At least on the surface the Singapore Telecom/Optus data breach represents the fourth time in the last three years that major corporations operating in Australia have not realised that their prime responsibility is to maintain their so called “licence to operate”.
Miner Rio Tinto and casinos Crown and Star all made the same mistakes.
When it comes to the Singapore government controlled Singapore Telecom, which operates in Australia under the Optus brand, I have a caveat.
If over the years Singapore Telecom actually invested large sums in world-class security over its Australian data, but was hacked by a brilliant international hacker group, then it would not be fair to say that they had breached their licence to operate.
But the statements from government ministers and others that have looked at the Optus situation indicate that the Singaporeans’ Australian operation was inadequately protected. Accordingly it was easy for hackers with relatively unsophisticated methods and a bit of luck to bridge the security,
During its 11 years of Singapore ownership the Optus operation was essentially controlled in Singapore. Only in June this year did the Singaporeans transfer more control to Australia.
Accordingly if Singapore Telecom/Optus is found to have breached its licence to operate it will be required to pay many billions in damages and well as the cost of a new security system.
The term “ licence to operate” is rarely written or publicly discussed but its existence is very evident when a board and/or management acts in a way that causes that licence to be breached.
When applied to miners it covers relationships with their customers, communities and safety. The ESG concept – environmental, social, and governance – incorporates licence to operate but covers much wider areas.
When the controllers of Rio Tinto, closeted in the luxury of St James Square London, ordered the destruction of the 46,000-year-old Juukan Gorge Rock shelters they did not seem to understand that they were breaching their “licence to operate”.
When the Rio Tinto mines were controlled in Australia the locals understood that concept.
The St James Square people were taught a much needed lesson and they were forced to remove their chief executive and other executives and appoint Kellie Parker as Australian CEO.
The world has moved on from the entrenched St James Square culture so Rio Tinto shareholders have to hope the lesson is not forgotten.
Initially Crown and Star directors and managers understood that their licence to operate a casino required them incorporate governance into their operating model. But over time that understanding faded and all too often money laundering crept into the business.
Doing everything possible to prevent such practices is an integral part of the licence to operate. Crown was lucky that they were able to change their ownership plus the board and top managers and so continued to operate. Star will have to do something similar.
And the new Casino managers will need be embedded with the rule that governance is part of their licence to operate.
The Singaporeans need to understand that in Australia we regard protecting data is an essential part of the licence to operate for any group which obtains large amounts of data from their customers. Accordingly groups like banks and medical benefit companies must also understand that data protection as an integral part of their licence to operate.
One of the greatest risks for such companies is that if profits decline it may trigger pressure from shareholders for increased returns. In turn that may cause management to take a punt on the licence to operate.
In the case of Singapore Telecom’s Australian Optus operation, the profit margins appear to be have been substantially below Telstra. That means the Singaporeans were either cutting prices to gain volume or have higher costs.
If Singapore Telecom’s Australian security systems were not world class then they will have to go through the same process as occurred with Crown. In retrospect, Rio Tinto got off lightly.
Optus was a very exciting telecommunications company when formed in 1991 with majority Australian ownership but with UK and US groups as minority shareholders It was purchased by the Singapore government controlled Singapore Telecom 10-years later. In the same year the Singaporeans bought into Indonesian telecommunications.
My anecdotal experience was that Optus lost much of its momentum and became more bureaucratic. Some staff members complained to me that the Singaporeans appeared to be more interested in Indonesia, but that may be unfair.
But if the Singaporeans have under invested in data security in the Australian nation then it will be the second time in 18 months that a government controlled Singaporean enterprise has treated Australians badly.
You remember that the Government of Singapore Investment Corporation (GIC) last year tried to acquire Australian Unity Healthcare – one of the largest investors in hospital properties in Australia- by offering the major shareholder a greater price than they offered to ordinary Australians.
The Singaporeans were repulsed. We have good relations with Singapore but sometimes their appear to think we are “mugs” and exploit our weaknesses.
James Packer was virtually forced to sell his Crown equity and if it is shown that Singapore Telecom did not invest in world-class data security to protect Australians then to retain its licence to operate in Australia Singapore Telecom must be required to pay many billions in damages plus install a world class data protection system.
Of course in the case of the Singapore Telecom damages bill, the courts may be the arbitrator.
Read related topics:Rio Tinto
Join the conversation
Nick Scali issues profit warning on higher freight costs
An unexpected spike in freight costs has punctured furniture chain Nick Scali’s typically robust and market-leading profit margins to see the retailer issue a profit warning at its AGM.
Read more
Are you wealthy? And in what ways? It’s more than just money
Definitions of wealth are not just financial, and AI will tell you exactly that. See how you measure up.
Read more