ACS Calls for Data Law Review After Optus Breach
The Australian Computer Society (ACS) has called for a review of legislative data collection and storage requirements to mitigate future data breach risks. The organisation, which represents over 35,000 Australian workers, welcomes the government's initiative following the Optus data breach.
Currently, all Australian companies must comply with the Privacy Act 1988, which mandates the protection of customers' personal information. This includes implementing appropriate safeguards, notifying data breaches, and adhering to the Australian Privacy Principles (APPs). However, ACS believes that the existing framework may not be sufficient to address modern cyber threats.
ACS Chair of the Cyber Security Committee, Louay Ghashash, suggests enforcing security best practices with substantial penalties for non-compliance. He proposes establishing a minimum standard for data security, covering various threats and malicious acts, including internal staff behavior. The society also recommends adopting a consultative approach to implement these standards without overburdening smaller companies.
ACS sees this review as an opportunity to modernise Australia's technology legislation framework. The organisation is keen to work with key ministers in cybersecurity, technology, and telecommunications to develop a 21st-century digital economy legal framework. This includes proposing high, prohibitive financial penalties for companies mishandling users' personal data, with penalties commensurate with the size of the breach.
ACS's recommendations aim to protect Australians and enable global competition. By working with the government, the society hopes to create a robust and modern legal framework that balances the needs of businesses with the security of personal data.
