Optus data breach: regulatory changes announced, but legislative reform still needed

In response to Australia’s biggest ever data breach, the federal government will temporarily suspend regulations that stop telcos sharing customer information with third parties. But it’s still only a remedial measure, intended to be in place for 12 months. More substantive reform is needed to tighten Australia’s loose approach to data privacy and protection. Read More

Optus says it needed to keep identity data for six years. But did it really?

Among the many questions raised by the Optus data leak is why the company was storing so much personal information for so long. Optus has said it is legally required to do so. But your name, address and account reference number should be all it needs for this, not your passport, driver’s licence or Medicare details. The only clear legal requirement for it to keep “information for identification purposes” comes from the Telecommunications (Interception and Access) Act 1979, which requires that identification information and metadata be kept for two years (to assist law enforcement and intelligence agencies). Read More

What do TikTok, Bunnings, eBay and Netflix have in common? They’re all hyper-collectors

You walk into a shopping centre to buy some groceries. Without your knowledge, an electronic scan of your face is taken by in-store surveillance cameras and stored in an online database. Each time you return to that store, your “faceprint” is compared with those of people wanted for shoplifting or violence. This might sound like science fiction but it’s the reality for many of us. By failing to take our digital privacy seriously – as former human rights commissioner Ed Santow has warned – Australia is “sleepwalking” its way into mass surveillance. Read More