You have 0 free articles left this month.
Register for a free account to access unlimited free content.
Powered by MOMENTUM MEDIA
accountants daily logo

Call to adopt EU data regs as Optus reputation dives

Regulation

Lawyers say tougher penalties are appropriate while the telecom is already paying a huge reputational price.

By Philip King 13 minute read

Legal experts are calling for Australia to adopt European Union-style data privacy laws including harsher penalties in the wake of the cyber hack on Optus last week that compromised the personal details of millions of customers.

Fines under the EU regime would be “significantly” higher they say but according to one media intelligence company Optus is already paying a huge reputational price in terms of negative media and social comments.

Australians were just beginning to understand the seriousness of the data breach for their personal data and the complex steps now required to protect themselves, said the University of NSW Law and Justice’s Tony Song.

“I think our laws should at the very least be updated to match the European Union’s General Data Protection Regulation, which has become something of the gold standard for data protection regulation,” Mr Song said.

With the maximum penalty under Australia’s cyber security measures just $2.2 million dollars, it would also greatly increase the liability for Optus-type lapses with fines potentially running into hundreds of millions.

“This means increasing the penalties not just for the cyber criminals, as suggested by Shadow Home Affairs Minister Karen Andrews – as this will not effectively deter bad actors, who will assume they will not get caught anyway – but actually for the companies that hold, use and process all our data,” he said.

==
==

“Our current $2.2 million limit [in corporate penalties for breaches] is nothing compared to the GDPR’s maximum of $20 million euros or 4 per cent of the firm’s worldwide annual revenue. For many large tech companies, that is still peanuts to them.”

Mr Song said Optus faces three main ramifications: a regulatory enforcement response, civil litigation including class actions, and the effect on Optus' reputation.

That is already plummeting according to research by global media intelligence specialist Meltwater, which shows a spike in coverage of the telecom company since the hack but a huge leap in negative comment.

“Media coverage has seen a 25 per cent spike in negative media and a 13 per cent drop in positive content,” it said. “Optus normally averages around 18 per cent positive versus 8 per cent negative, with the rest being neutral.

“Since the breach it's been 33 per cent negative and 5 per cent positive.”

Men were discussing Optus more than women, it said, while social media mentions were led TikTok and Twitter.

Regarding regulations, Mr Song said Australia was already in the process of making changes to data protection laws with a review underway of the Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill 2021 (Online Privacy Bill).

The measure was significantly based on requirements and concepts found in the GDPR as well as the California Consumer Privacy Act of 2018, he said.

It would increase the maximum Australian penalty to either $10 million, three times the benefit of the misconduct, or 10 per cent of the organisation’s turnover in the 12 month period up to the conduct.

The new standard could also further grant the Office of the Information Commissioner powers to make new determinations or compel entities to effectively audit their privacy practices and report findings back to the office.

Meanwhile, law firm Slater & Gordon have already declared an intention to mount a class action, while Maurice Blackburn is currently running another class action against Optus for an earlier breach in 2020.

“Optus has lost the trust and confidence of its customers, in the case of some, forever. Trust takes years to build, and seconds to destroy. Optus now faces a long and expensive road ahead to rebuild that trust,” Mr Song said.

 

 

 

 

Philip King

Philip King

AUTHOR

Philip King is editor of Accountants Daily and SMSF Adviser, the leading sources of news, insight, and educational content for professionals in the accounting and SMSF sectors.

Philip joined the titles in March 2022 and brings extensive experience from a variety of roles at The Australian national broadsheet daily, most recently as motoring editor. His background also takes in spells on diverse consumer and trade magazines.

You can email Philip on: This email address is being protected from spambots. You need JavaScript enabled to view it.

You are not authorised to post comments.

Comments will undergo moderation before they get published.

accountants daily logo Newsletter

Receive breaking news directly to your inbox each day.

SUBSCRIBE NOW