What are the penalties for non-compliance with any applicable data protection laws?
Noncompliance with Data Privacy Laws and Data breaches may lead to sanctions, fines, and penalties. The amounts are usually calculated according to the risk to which personal rights were exposed and the preventive measures taken by the data controllers, processors and sub-processors in relation to their respective role in the chain of personal data processing.
In Australia, if there is a serious or repeated breach of Australia’s Privacy Principles (APPs), the Office of the Australian Information Commissioner may commence proceedings to seek a civil penalty against the entity. Entities may also be required to compensate affected individuals for loss or damage (including emotional harm).
While penalties can be up to AU $2.1million, there have not yet been any such proceedings since the penalty provision was introduced into the Privacy Act in 2014. Disclosure or unauthorized use of employee Tax File Numbers can also result in penalties including imprisonment and monetary fines under the Taxation Act 1953.
Although not officially a fine, the Fair Work Act 2009 includes a presumption in favor of a person who makes wage-related allegations in a court proceeding where the employer has failed to meet record-keeping and pay slip obligations or, failed to make records available for inspection.
HR Best Practices: Before processing personal data make sure to take the necessary data security and record retention measures to ensure the validity and protection of records within your organization.