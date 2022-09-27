The Government Flags Policy Reform in the Wake of Optus Breach

Prime Minister Anthony Albanese has said called the Optus data breach a “huge wake-up call for the corporate sector”. With cyber reform on the agenda, the PM flagged his intention to overhaul Australian law to better deal with such a scenario in the future.

Speaking on 4BC radio, Albanese was asked about a “change at a federal level” to put in a guarantee that people won’t be taken advantage of in the future.

“This is a huge wake-up call for the corporate sector, in terms of protecting the data which is there. And we want to make sure, as well, that we change some of the privacy provisions there so that if people are caught up like this, the banks can be let know, so that they can protect their customers as well,” he said.

“But this is a massive breach that has occurred. We know that in today’s world, there are actors, some state actors, but also some criminal organisations who want to get access to people’s data.”

Under current Australian privacy legislation, companies are prevented from sharing such details about their customers with third parties.

Appearing on ABC 7:30 last night, Minister for Cyber Security Clare O’Neill said Australia is “probably a decade behind in privacy protections”, ones that would have potentially helped prevent a breach the scale of Optus’.

Minister for Cyber Security @ClareONeilMP says Australia is "probably a decade behind" in privacy protections, and the government "has to be involved when the stakes are this high" following Optus' cyber security breach. Watch her full interview with Laura Tingle below. #abc730 pic.twitter.com/Mk791iOehl — abc730 (@abc730) September 26, 2022

“I don’t want to blame this on the former government, but I just want to note that we are probably a decade behind in privacy protections where we ought to be, I would say we’re about five years behind in cyber protections than where we should be given how fast things are moving,” she said.

Touching on policy changes, O’Neill told Parliament Monday afternoon that a very substantial reform task is going to emerge from a breach of this scale and size, noting that “there’s a number of policy issues that I think the public will soon become quite aware of”.

“One significant question is whether the cybersecurity requirements that we place on large telecommunications providers in this country are fit for purpose,” she said.

Back to her chat on 7:30, O’Neill touched on these cybersecurity requirements.

“The previous government put in place a very significant piece of legislation that I think was a very good start, but it didn’t bring telecommunications companies into that legislation,” she explained.

This means the government’s powers are limited with telecommunications companies. Why? Well if we cast our mind back to the time this legislation was being debated, the telco sector said it had it covered.

“They said don’t worry about us, we’re really good at cybersecurity, we’ll do it without being regulated,” O’Neil added. “I would say this incident really calls that assertion into question.”

In a move you couldn’t script, the Optus data breach happened less than a month after former Telstra CEO Andy Penn talked down the need for cyber legislation, as reported by InnovationAus at the time.

“The government has to be involved when the stakes are this high,” O’Neill said.