The Federal Government is set to make changes to the Telecommunications Regulations 2021 legal instrument to help protect the victims of the Optus data breach.
The proposed amendments would allow telcos to temporarily share approved government identifier information - like drivers licence, Medicare and passport numbers of customers affected by a data breach - to banks and other financial services providers to allow them to implement monitoring and safeguards for affected customers.
Optus will also be able to share customer data to assist the Federal Government, state and territory agencies’ efforts to protect customers from fraud.
"Our Government has been working in lockstep with banks and financial regulators to facilitate the safe and secure sharing of data between Optus and regulated financial institutions, with appropriate safeguards, to improve consumer protection," Treasurer Jim Chalmers said.
"Financial institutions can play an important role in targeting their efforts towards protecting customers at greatest risk of fraudulent activity and scams in the wake of the recent Optus breach. These new measures will assist in protecting customers from scams, and in system-wide fraud detection."
The proposed amendments would cover banks regulated by APRA (not including branches of foreign banks), and the information would only be used for preventing or responding to cyber security incidents, fraud, scam activity or identity theft.
Communications minister Michelle Rowland would also have the ability to specify additional APRA-regulated services entities, if required.
The banks seeking the data are also required to provide written commitments to the ACCC that they will comply with their obligations under the Privacy Act 1998, attest to APRA that they meet the relevant information security standard, and confirm in writing that the information they are seeking is necessary and proportionate.
The proposal also requires banks to meet information security requirements and protocols for any transfer and storage of data, and that the data must be destroyed once they are no longer required.
Also involved in the amendments is the Council of Financial Regulators’ cybersecurity working group, which will examine and report on options to further improve the ability of financial institutions to identify at-risk customers and credentials. The ACCC’s ScamWatch has also been tapped to assist the effort.
Minister Rowland said, "The Albanese Government takes seriously the protection of personal information. The proposed regulations have been carefully designed with strong privacy and security safeguards to ensure that only limited information can be made available for designated purposes."
"This will enable Optus, the financial services sector and relevant agencies to work together more effectively, to implement enhanced monitoring and safeguards to protect customers affected by the breach."
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
