The Albanian government will crack down on companies for serious or repeated privacy breaches under new legislation to be introduced next week.
Companies that fail to protect sensitive data will face huge fines under laws the Albanian government plans to introduce.
The legislation significantly increases the current penalty for serious or repeated breaches from $2.22 million to the greater of $50 million, 30 percent of the company’s turnover for the relevant period, or three times the value of any benefit derived from the stolen data.
The bill, which will be introduced to Parliament next week, comes in the wake of the massive Optus data breach and cyber attack on private health insurer Medibank.
Attorney General Mark Dreyfuss said the government is committed to strengthening privacy laws.
“I look forward to the full support of this bill, which is an important part of the government’s agenda to ensure Australia’s privacy system can meet the new challenges of the digital age,” he said.
Mr Dreyfuss said the changes to the legislation reflected the expectations of Australians about their right to have their personal data protected.
The legislation will strengthen the Australian Information Commissioner’s powers to deal with privacy breaches and expand information sharing with the Australian Communications and Media Authority.
The notifiable data breach scheme will be expanded so that the commissioner has a full picture of compromised information to be able to assess the risk of harm to people.
A review of the Privacy Act will be completed by the end of this year with recommendations for further reforms.