7 November 2022
The Internet Association of Australia Ltd (IAA) today raised concerns that the Privacy Legislation Amendment Bill will not address Australia’s urgent need for data security and privacy protection.
IAA asserts that more so than enforcement measures, the government should focus on encouraging compliance by both increasing its education efforts and mitigating the harm to individuals in the case of a data breach by reviewing its data retention laws so that companies don’t hold unnecessary personal information in the first place.
“Legislative reform is obviously necessary to improve Australian businesses’ security posture and we support the government in this, but we need to really consider what that should entail,” said IAA CEO Narelle Clark. “In today’s context of ever increasing sophisticated online attacks, do stronger enforcement measures effectively address the actual data security issues that we are currently facing? Where is the focus on proper training, consumer redress and harm-mitigation measures? Where’s the guarantee that the revenue from the proposed hefty fines will actually go to redress or training?”
IAA’s submission to the proposed Bill particularly points to the disproportionate effect the increased penalties would have on smaller companies, and the potential to fail in achieving its intended outcome to create incentives for compliance.
“The increased penalties, while reflective of the serious nature of data breaches, suggests that companies are being wilfully negligent of their privacy compliance obligations,” said Clark. “What we see more often is that companies, especially smaller entities, struggle with the complexity of legislative and regulatory obligations. What we don’t want to see is more effort placed in the paperwork associated with privacy, than in actually improving data security. We need incentives to change the culture of data hoarding.”
“We look forward to continue working with government, industry and other stakeholders to ensure a privacy and data security framework that is genuinely effective and best serves all Australians,” said Clark.
The Privacy Legislation Amendment (Enforcement and Other Measures) Bill is currently with the Senate Legal and Constitutional Affairs Committee for review and closed its submission due date on 7 November.