Australia Flags Tough New Data Protection Laws This Year

According to the attorney-general, a cyberattack on a telecommunications company that stole 9.8 million customers' data could mean tougherও data protection l💙aws in Australia this year.

PTI

Updated on: 29 September 2022 4:17 am

Australia Flags Tough New Data Protection ꧅Laws This Year

Australia Flags Tough New Data Protection Laꦜws This Year

Australia could have tough new data protection laws in place this year in an urgent response to a cyberattack on a telecommunications company that stole the personal data of 9.8 million customers, the attorney-general 🎉sai🅺d on Thursday.

Attorney-General Mark Dreyfus said t🐻he government would make “urgent r⛎eforms” to the Privacy Act following the unprecedented hack last week on Optus, Australia's second-largest wireless carrier.

Dreyfus said “I think it's possible” for the law to be changed in t꧃he four remaini🀅ng weeks that Parliament is scheduled to sit this year.

"I'm going to be looking very hard over the next four weeks at whether or not we can get reforms to the Privacy Act into the Parliament before the end of the year,” Dreyfus told reporter🌳s. Parliament next sits on October 25.

Dreyfus said penalties for failing to protect persꦆonal data had to be increased so that corporate boards could not dismiss fines as a “cost of doing business.”

The “absolut꧅ely huge amounts” of customer data companies held for years would have to be justified under the amended law, Dreyfus said.

“Companies need t💦o look at data storage𝓰 not as an asset, but as a liability or a potential liability,” Dreyfus said.

“For too long we have had companies solely looking at da𓂃ta as an asset th🧸at they can use commercially,” he added.

The government blames𝓀 lax cybersecurity at Optus, a subsidiary of Singapore Telecommunications Ltd., also known as Singtel, for the theft of current and former customers' personal information.

The da🌌ta included passport, driver's license, and national health care identification numbers which could be used for identity theft and fraud.

Authorities are critical of Optus's initial failure to disclose that Medicare numbers wer💫e among the stolen data.

That became apparent on Tuesday when the ha⛄cker dumped the records of 10,000 customers on the dark web — six days after Optus discovered the cyberat🐟tack.

The urgent legislative response is separate from a broader review of the Privacy Act that began three years ago. The law was passed in 1988 and critics argue it badly needs to be adapted to t✃he digital age.

Optus could🍸 potentially be fined a maximum of 2 million Australian dollars (USD 1.3 million) for breaching the Privacy Act, the government said.

It could be fi🌞ned hundreds of millions of dollars over a similar sꦦecurity breach under European Union laws, the government said.

Submission𒉰s to the Privacy Act revജiew have suggested penalties for breaches equivalent to 10 per cent of revenue from Australian operations.

Optus chief executive Kelly Bayer Rosmarin has argued against increased fines, telling Australian Broadcasting Corp. on Tuesday: “Honestly, I'm not sure what 🍌penalties benefiဣt anybody.”

Optus maintains it was the target of a sophisticated cyberattack that penetrated several layers of security.