Australia's privacy watchdog should be given additional powers to better handle major data breaches, a department report to government has recommended.
Subscribe now for unlimited access.
The report from the Attorney-General's Department, which was handed to top law officer Mark Dreyfus before Christmas last year, proposes a series of adjustments to overhaul privacy laws following major cyber incidents at Optus and Medibank last year.
The federal government passed tough new penalties increasing the fines against companies who fail to comply with privacy requirements from $2.2 million to either $50 million, 30 per cent of a company's turnover during the affected period, or three times the value of any benefit gained through the information misuse.
But Mr Dreyfus flagged a wider-ranging review would look at any holes across the entire regime.
The review, released on Thursday, recommends giving new powers to the Office of the Australian Information Commissioner to undertake public inquiries and reviews into matters on the approval or direction of the Attorney-General.
It would also amend rules forcing companies to notify the privacy watchdog's office within 72 hours of a possible data privacy infringement.
The recommendations form just two of a total of 116 proposals put to the Albanese government for consideration by the department.
READ MORE:
Mr Dreyfus, who last year said steep privacy penalties are "not enough" to stop major breaches, will now consider the proposals put forward.
"The Australian people rightly expect greater protections, transparency and control over their personal information and the release of this report begins the process of delivering on those expectations," Mr Dreyfus said in a press release.
"The government is now seeking feedback on the 116 proposals in this report before deciding what further steps to take."
Major data breaches against health insurer Medibank and telco Optus last year are estimated to have affected millions of Australians.
Medibank revealed it had received messages from alleged hackers claiming they had obtained customer data, including names, addresses, dates of births and Medicare and phone numbers.
Following the breaches, Home Affairs Minister Clare O'Neil announced the creation of an international counter-ransomware task force to be chaired by Australia.
We've made it a whole lot easier for you to have your say. Our new comment platform requires only one log-in to access articles and to join the discussion on The Canberra Times website. Find out how to register so you can enjoy civil, friendly and engaging discussions. See our moderation policy here.