Automotive dealerships that do not adequately protect the private data of customers through the process of buying and selling a vehicle could face penalties of up to $50 Million under an amendment to a law passed by the Australian government.
Significant privacy breaches in recent months have shown existing safeguards are outdated and inadequate. These reforms make clear to companies that the penalty for a major data breach can no longer be regarded as the cost of doing business.
Government Press Release
AutoSettle, an Australian based fintech company, has been warning about the dangers of outdated practices when it comes to protecting a customer’s personal data throughout the journey of buying or selling a car.
Research into the current ways of doing business has found instances where a customer’s driver’s licence is photocopied and copies not secured or destroyed.
Through consultation with the Automotive industry, AutoSettle is developing a best-of-breed platform backed by Digital Identity and next-generation payment technology to secure data from end to end.
At the recent Australian Automotive Dealer Association (AADA) conference, we spoke with several large dealership groups who know they need to be more vigilant in the handling of customer data. The penalties in this legislation compel dealers to make more of an effort to ensure data is protected from breaches or potentially be put out of business. We are working closely with the industry to build customer data protection into the process via the AutoSettle platform.
Darren Pollard, COO AutoSettle
Privacy breaches have been reported across many industries in Australia, including the automotive space. Existing safeguards have been shown to be outdated and inadequate and the government is saying that companies must do better to prevent breaches from happening or face fines.
The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 increases the maximum penalties for serious or repeated privacy breaches from the current $2.22 million penalty to whichever is the greater of: $50 million; three times the value of any benefit obtained through the misuse of information; or 30% of a company’s adjusted turnover in the relevant period.
Read about the changes to the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 on the Attorney General website.