Telco regulations amended to protect consumers after Optus data breach

Share

Amendments are being made to the Telecommunications Regulations 2021, bringing further protection to Australians following the Optus data breach. 

The federal government is recommending that the regulations be amended to allow Optus and other telcos to better coordinate with financial institutions, the Commonwealth, and states and territories. 

This will allow the institutions to better detect and mitigate the risks of cyber security incidents, frauds, scams and other malicious cyber activities. 

“The Albanese Government takes seriously the protection of personal information,” Minister for Communications Michelle Rowland said. 

“The proposed regulations have been carefully designed with strong privacy and security safeguards to ensure that only limited information can be made available for designated purposes.”  

Minister Rowland stated that the amendments will enable telecommunications companies to temporarily share approved government identifier information with regulated financial services entities for more effective cooperation in implementing enhanced monitoring and safeguards that will protect customers affected by the breach. 

In addition, Optus will be able to share identifiers to assist the federal, state and territory agencies in detecting and assisting in the prevention of fraud. 

“Our Government has been working in lockstep with banks and financial regulators to facilitate the safe and secure sharing of data between Optus and regulated financial institutions, with appropriate safeguards, to improve consumer protection,” Treasurer Jim Chalmers said. 

“Financial institutions can play an important role in targeting their efforts towards protecting customers at greatest risk of fraudulent activity and scams in the wake of the recent Optus breach. These new measures will assist in protecting customers from scams, and in system-wide fraud detection.” 

Related: Data security laws questioned after Optus cyber attack

The proposed regulations have been carefully designed with strong privacy and security safeguards to ensure that only limited information can be made available for certain purposes. 

The changes will also allow increased fraud detection in the broader financial services sector through existing industry mechanisms to report fraudulent transactions. 

The Council of Financial Regulators’ cybersecurity working group will examine and report on options to further improve the ability of financial institutions to identify at-risk customers and credentials.  

They will be utilising an existing security and privacy-protecting data-sharing platform, enabling financial institutions to further enhance their protections for consumers from financial crime.  

In developing this approach, the federal government has undertaken extensive consultation across Commonwealth agencies, financial system regulators, Optus, the banking sector, major telecommunications providers, and the Australian Information Commissioner. 

The financial regulators have taken additional steps to protect customers, including through ACCC’s ScamWatch and direct engagement with financial institutions.  

Financial institutions have also been proactive in response to the data breach, including implementing heightened controls on those accounts identified as at higher risk. 

Source: Minister for Communications media release. Content has been edited for style and length.