2 minute read
From the Editor
Privacy reforms in spotlight after Optus hack
MICHAEL ESPOSITO, EDITOR
Advertisement
The Optus hack that has affected millions of Australians serves as yet another reminder about how seriously we should take our cybersecurity.
Even if the onus of protecting private data should be placed on the companies that collect it, we can also put measures in place to mitigate the damage if data is compromised.
A number of organisations, such as the Offi ce of the Australian Information Commissioner, have published helpful tips for individuals to protect their personal information.
One particularly useful tool is credit monitoring. Credit monitoring agencies can look for changes in your credit report, and therefore identify mistakes relating to your personal records or possible breaches by bad actors. Optus have offered some customers a free 12-month subscription to credit monitoring fi rm Equifax but I would encourage everyone to investigate whether a credit monitoring service might assist them in protecting the integrity of their credit score and personal data.
The Optus saga has also raised questions about the adequacy of Australia’s privacy laws. The Privacy Act (Cth) is under review. Federal Attorney General Mark Dreyfus has suggested that one of the key reforms should be provisions that require companies to safely delete personal identifi cation data once collected, unless they absolutely need to hold on to it.
This would theoretically limit the amount of personal data that is vulnerable to attack.
The European Union has the most stringent privacy laws in the world, with harsh penalties for companies that don’t comply with privacy requirements, a broad defi nition of personal information, strict obligations on collecting data, and a right for consumers to request personal data be erased.
The Law Society has also called for a right to take legal action against parties for serious privacy breaches. While some commercial entities have argued that allowing people to sue for invasions of privacy could lead to frivolous or vexatious claims, the Society has suggested that this could be addressed by ensuring the threshold to trigger a potential action is suitably high enough to only capture serious breaches of privacy or failure to adequately protect privacy.
It is almost impossible to function in a modern society without entrusting government agencies, workplaces, businesses, or almost any other organisation with our personal information. In return, we should expect these entities to protect our information with best practice cybersecurity systems, and have laws that are robust enough to ensure these practices are being followed. B
IN THIS ISSUE
8
REAL ESTATE REGULATION
Ensuring property transactions are open & transparent
CREDIT ENFORCEMENT
Protecting consumers against predatory credit practices 14
18
AWARDS NIGHT
Legal Profession Dinner wrap-up & photos
