Paul Karp and Josh Taylor report:
Companies could have the right to retain customers’ data stripped back by an ambitious suite of privacy reforms proposed by the Albanese government.
The attorney general, Mark Dreyfus, revealed on Thursday that in addition to completing a review of Australia’s privacy laws, the Albanese government will look to legislate “even more urgent reforms” later this year or in early 2023.
The immediate reforms could include penalties, safeguards on personal information and strengthening requirements for companies to notify customers of breaches.
Read more at The Guardian.
As bad as the Optus data breach is, it might be the best thing that has happened to Australians in terms of moving forward the privacy rights agenda. Since 9/11 successive governments have cemented the idea that being pro-privacy was inherently suspicious – “done nothing wrong got nothing to hide”. Optus’ lack of concern for customer privacy, lack of investment in security, active lobbying against enhanced privacy protections (including the right to the erasure of their private information) for consumers, and their suggested remediation technique of having affected customers “look out for scams” has highlighted the fact that Australia’s privacy laws are antiquated and not fit for purpose. Under the EUs GDPR, Optus’ liability would be €20M or 4% of global revenue from the previous year (whichever is higher) – this is a considerable incentive for companies to take customer privacy seriously. Many countries have GDPR-like legislation – the Optus breach might just give the Australian Government the impetus and political will to get it done (wouldn’t want to be a company lobbying against consumer privacy rights just now).
I did not have “scrape leads to overhaul of federal legislation” on my Bingo card for 2022, but I agree, this may wind up pushing AU towards more protection. I’m seeing some similar trends in a few other places. It’s almost like a tipping point has been reached or is being reached.