Optus faces new privacy probe, huge fines
The embattled telco will be scrutinised by privacy agencies about how it protected consumer data and whether holding it was “necessary”.
Business
Don't miss out on the headlines from Business. Followed categories will be added to My News.
The privacy commissioner has begun an investigation into Optus’ handling of customer data which could seek civil penalties of “up to $2.2 million for each contravention”.
Commissioner Angelene Falk announced on Tuesday the Office of the Australian Information Commission would investigate as to whether Optus’ handling of consumer data complied with the Australian privacy principles.
“The OAIC’s investigation will focus on whether the Optus companies took reasonable steps to protect the personal information they held from misuse, interference, loss, unauthorised access, modification or disclosure, and whether the information collected and retained was necessary to carry out their business,” a statement said.
“The investigation will also consider whether the Optus companies took reasonable steps to implement practices, procedures and systems to ensure compliance with the Australian Privacy principles, including enabling them to deal with related inquiries or complaints.”
If the OAIC’s investigation finds interference with a person’s privacy has occurred, the Commissioner could force Optus to take steps to ensure the practice is not repeated and to redress any loss or damage.
Serious or repeated breaches could result in the commissioner seeking civil penalties through the Federal Court of up to $2.2m for each contravention.
Commissioner Falk said the widespread attention given to the Optus data breach highlighted privacy issues corporate Australia should heed.
“If they have not done so already, I urge all organisations to review their personal information handling practices and data breach response plans to ensure that information is held securely, and that in the event of a data breach they can rapidly notify individuals so those affected can take steps to limit the risk of harm from their personal information being accessed,” she said.
“And collecting and storing personal information that is not reasonably necessary to your business breaches privacy and creates risk. Only collect what is reasonably necessary.”
The OAIC investigation will be co-ordinated with an investigation by the Australian Communications Media Authority.
“The ACMA will investigate the data breach in regard to Optus’ obligations as a telecommunications service provider,” ACMA’s statement read.
“These include obligations relating to the acquisition, authentication, retention, disposal and protection of personal information, and requirements to provide fraud mitigation protections.”
ACMA Chair Nerida O’Loughlin said customers had a reasonable right to believe their data would be protected by telcos.
“When customers entrust their personal information to their telecommunications provider, they rightly expect that information will be properly safeguarded. Failure to do this has significant consequences for all involved,” she said.
“All telcos have obligations regarding how they acquire, retain, protect and dispose of the personal information of their customers. A key focus for the ACMA will be Optus’ compliance with these obligations.”
More Coverage
Originally published as Optus faces new privacy probe, huge fines
Firms looking to chop costs with wage cuts, lay-offs
Some 20,000 financial services and telecommunications roles have been shifted overseas as local contractors are given the flick and employers begin to cut costs.
Aluminium must be on critical minerals list, says peak body
Australia’s aluminium sector says the country’s competitive advantage is being undermined by unclear regulatory frameworks which weaken investment.