Australian companies involved in serious or repeated breaches could face penalties of a minimum $50m under new proposed legislation intended to curb the current plethora of serious data breaches. Attorney-General Mark Dreyfus has been quoted as stating that recent major data breaches at companies, including Optus and Medibank, had shown current measures to be insufficient, while commenting "When Australians are asked to hand over their personal data they have a right to expect it will be protected.". It is expected that these penalties defined in the Privacy Act 1988 will be introduced to parliament within the next month. The proposed changes will not be retrospective. The bill will also provide government entity, the Australian Information Commissioner, with greater information gathering and sharing powers to help resolve privacy breaches.
I trust every company who asks for my name, DOB, current address, previous address, place of birth, medicare number, passport number, credit card numbers, bank account numbers, phone numbers, social media account names, email addresses, significant other's name (Neko Neko Floppy Ears btw), driver's licence, and of course a high resolution scan of the above for permanent safe keeping. Don't you?
(Score: 5, Interesting) by c0lo on Friday October 28 2022, @03:38AM (2 children)
I would set it to $200M and sent a message on the Underpipes - "Hey, hackers, if you are listening, there are serious money to be made from clueless Aussie CEO's. Don't ask for a ransom less that $150M".
I reckon in 6 months, those CEO's will find that:
1. their IT security can be improved enough with lower costs
2. harvesting and keeping heaps of data about their customers is a liability.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Interesting) by Runaway1956 on Friday October 28 2022, @09:46AM (1 child)
We need to get that message out.
(Score: 2) by c0lo on Friday October 28 2022, @10:06AM
Not enough. They need to learn this themselves, otherwise they won't hear the message.
This means there needs to be a lesson (or an entire course with exam at the end) to teach them it's in their interest to abstain from doing it; they don't care about our interest, we are just the merchandise for them.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 4, Insightful) by arslan on Friday October 28 2022, @04:51AM (1 child)
They need to make the fine a % of revenue so it scales based on the company's size. Also include CxO or Board member fines/dismissals cause they're afterall the ones that agree to "cost optimizations" which typically means cost centers have their budget squeezed to increase profit numbers.
Also, double that if a company ever payout ransoms.
(Score: 1) by Mezion on Friday October 28 2022, @10:25AM
Can that be offset by creating other companies that do not earn revenue to hold the information?
(Score: 0) by Anonymous Coward on Friday October 28 2022, @09:49AM
Banks or real estate agents for renting a property maybe, but really?
(Score: 2) by MIRV888 on Friday October 28 2022, @11:21AM
It's in the legal document you glanced at and clicked 'I agree'
There's no need for warrants when you can get everyone to forfeit their privacy willingly.
Google has our best interests at heart.
'I agree'