BACK TO RESOURCES

Australia’s Cost of a Data Breach in 2024

By Katelin Chadwick
Mar 11, 2024

Summary

3 min
  • September 2023 | The Australian Government agreed to 38 of 116 recommendations, which will now be drafted into the Privacy Act in 2024
  • Organisations must prepare for potentially more substantial, long-term changes
  • Privacy responsibilities are shifting from individuals to organisations; businesses will be expected to comply

Australia’s Data Privacy Landscape is EVOLVING QUICKLY

It should come as no surprise that of the recent high-profile breaches in Australia, health service providers, financial (inc superannuation), and recruitment agencies came out as the top three targeted industries between January and June 2023, according to OAIC.

In February 2023, the Australian government released the two-year review results of the 1988 Data Privacy Act. Attorney General Mark Dreyfus responded in September, agreeing to 38 of the 116 recommendations and a further 68 ‘in principle’. This long-awaited review seems to come just in the nick of time for IT professionals concerned with data protection and compliance. These breaches have caused a significant impact on businesses’ brand reputation and loyalty, with many customers choosing to move to competitors. As a result, customers are demanding more autonomy over their data and how it is used and are even more likely to switch to competitors.

“By 2024, modern privacy regulation will blanket the majority of consumer data, but less than 10% of organizations will have successfully weaponized privacy as a competitive advantage.” — Gartner

Australia's compliance landscaping is changing -- so should your data protection | Protegrity

The Cost of A Data Breach In Australia

Not considering the reputational cost or the loss of customers and business due to a data breach, the fines applicable to organisations experiencing serious or repeated privacy breaches can be considerable. According to the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, fines can be whichever is the greater of:

  • $50 million
  • 3x the value of any benefit obtained through the misuse of information
  • 30% of a company’s adjusted turnover in the relevant period

While it may seem like a huge operational burden to manage and control your data according to these new expectations, doing so brings massive opportunities for your business to grow and innovate more quickly, and win the trust of more customers.

Four Data Privacy Implementation Considerations in 2024

  1. DATA PRIVACY IS AN ORGANISATION’S RESPONSIBILITY
    Protecting individuals’ data held by your business is now considered 100% your responsibility. Data privacy should be seen as a business priority, and many of the Data Privacy Review’s ‘agreed in principle’ recommendations are worth adopting now.
  2. DATA PRIVACY UNDERPINS CYBER SECURITY
    Data breaches keep board leaders awake at night, but data privacy technology can reduce the usefulness of any data to cybercriminals, even if it is leaked.
  3. TAME THE ‘UNTAMABLE BEAST’
    Enterprise IT stacks are sprawling and unwieldy, with credentials and access points often living in silos. Effective data privacy starts by gaining visibility into the whole environment, then centralising and streamlining control.
  4. PROACTIVE DATA MANAGEMENT WILL DRIVE BUSINESS VALUE
    Data shouldn’t be seen as a burden but as a key asset for an organisation. Protecting data, especially as it flows between countries and partners, should be given so that businesses can focus on leveraging this data to achieve a competitive edge.

“The third-party appraisals of their [United Airlines and American Airlines] data suggest that it is worth two to three times more than the market value of the companies themselves.” — Forbes

How Can Protegrity Help?

Protegrity’s Data Protection Platform allows you to think bigger picture with your data, while also taking care of all the compliance basics. It works by centralising policy, audit, logging, and monitoring to secure sensitive data. Its centralised policy enforcement then enables you to embed data protection for data in motion, at rest, and in use while allowing you to secure specific data types with the full range of protection methods and secure data sharing they require.

Contact us today to find out how we can help you comply with these new regulations.

For more information, head to our website today.

Recommended Next Read