The requested article has expired, and is no longer available. Any related articles, and user comments are shown below.
© Copyright 2022 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.Australia demands Optus pay for new customer ID documents
By ROD McGUIRK CANBERRA, Australia©2024 GPlusMedia Inc.
2 Comments
Login to comment
JTC
Firstly, if you're an Aussie, and potentially impacted, the following is worth reading:
https://www.oaic.gov.au/updates/news-and-media/advice-on-optus-data-breach
Australia does have Personal Data Protection Laws - stemming from the Privacy Act 1988...
https://www.ag.gov.au/rights-and-protections/privacy#:~:text=The%20Privacy%20Act%201988%20(Privacy,and%20in%20the%20private%20sector.
Though the above, is probably more interesting to Lawyers.
Relating to this incident:
https://www.accc.gov.au/media-release/customers-warned-to-watch-out-for-scams-following-optus-data-breach
I wonder....
Why was Optus retaining copies of Customer Identity Documents - such as Passports, driving licenses, etc ?
Surely, once an individual has been properly identified, there is no need to retain copies of such information ?
Are Companies in Australia offered Insurance against costs incurred when such information is lost ? And, did Optus have such insurance ? (If so, which Insurer ?)
Are other Companies holding the similar information ? And, are they forced by Law, to have an insurance against such data loss ?
Thinking forward, we need a more up-to-date way of handling Identification of individuals, something that doesn't rely upon numbers upon papers/plastic, or an out of date photo, or even signatures that vary each time you sign. Something that really identifies you, as the individual you are, and something that can be used Globally, both in Rich and Poor Countries alike.... a potentially tricky one to solve, but worth doing.
2020hindsights
JTC
That's a very good point. Once they have verified the customer's identity, they don't need to keep the data. Holding it represents a risk to their customers.