Scams down in Australia, while NZ eyes data breach penalties

Published on the 14/03/2024 | Written by Heather Wright

National Anti Scam Centre

Aussie scam crackdown pays dividends, Kiwi privacy commissioner calls for civil penalty regime…

Reported losses to scams in Australia were down nearly 42 percent in December on the back of the National Anti Scam Centre, but consumer watchdog the ACCC says there’s still plenty of work to be done.

Gina Cass-Gottlieb, Australian Competition and Consumer Commission chair, says $25.2 million in losses were reported to Scamwatch in December, down from $41.3 million a year earlier.

“Some agencies do not care about privacy as they know there are no significant financial penalties.”

“This represents the sixth straight month of declining losses in Scamwatch reports,” Cass-Gottlieb said during a speech at the Committee for Economic Development of Australia (Ceda).

The reduction follows the launch of the National Anti Scam Centre last year. NASC – dubbed ‘the first line of defence in the fight against scammers – brings together key parties within government, law enforcement and the private sector including banks, telcos and digital platforms, to disrupt scammers, raise consumer awareness and provide assistance to scam victims.

Launched last July, it’s part of an $86.5 million package to crack down on scams.

The first ‘fusion cell’ – a taskforce designed to disrupt a specific scam – was focused on investment scams which account for more than 50 percent of all scam losses and cost Australians over $1 billion a year.

Assistant Treasurer and Minister for Financial Services Stephen Jones hailed the early success of the initiative late last year, with NASC’s first quarterly report showing a 16 percent drop in scam losses. Investment scams were however, only down six percent, with romance scams declining by 28 percent.

In January, NASC was credited with saving one consumer from an imposter bond scam to which they were about to transfer $300,000 to invest savings in a term deposit.

“Together with ASIC, banks, digital platforms and the telecommunications industry, this fusion cell has referred over 800 offending websites for takedown,” Cass-Gottlieb says.

It continues to actively share intelligence with law enforcement and the private sector to disrupt scams, she adds.

Cass-Gottlieb says work will continue and build on those early steps.

“All of this is positive, but the job is far from done and a whole of ecosystem legislative framework with mandatory, enforceable codes remains critical to ensure Australia becomes the world’s hardest target for scammers.”

Scams, in particular investment scams, were a focus in the Q3 2023 Cert NZ report – the most recent to be released – but the news for Kiwis wasn’t so positive with scams and fraud up 32 percent for the quarter.

The report shows Cert received 11 reports where individuals lost over $100,000 to investment scams. All up it received 626 reports of scam and fraud incidents.

NZ Privacy Commissioner calls for civil penalty regime

Meanwhile in other Kiwi eSafety news, New Zealand Privacy Commissioner Michael Webster has called for greater penalties for data breaches including a civil penalty regime for major non-compliance.

His call comes on the back of two major research pieces showing support, including from businesses, for higher penalties for breaches.

Kordia’s New Zealand Business Cyber Security Report 2023 found 58 percent of business leaders believe an increase in legislation and regulatory guidance would improve cyber security, while almost three-quarters think New Zealand should introduce harsher penalties for those businesses which fail to protect personal data.

A Talbot Mills Research survey also found support for higher penalties, with 60 percent of those surveyed saying current fines under the NZ Privacy Act were not high enough.

Webster says he’s concerned businesses and other organisations rely on digital environments but aren’t well set up to run them safely.

“The degree of privacy maturity and cyber security practice is not as developed as I would have expected, which says to me that people aren’t always motivated to comply with legislation that protects data, like the Privacy Act,” he says.

The maximum fine which can be handed to an organisation not adhering to a compliance order from the Privacy Commission is just $10,000.

“Compare that to Australia where their maximum fine for serious interference with privacy is $50 million and you begin to see the issue,” Webster says.

But Webster isn’t just keen to see businesses step their games up. He took aim at government agencies in his Briefing to Incoming Minister of Justice Paul Goldsmith, saying many agencies are not taking the steps necessary to safeguard personal information, contributing to a 79 percent increase in privacy complaints and a 59 percent increase in serious privacy breaches occurring between 2021-22 and 2022-23.

“These breaches are directly harming individuals, whether financially and/or emotionally, are costly to agencies, and are undermining trust in government and institutions,” the BIM says.

“Our investigations into privacy breaches have shown that some agencies do not care about privacy as they know there are no significant financial penalties – contributing to serious cybersecurity risks.”

The briefing calls for modernisation of the Privacy Act, which is currently based on policies agreed in 2013, and better resourcing of the regulator.

“The Privacy Act is increasingly out of alignment with like-minded countries who have been prioritising privacy reform,” the commission says.

Falling behind global privacy regulatory approaches could impact on New Zealand’s technology sector and place in the global data economy, it adds.

“We currently benefit from European Union ‘adequacy status’, a formal recognition of our privacy protections that supports the low cost transfer of personal information and reduces regulatory barriers.

“Privacy experts have commented that if we do not keep up with global privacy standards there are risks to this formal recognition and potential perceptions that we may no longer be one of the safest places to process personal information.”

The document reiterates calls for a civil penalty regime for major non-compliance, to be introduced alongside new privacy rights to enable Kiwis to better protect themselves.

Stronger requirements for automated decision making and agencies demonstrating how they meet privacy requirements should also be established, it says.

Post a comment or question...

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Thank you! Your subscription has been confirmed. You'll hear from us soon.
Follow iStart to keep up to date with the latest news and views...