Australia to Change Data and ID Sharing Rules for Telcos and Banks Following Massive Optus Breach

Last week the Australian government vowed to revise privacy rules so consumers would be better protected in the wake of the enormous breach of personal data by Optus, the country’s second largest telco, reports Reuters. The goal is to give banks the information they will need to identify customers who have been put at risk because their personal data has been compromised. The Australian Prudential Regulation Authority (ARPA), the country’s banking regulator, confirmed they would be working with government and other regulators on the proposed change.

The new rules will allow telcos to share details about government-issued identity documents with banks. These banks will be required to destroy the information they receive when it is no longer required to mitigate the threat of further crime. Data protection has become a hot topic in Australia after it was revealed that Optus had breached personal data relating to 10 million Australians, approximately 40 percent of the country’s population.

Optus is under intense pressure to make amends for its failings and is being forced to pay for thousands of replacement driver’s licenses issued to victims of the breach. The Labor government has so far resisted pressure to offer replacement passports free of charge, with the justification that criminals would need the actual document and not just the information in order to travel under somebody else’s identity. However, the Liberal opposition has slammed the government’s decision, arguing that victims of the breach should have all fees for replacement passports waived and that Optus should reimburse the additional costs borne by government.

The Australian government is now considering whether to centralize the country’s management of identity documents as a way to reduce the amount of personal data maintained by businesses. Meanwhile, they have tried to shore up their support with voters by being forthright in their criticism of Optus. This leads some to question whether Optus CEO Kelly Bayer Rosmarin can retain her job following the conclusion of Optus’ initial damage-limitation operations. If Rosmarin steps down, the Optus stakeholders, the Australian government and the Australian public could unwittingly be setting a precedent for other telcos around the world. I will be writing more about that story later this week.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.