The Optus data breach, which has affected close to 10 million Australians, has sparked calls for changes to Australia’s privacy laws, placing limits on what and for how long organisations can hold our personal data. Equally important is to strengthen obligations for organisations to publicly disclose data breaches. Optus made a public announcement about its breach, but was not legally required to do so. In fact, beyond the aggregated data produced by the Office of the Australian Information Commissioner, the public is not made aware of the vast majority of data breaches that occur in Australia every year. Read More