Privacy espresso seriesResourcesOctober 6, 2022Optus data breach : Legal and regulatory effects

In this privacyespresso we speak with Kelly Dickson, Managing Principal Lawyer at the Australian law firm Macpherson Kelley, about the recent Optus data breach case, hitting nearly 10 million customers’ data.

Looking at the Optus data breach numbers, Kelly says it can be considered the biggest breach ever faced by Australia, as almost 40% of the Australian population may have been affected by it. However, it is still not clear if the breach was caused by a complex hacking attack or a flaw of the defensive measures of the system.

In any case, Kelly believes that such an experience has left three key learning point:
1.    Privacy is a thing you have to deal with and you cannot postpone anymore.
2.    Data security and data minimization are key concepts and are not only useful for individual privacy protection but also to save companies in case of a breach.
3.    Data retention is relevant as well, as it is about cleansing your data sets from unuseful data that, if stolen, can still be harmful for both companies and individuals.

Additionally, another big issue opened by the case regards the reputational damage. The case made it clear that businesses need to be ready and conscious of the messaging they’ll be using when such an event happens.

Finally, Kelly brings up the issue of the need for an Australian privacy and cybersecurity law as it would have helped a lot in avoiding such a breach to happen. There were already some proposals on the table but now the process will be certainly brought up to speed.

To learn this and much more on this case, take your coffee break watching this privacyespresso!