Australia announces amendments to its privacy laws; after a significant data breach at Optus, the country’s second-largest mobile provider, on Thursday, Australia proposed an update to consumer privacy legislation to allow targeted data exchange between telecommunication corporations and banks. This move comes in the wake of a recent incident in which a large amount of data was stolen from Optus.
One of Australia’s most significant data breaches occurred last month when hackers attacked Optus, a telecommunications company owned by Singapore Telecommunications Ltd (Singtel). The breach exposed the personal information of up to 10 million subscribers, including their home addresses, driver’s license numbers, and passport numbers.
As a consequence of the amendments, telecommunications companies will be authorized to exchange government-issued identification documents with financial institutions to carry out enhanced monitoring for customers whose data has been compromised.
During a press conference, Treasurer Jim Chalmers stated, “They’ve been carefully developed with strong privacy and security measures to guarantee that only limited information may be made temporarily available to prevent and respond to cyber security problems, fraud, scams, and other associated activities.” “They’ve been carefully developed with strong privacy and security measures to guarantee that only limited information may be temporarily available.”
He stated that the administration would recommend changing the privacy regulations to the governor-general.
By using methods already established in the industry for reporting illegal transactions, such as fraud information exchanges, the proposed enhancements will also make it possible to detect more instances of fraudulent activity in the broader financial services industry.
According to Chalmers, the government will not disclose the names of the financial institutions that receive data from Optus because of concerns regarding the integrity of the data.
According to the treasurer, banks are required to destroy information once it is no longer necessary to keep it. This information may only be used to prevent or respond to issues related to cyber security, fraud, scam activity, or identity theft.
Since the cyber attack on Optus, Australia’s telecommunications, banking, and government sectors have all been on high alert. Additionally, amendments to privacy legislation have been recommended to assist institutions in taking rapid action to avoid fraudulent transactions.
The Australian government believes that the Optus breach resulted from a fundamental security flaw, and has reprimanded the company for portraying the attack as being sophisticated and for failing to notify customers whose information was compromised.