Australian Authorities Demand that Optus Pay Costs on Massive Data Breach

A legal expert suggests higher fines for companies that don't protect consumers' privacy.

Millions of Australians are scrambling to secure their personal data after a huge cyberattack on Optus, compromising important information such as driver's licenses, passports, etc.

As reported first by news.com.au, a submission against stricter privacy laws rekindled a previous issue from the telco.

Optus said less than two years ago that altering how the business maintained consumer data would result in "substantial compliance costs."

Although experts concur that may be the case, state and federal governments are now demanding that the telco pay the cost to reissue licenses and passports that may have been taken in what may be the worst example of data theft the nation has ever experienced.

Optus To Cut 350 Jobs
MELBOURNE, AUSTRALIA - APRIL 30: A 'Yes Optus' sign hangs outside of an Optus store on April 30, 2014 in Melbourne, Australia. Optus today announced it would cut 350 jobs in the next four weeks. Optus is Australia's second largest telecommunications company Scott Barbour/Getty Images


Tighten Privacy Act

The incident has sparked calls to tighten Australia's Privacy Act, particularly in the area of data retention.

Legal experts are urging Australia to adopt the "gold standard" privacy standards of the European Union, according to news.com.au's report.

Although implementing regulations like the EU's General Data Protection Regulation may incur high costs, according to Tony Song from the University of New South Wales, this will be the best course of action.

Companies could face fines of tens of millions of dollars under the new regulations for failing to protect consumers' privacy, which, in his opinion, is a great incentive to boost compliance and improve controls.

By having these level requirements, the increased penalty would be a tremendous incentive for companies not to be "just plain sloppy", Song said in an interview with NCA NewsWire.

"Ultimately the data breach still could have happened - if a hacker wants to get in, they will get in - but if we had GDPR laws it definitely would have caused Optus to have better systems and better risk management."

Both Prime Minister Anthony Albanese and Attorney General Mark Dreyfus have pledged to introduce urgent measures as soon as possible.

According to news.com.au, the past administration started the process of revisiting the Privacy Act 1988 years ago and requested submissions from interested and affected parties.

However, Optus stated in their 16-page statement that they saw " justification" for significant changes to the Act.

The government's reforms, which have been under development for some time and are mostly based on the GDPR, would be welcomed, according to Song.

But he said that the government should prioritize enforcement compliance since Optus may already violate the Privacy Act's current rules even in the absence of revisions.

This article is owned by Tech Times

Written by Joaquin Victor Tacla

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics