Privacy instrumentality changes, including tougher penalties for information breaches, could beryllium legislated arsenic aboriginal arsenic this year, the lawyer wide has said successful the aftermath of the Optus breach.
Mark Dreyfus revealed connected Thursday that successful summation to completing a reappraisal of Australia’s privateness laws the Albanese authorities volition look to legislate “even much urgent reforms” precocious this twelvemonth oregon successful aboriginal 2023.
The suite of contiguous reforms could see penalties, safeguards connected idiosyncratic accusation and strengthening requirements for companies to notify customers of breaches.
Labor has talked up the request for tougher laws since the Optus onslaught affected up to 10 cardinal customers, including 2.8 cardinal radical who had their licence oregon passport fig leaked.
The location affairs minister, Clare O’Neil, has suggested reforms volition include expanding the maximum penalties for information breaches – presently capped astatine $2.2m – and extending a powerfulness to acceptable minimum cybersecurity standards to telcos.
On Thursday, Dreyfus told Radio National that the overseas curate had written to Optus asking it to wage for Australians’ replacement passports and the premier curate had “made precise wide … it is going to beryllium a substance for Optus to wage for costs incurred by Australians arsenic a effect of the information breach that has occurred”.
Dreyfus said Australians were “rightly concerned” astir the vulnerability of idiosyncratic information, and warned Optus it expects “continuing cooperation” from the telco.
Asked astir privateness instrumentality reforms, Dreyfus replied: “It is simply a substance of urgency. We request to bring privateness laws … up to date, [and marque them] acceptable for intent for the integer age.”
The lawyer wide said helium hoped to implicit a “long-running review” of privateness laws by the extremity of 2022.
“We are besides looking astatine adjacent much urgent reforms we tin marque consecutive distant to the Privacy Act to bash things similar expanding the safeguards that are already determination that subordinate to idiosyncratic information, information guidelines, and strengthening the notifiable information breaches scheme.
“We’re looking astatine what tin beryllium brought to parliament successful the remaining sitting weeks and if imaginable walk this twelvemonth or, if not this year, past aboriginal adjacent year.”
“It is wide we request to fortify the Privacy Act,” helium said, “and perchance 1 of those ways could beryllium to summation penalties, truthful that successful nary mode is simply a information breach conscionable a outgo of doing concern but thing boards cognize determination [are] very, precise superior consequences for if they neglect to instrumentality attraction of the data”.
Earlier, Dreyfus told ABC News Breakfast that the Australian national constabulary “has been moving with the FBI to effort and way down the perpetrators”.
The authorities is asking Optus to stock information with banks and fiscal institutions truthful they “can instrumentality precautions to support those Optus customers whose information has been stolen”, helium said.
“What we tin besides bash … is look astatine toughening the laws, peculiarly the Privacy Act, to perchance summation the penalties and … the precautions that person to beryllium taken by immoderate institution that’s storing the information of Australians successful the mode that Optus was.”
Dreyfus said that “regrettably” Optus had omitted from its archetypal notification to customers that “some Medicare numbers successful summation to passport numbers and driver’s licence numbers were included successful the information breach”.
“That shouldn’t person happened. It’s truly important that determination beryllium notification due to the fact that it’s lone [then] you tin commencement to instrumentality the due steps to defender against the consequences of a information breach similar this.”
In a connection connected Wednesday evening, Optus said it had identified 14,900 valid and unexpired Medicare ID numbers among the compromised lawsuit records, arsenic good arsenic 22,000 expired numbers.
Customers with valid Medicare numbers volition beryllium contacted wrong 24 hours, and those with expired numbers successful coming days.
Optus genitor institution Singtel connected Wednesday said “we are profoundly atrocious to everyone affected by the information theft connected our subsidiary Optus”.
“Singtel absorption and committee are treating this incidental precise earnestly and moving intimately with Optus to code what is simply a analyzable issue, holistically,” the institution said successful a statement.