Privacy Breaches: Is the Government Really Doing Enough?

If you’ve seen the news lately, you’ve probably heard about some big-name companies, including Optus and Medibank, being targeted by malicious cyber-attacks, which have resulted in personal customer data becoming compromised.

From financial losses and identity theft to blackmail and extortion, the ramifications of a privacy breach can be enormous for victims—but what is the government doing to tackle the issue and protect Australians?

In a recent interview with Sky News Australia, Calamity Monitoring CEO Daniel Lewkovitz discussed the government’s response to the recent privacy breaches and how effective it’s likely to be at stamping out the problem.

What is the Australian government doing?

The Albanese government recently announced plans to introduce tougher penalties for companies who fail to protect customer data, stating the penalties for repeated or serious privacy breaches would increase dramatically from $2.22 million to whichever is the greater of:

  • $50 million;
  • three times the value of any benefit obtained through the misuse of information; or
  • 30 percent of a company’s adjusted turnover in the relevant period.

The tougher penalties would also be backed by changes to enhance the Australian government’s privacy breach resolution, knowledge and information-sharing powers.

Will this approach solve the problem?

As Mr Lewkovitz highlighted, “governments are very good at overreacting to problems because they have to be seen to be doing something”. While the swift introduction of tougher penalties for companies that fail to protect their customer’s data might make great headlines, it doesn’t necessarily solve the problem.

While the government’s response intends to deter companies from neglecting privacy and data safeguards, this approach fails to recognise that the companies targeted by cyber hacks are, in fact, victims of a crime. In many cases, the changes just further penalise businesses that have already suffered a loss.

What should governments be doing?

Mr Lewkovitz believes that the government needs to make it easier for businesses to protect customer information rather than simply “threatening them with a stick”.

The irony of the current situation is that many of the companies being targeted are required to collect and retain valuable client data in order to comply with government regulations. The government is essentially forcing them to assume an increased level of risk by requiring them to store information that makes them an attractive target.

Rather than dishing out fines each time a business suffers a privacy breach, governments should instead be providing businesses with additional forms of protection as a trade-off for loading them up with this additional risk.

How can you protect yourself as a customer? 

As a customer, the way a business manages your information once you hand it over is largely out of your control. However, you can control how many businesses have access to your personal information by doing two things:

  • questioning whether a business really needs all the information they’re asking for, and
  • requesting businesses dispose of your information once you’re no longer a customer.

Safeguarding your information is essential, as it can be almost impossible to retrieve once leaked.