Steve Georganas (Adelaide, Australian Labor Party) Share this | Hansard source

Australians have been rocked by two of the biggest data breaches and cybercrimes our country has seen, that is, Optus and Medibank, in the last few weeks. They happened so quickly and in such close succession that it has left people feeling even more vulnerable than before. Firstly, to the millions of Australians who have been affected by these data breaches: I express my sympathies and can understand the angst that you're feeling. It has been a difficult and worrying time for everyone. But I would also like to assure you that this government is doing everything to ensure that your personal information is better protected. This is more important than ever before. Just last week, the Australian Cyber Security Centre's Annual threat report, as we heard from the member for Fisher, found that a cybercrime is being reported every seven minutes in Australia. The report also showed an increase of 13 per cent in cybercrime in the previous year—and that was even before the Optus and Medibank issues occurred.

This is a very serious problem, one that exists in part because of inaction of the previous government over the past decade. Our existing privacy laws were left hopelessly outdated by the former government and they are not strong enough to ensure that our companies adequately protect the private information of Australians. If this can happen to Optus and to Medibank, two of the biggest company organisations in Australia, imagine what could happen to our smaller firms, our NGOs and smaller companies that maybe don't have the same resources that these two big companies have.

In comparison to the former government, this Albanese Labor government has reacted quickly, resolutely and with force to the recent attacks. We have wasted absolutely no time introducing legislation that will significantly increase penalties for these serious or repeated data breaches. Currently the maximum fine is $2.2 million. Let's face it: that is a pittance for some of these big companies. It really is not a deterrent; $2.2 million is peanuts. We need penalties that ensure that corporations storing Australians' data feel the full weight of responsibility and obligation to look after it properly. It is their responsibility to look after it properly, and Australians deserve nothing less. Therefore, the penalties we're proposing will be up to $50 million or three times the turnover for the relevant period. That could mean, for a large corporation, fines in the orders of hundreds of millions of dollars. We need a deterrent. Such fines are much harder to ignore and will act as a significant incentive for companies to take their data-protection obligations extremely seriously.

This bill I'm talking about will also give the Information Commissioner additional powers to make companies comply with their obligations to protect our data. As I said, when they store our data, our personal information, they have an absolute responsibility to ensure that it's stored properly. The bill will equip the Australian Information Commissioner and the Australian Communications and Media Authority to have greater information-sharing powers. But our efforts won't stop there because this is a serious problem. In addition to the legislation, the Albanese Labor government is undertaking a comprehensive review of the Privacy Act. This review is expected to be completed this year and will contain a raft of recommendations for further reform.

Australians can have faith in this government's commitment to ensuring that their data and personal information are protected. That is the starting point: their information must be protected. While there is no doubt that the world has changed, there is also no doubt that governments and businesses must adapt to this new threat—and it is a threat. One attack every seven minutes is a serious threat. It's not just Optus and Medibank; many organisations have been attacked by cyberthreats et cetera. This is precisely why this government is putting legislation in place to protect Australians' private details. It's also precisely what the previous government failed to do. Unlike them, we understand that, when Australians hand over their personal information, they have a right to expect it will be protected.

See this speech in context