Optus opposed giving Australians more rights over their own data before cyberattack


Optus argued against changing privacy laws to give Australians more rights over their data before hackers stole the personal information of up to 9.8 million of its customers.

The Singaporean-owned telco giant more than once opposed proposed changes to the Privacy Act that would have given customers the right to request their data be destroyed.

The Morrison government launched a review of the Privacy Act in 2020, proposing multiple reforms, including increasing users’ rights to take legal action against companies over data breaches.

In two submissions to the review, Optus argued the existing act was working well.

The company said Australian telcos didn’t need a “right to erasure”, a spin on Europe’s “right to be forgotten, which gives people the right to ask organisations to delete their personal data.

“There are significant technical hurdles to implement this for most sectors of the economy and much more research needs to be conducted,” the company said one submission.

“Optus submits that the compliance cost of an express right to erasure in the Privacy Act is likely to far exceed the benefits that flow from the right. There is insufficient evidence of a problem which would justify the costs.”

Camera IconOptus chief executive officer Kelly Bayer Rosmarin has said she is “devastated” by the cyberattack. John Feder/The Australian. Credit: News Corp Australia

Optus said it didn’t “see any justification for changes to the existing Privacy Act”.

“We find that the processes are working reasonably well and have resulted in good outcomes for consumers and businesses,” the telco said in a submission.

“Optus is not of the opinion that there should be additional protections in relation to deidentified, anonymised and pseudonymised information.”

Optus took issue with what it called “over the top” providers — such as Facebook, Google and Apple — being exempt from adhering to separate telecommunications laws, arguing they had been given “favourable treatment” by the federal government.

Optus argued Australian-based telcos were already subject to “greater obligations” under these laws than they were under the Privacy Act.

The telco disclosed on Thursday afternoon it had been subjected to a massive cyberattack that had been detected on its systems on Wednesday.

Optus customers who have had data stolen in the massive cyberattack have been contacted via email (pictured). Picture: NCA NewsWire
Camera IconOptus customers who have had data stolen in the massive cyberattack have been contacted via email (pictured). NCA NewsWire Credit: NCA NewsWire
Optus Canberra
Camera IconMore than 9 million customers may have been affected by a massive cyberattack on Optus last week. NCA NewsWire / Martin Ollman Credit: News Corp Australia

Optus chief executive officer Kelly Bayer Rosmarin said soon as the telco learned of the hack it took action to stop it and launched an investigation.

Speaking to reporters on Friday, Ms Rosmarin apologised to customers.

She said she was “devastated” by the attack, which compromised information including names, dates of birth, addresses, phone numbers and in some cases passport or driver’s licence numbers.

Ms Rosmarin said Optus believed the number of people who had data stolen was substantially lower than its “worst case scenario” of 9.8 million.

The amount of data stolen and the reason for the attack is not yet known, with the Australian Cyber Security Centre and the Australian Federal Police investigating.

Optus has been contacted for comment as to whether it still opposes changes to Australia’s privacy laws.

The Attorney-General’s Department is expected to present the Albanese government with a final report from the review of the Privacy Act before the end of the year.

It is expected to result in new legislation.

Read original article here

Denial of responsibility! Chronicles Live is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment