compromised, to be able to provided a risk assessment of harm for people.
A review of the Privacy Act will be completed by the end of this year, with recommendations to be handed down for further reforms.
