6.2 C
London
Tuesday, November 29, 2022

Government is making regulatory changes in response to Optus data breach, but legislative reform is still needed

Must read

Republican criticism of Trump piles up after his dinner with a white supremacist

WASHINGTON — Donald Trump is embroiled in another controversy, and this time some Republicans on Capitol Hill are less willing to defend him.After dining...

EV SPAC Faraday Future ousts its CEO • londonbusinessblog.com

Faraday Future, the beleaguered EV startup that has now gone public, has reshuffled its leadership ranks. The board fired CEO Carsten Breitfeld, according to a...

Crypto trades Binance and Kraken for anti-fraud regtech FrankieOne in $23M Series A boost

Identity and fraud detection engine FrankieOne raised another $23 million 13 months later to complement the Series A. The self-described Series A+ round was led...

Crypto finance firm BlockFi is filing for bankruptcy after the fall of FTX

The bankruptcy filing filed in New Jersey lists Ankura Trust Company as the largest creditor, at $729 million, followed by FTX US at $275...
Shreya Christinahttps://londonbusinessblog.com
Shreya has been with londonbusinessblog.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider londonbusinessblog.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

In response to Australia’s largest-ever data breach, the federal government will: temporarily suspend regulation those telcos stop sharing customer information with third parties.

It is a necessary step to face the threat of identity theft facing 10 million current and former Optus customers. This allows Optus to work with banks and government agencies to detect and prevent fraudulent use of their data.

But it is still only a corrective measure, intended for 12 months. More sweeping reforms are needed to tighten Australia’s loose approach to data privacy and protection.

Changing regulations, not legislation

The changes – announced by Treasurer Jim Chalmers and Federal Secretary of Communications Michelle Rowland – regarding changing the Telecommunication Regulation 2021.

This is a piece of “subordinate” or “delegated law” to the Telecommunications Act 1997. Changing the law itself would require a vote in parliament. Regulations are subject to change at the discretion of the government.

Under the Telecommunications Act, it is punishable for telecom companies to share information about “another’s business or personal data”.

The only exceptions are sharing information with the National relay service (allowing people with hearing or speech impairments to communicate by telephone), with “authorized investigative agencies” such as universities, public health authorities or election commissions, or with police and intelligence agencies with a warrant.

That means Optus can’t tell banks or even government agencies created to prevent identity fraud, like the little-known Australian Financial Crime Exchangewho the affected customers are.

Important Safety Precautions

The government says the changes are only sharing “government approved credentials” – driver’s licenses, Medicare and passport numbers.

This information can only be shared with government agencies or financial institutions regulated by the Australian Prudential Regulatory Authority. This means that Optus (or any other telco) cannot share information with the Australian branches of foreign banks.

Financial institutions will also have to comply with strict requirements regarding secure methods of transferring and storing personal information shared with them, and make commitments to the Australian Competition and Consumer Commission (which can be enforced in court).

The information may only be shared “for the sole purpose of preventing or responding to cybersecurity incidents, fraud, scams or identification theft”. Any entity that receives information must destroy it after it has been used for this purpose.

These are incredibly important safeguards given the current lack of limits on how long companies can keep identity data.

What is needed now?

While temporary, these changes could be a game changer. Over the next 12 months, Optus (and potentially other telcos) will be able to proactively share customer information with banks to help prevent cybersecurity, fraud, scams and identity theft.

It could potentially allow for a crackdown on scams that will affect banks and telcos alike, such as: fraudulent texts and phone calls.

But this does not negate the need for a larger legislative reform agenda.

Australian data privacy laws and regulations should set limits on how much data companies can collect or how long they can keep that information. Without restrictions, companies will continue to collect and store much more personal information than they need.

This requires an amendment to the federal privacy law – subject to a government assessment for almost three years now. There should be limits to what data companies can keep and for how long, as well as higher penalties for non-compliance.

We all need to take data privacy more seriously.

This article was republished from The conversation under a Creative Commons license. Read the original article.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Republican criticism of Trump piles up after his dinner with a white supremacist

WASHINGTON — Donald Trump is embroiled in another controversy, and this time some Republicans on Capitol Hill are less willing to defend him.After dining...

EV SPAC Faraday Future ousts its CEO • londonbusinessblog.com

Faraday Future, the beleaguered EV startup that has now gone public, has reshuffled its leadership ranks. The board fired CEO Carsten Breitfeld, according to a...

Crypto trades Binance and Kraken for anti-fraud regtech FrankieOne in $23M Series A boost

Identity and fraud detection engine FrankieOne raised another $23 million 13 months later to complement the Series A. The self-described Series A+ round was led...

Crypto finance firm BlockFi is filing for bankruptcy after the fall of FTX

The bankruptcy filing filed in New Jersey lists Ankura Trust Company as the largest creditor, at $729 million, followed by FTX US at $275...

WhatsApp rolls out new ‘Message Yourself’ feature worldwide • londonbusinessblog.com

To get a roundup of londonbusinessblog.com's biggest and most important stories delivered to your inbox every day at 3PM PDT, register here. We're joining the...

Contents