Banks and government agencies in Australia will reportedly be receiving identification data of customers who were impacted by the breach at Sydney-based telecom firm, Optus, last month. The information would be released as part of efforts aimed at putting more checks in place to protect those who had their data stolen during the cyberattack.
Australia’s federal government has also unveiled new exceptions to the privacy laws in its metadata laws after the second-largest telecom firm claimed that it was legally not allowed to share customers’ information, such as driver’s license and passport or Medicare numbers, even after the massive hack.
Michelle Rowland, the country’s Minister of Communications, stated that new regulations, which were initially expected more than two weeks ago but were delayed after it became clear how difficult it would be to change the law, have built-in privacy protections.
Rowland stated that banks that receive data will have to review the need to continue keeping the data every 12 months. Adding that if not required they will have to destroy the information.
The regulations, which are yet to be enforced, will be reviewed after one year and are only applicable to Australia-regulated banks, and will not impact branches of foreign banks in any way.
The data is only allowed for use in response to cyberattacks and to prevent fraud, and banks will have to inform regulators that only genuinely necessary information is being sought by them and that they have sufficient security.
However, personal information such as names or addresses will not be allowed for sharing, with Treasurer Jim Chalmers adding that customers will not be told who has received the data for data security reasons.
When questioned whether it was sensible that data should be shared more widely after experts warned of firms keeping too much information, especially with the Optus hack, Rowland responded that the Attorney-General is working on reforming the Privacy Act separately as well.
Andrew Sheridan, VP of Regulatory and Public Affairs, Optus, stated that the firm is pleased to form a joint working with the federal government to enhance coordinated response against cyberattacks, and welcomes the regulation which, according to Sheridan, will help agencies better protect their customers.