Australia will once again have a dedicated privacy commissioner, a move it says is necessary amid growing security threats.
The move follows a year of high-profile breaches that compromised the personal data of millions in the country.
“Australians rightly expect their privacy regulator to have the resources and powers to meet the ongoing challenges of the digital age and protect their personal information,” said Australian Attorney-General Mark Dreyfus in a statement on Wednesday.
He described the past year’s “large-scale” data breaches as “distressing” for local residents and said such incidents put users at risk of identity fraud and scams.
Dreyfus said the appointment of a dedicated privacy commissioner would help deal with growing data security threats, and the increasing volume and complexity of data privacy issues.
The move will reinstate a role that was in place before the previous administration, under John Abbot’s Liberal Party, sought to abolish the Office of the Australian Information Commissioner (OAIC) as part of cost-cutting measures.
The administration failed to secure the necessary legislation to do so. But during the interim, OAIC lacked sufficient funds to support its operations, which eventually led to the roles of the privacy and information commissioner being folded into one.
Angelene Falk currently double-hats as both the country’s information and privacy commissioner.
The latest move will restore OAIC to its original structure, with a trio of commissioners, including one for freedom of information, the OAIC said in a statement supporting the appointment.
Dreyfus said: “The former Liberal Government left Australia disgracefully unprepared for this challenge [of growing security threats] by failing to strengthen privacy laws, and scrapping the position of a standalone privacy commissioner.”
He noted that the current administration, under Anthony Albanese’s Labour Party, recognised the importance of privacy regulation and had increased penalties for companies that failed to properly safeguard customer data.
“The Australian people rightly expect greater protections, transparency, and control over their personal information,” he added.
Falk will remain as OAIC head and information commissioner, and continue to serve as privacy commissioner, until an appointment is made.
The Australian government passed legislation last November to increase financial penalties for data privacy violators. It pushed up maximum fines for serious or repeated breaches to AU$50m ($32.34m), from AU$2.22m ($1.49m), or three times the value of any benefit obtained through the data misuse, or 30% of the company’s adjusted turnover in the relevant period, whichever is greater.
Medibank revealed a security incident in October 2022 that compromised the data of 9.7 million current and former customers, including 1.8 million international customers. After the health insurer refused to pay ransom demands, hackers dumped large batches of data on the dark web, claiming the files contained all the data they took in the heist.