Australian Federal Government’s updated privacy penalty bill is approved by Parliament

Legislation that penalises companies that fail to adequately protect customer data has been passed.

From the Attorney-General’s Media Release: The Privacy Legislation Amendment Bill 2022 increases the maximum penalties for serious or repeated privacy breaches from the current $2.2 million penalty to whichever is the greater of:

  • $50 million;
  • three times the value of any benefit obtained through the misuse of information; or
  • 30 per cent of a company’s adjusted turnover in the relevant period

The Australian Information Commissioner is also granted greater powers to resolve privacy breaches, as well as the ability to quickly share information about data breaches to help protect customers, as a consequence of the Bill’s passing.

Recent high-profile breaches have exhibited that what safeguards exist right now are “outdated and inadequate.” The reforms that the Bill outlines make it clear to companies that they will be penalised for a major data breach, and that a data breach occurring at a firm can no longer be regarded as the cost of doing business.

What does this mean for accounting firms?

While the strengthened measures around data breaches have come after recent high-profile breaches (most notably Medibank and Optus), this is an indication that Australia is emphasising how consumer and client data are being secured.

For accounting firms, this Bill is a reminder that protecting client data is an obligation they need to uphold in order to remain compliant with the law.

What can accountants do to secure client data?

  1. Ensure email systems are secure. This includes protecting email inboxes with spam filtering and email quarantine systems, as well as core security measures like MFA enabled and setup. Access management is also critical, controlling how your employees access their work email, which mailboxes they can access and how user onboarding and offboarding processes are managed.
  2. Have an identity access management solution in place. Going beyond password managers, using an identity access management tool not only lets business owners have control over how employees are accessing sensitive applications (like bank logins), but employs a myriad other security measures around cloud apps.
  3. Have policies around cybersecurity and make sure employees are aware of these policies. Never assume that employees know what to do or what not to do when it comes to security. Make sure they are aware of the policies and measures your firm is taking to protect client data.

At Practice Protect, we have a holistic cybersecurity solution that over 20,000 accountants worldwide use to secure their data. Talk with our team to learn more.