Australian data breaches could lead to $86 billion in fines if prosecuted

As OAIC reports 539 more breaches during 2020, penalties put a price on their psychological harm.

cso security hacker breach shadowy figure with briefcase by jordidelgado getty images 2400x1600px
Jordidelgado / Getty Images

A landmark Office of the Australian Information Commissioner (OAIC) fine on the Department of Home Affairs, handed down after an investigation into a February 2014 data breach, suggests that the 539 data breaches reported during the second half of 2020 alone could cost compromised businesses billions of dollars in fines—$86 billion, in fact—on top of the direct damages and business interruption.

In a data-breach environment where penalties have been few and far between, the Home Affairs fine marks a significant step by putting hard dollar figures on the cost of a data breach, which continue to plague Australia, both within government and across businesses.

Extrapolated to the figures contained in the OAIC’s latest statistics on the operation of Australia’s Notifiable Data Breaches (NDB) regime, the figures suggest that just the fines for the data breaches—as separate from their impact on the operations of the compromised businesses—would be substantial if affected individuals were compensated in a similar way.

Calculating the fine for a data breach

Under the terms of a formal OAIC determination, the Department of Home Affairs was ordered to pay anywhere from $500 to more than $20,000 to each of 1,297 asylum seekers whose identities were compromised when the department accidentally published their details online.

To continue reading this article register now

8 pitfalls that undermine security program success