The financial penalty imposed on companies that suffer serious or repeated privacy breaches will be increased to at least $50 million.

The current penalty is $2.2 million and the federal government believes that is insufficient given massive cyber-attacks on Optus and Medibank Private in recent weeks.

Attorney-General Mark Dreyfus will fast-track amendments to the Privacy Act when federal parliament returns next week

"When Australians are asked to hand over their personal data they have a right to expect it will be protected," Mr Dreyfus said.

"Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate.

"It's not enough for a penalty for a major data breach to be seen as the cost of doing business."

The proposed legislation would see the fine for "serious or repeated privacy breaches" increased to either $50 million, three times the value of the benefit obtained through misuse of data, or 30 per cent of a company's adjusted turnover in the relevant period.

The fine would be whichever value is the highest.

Opposition wants jail terms for cyber extortion

The federal opposition has already called for tougher penalties in response to major cyber incidents.

Last month, shadow home affairs minister Karen Andrews also proposed new offences for cyber extortion that would carry a maximum 10 years imprisonment.

Earlier this week, Medibank admitted the personal data of some of its customers – including names, addresses, Medicare numbers and phone numbers – had been stolen in a cyber-attack.