This year, Australia might have strong new data protection laws, according to the attorney-general, in response to a cyberattack that stole from a telecoms company the personal data of 9.8 million customers.
Following the unprecedented attack on Optus, Australia''s second-largest wireless carrier, the government would make immediate modifications to the Privacy Act, according to Attorney-General Mark Dreyfus.
I believe that the law might be changed in the four previous weeks that the Senate will sit this year, according to Dreyfus.
"I''ll be looking very hard over the next four weeks on whether or not we can incorporate reforms to the Privacy Act before the end of the year," Dreyfus told reporters. The Parliament next sits on October25.
The penalties for failing to protect personal information, according to Dreyfus, should be increased so that corporate regulators may not dismiss penalties as a result of the cost of doing business.
According to Dreyfus, the entire amount of customer data companies held for years would have to be justified under the revised legislation.
- Power Grid to Gain Greater Protection From Cyberattacks, Minister Says
Companies must focus on data storage rather than as a business asset, according to Dreyfus. Over the years, we have only been seeing data as an asset that they can use commercially."
Optus, a subsidiary of Singapore Telecommunications, also known as Singtel, is being accused by the government of stealing personal information from current and former customers.
In a statement from Singtel''s management, the company said on Wednesday, "We are very sorry to everybody who is affected by the data theft."
According to a statement, our focus has been on assisting Optus'' efforts to help affected customers and strengthen their security measures.
The Singtel Group is of paramount importance and is a top priority across all of its business units, and we invest significant resources to continue our defenses against emerging threats, according to a statement.
The following information included a passport, driver''s license, and national health care identification numbers which might be used for identity theft and fraud.
Authorities are wary of Optus'' initial failure to disclose that Medicare numbers were among the stolen data. That became apparent Monday when the hacker deposed the records of 10,000 customers on the dark web six days after the attack.
The immediate legislative response is separate from a deeper review of the Privacy Act that began three years ago. It was passed in 1988 and critics argue it must be adapted to the digital age.
Optus may be fined a maximum of AUD 2 million (roughly Rs. 10 crore) for breaching the Privacy Act, according to the government.
According to the government, the country might fine hundreds of millions of dollars for a similar security violation.
Sensibilizations for breaches of the Privacy Act have been suggested for generating 10% of Australian capital.
Kelly Bayer Rosmarin, the CEO of Optus, said on Tuesday that she was not sure what penalties would benefit anyone.
Optus maintains that it was the target of a sophisticated cyber attack that engulfed several security areas.
After an emergency meeting with banking and consumer regulators, Financial Services Minister Stephen Jones said fraudsters and scammers were already beginning to use the stolen data, which includes phone numbers and email addresses.
According to Jones, personal information stolen from 38 percent of Australia''s population of 26 million in a hack will not be underestimated.
He warned Optus customers not to activate URLs they receive by text or email, because they might be from criminals who attempting to steal more information.
Jones said that we''re all working as hard as possible to get rid of the long tail of issues that will likely result from this massive data breach.