The irony of this new " governing body is that its all after the fact,after all the information is slurped!.
Fines are required if they do not pass the regulatory standards and a A breach of standards
is required, if there were any for private companies who don't fit into the existing standards framework,which is really thousands of AU businesses and websites.
More emphasis is required in the pre-emptive policies of the infosec industry standards for AU and a Governance and Audit framework ( not SOX or COBIT -slight fail) for Australian Companies ,small and large who hold or present Internet data to the public.
As with vehicle manufacturing and AU regulation safety standards a new Governing Standard is required for all Internet hardware imported or manufactured in AU,there is none at present.
Imported routers as we know are riddled with issues ,even the best of them ( Cisco) but a look at all the others shows shellcode,dns and insecure wireless OOT Box along with other issues which pose a massive instant risk of data disclosure when powered on and a business network is connected.
Specific standards ( regulations)are required in the AU place for all SQL and DB's that are Internet facing ,there should be a minimum standard NOW ,with bi-yearly reviews or testing executed as is done for high risk vehicles such as trains,buses,and the trucking industry.
The DOD regulation standard should be a minimum regulation standard,with higher standards for data retention companies ,and those storing full profiles or information on persons ,such as the health Industry ,CPA's and the private company loan market.