Login
iscover
Professors from a leading Australian university have warned that privacy law and data management legislative strengthening is paramount in protecting citizens from future breaches.
In light of the recent Optus breach, which is estimated to have affected 40 per cent of Australians, Charles Darwin University (CDU) Associate Professor Mamoun Alazab has called for an improvement in the reporting and accountability of the country’s cyber attacks.
He explained that Australia’s Notifiable Data Breach (NDB) scheme, introduced in 2018, is inadequate in assisting individuals who’ve fallen victim to a data breach, as the “burden of proof of harm is on the individual who had their data stolen”.
“The laws need to be strengthened to make business more responsible and accountable,” he said.
Mr Alazab, who claims that cyber security experts at CDU have been warning about the transparency deficiencies for years, added that “it was only a matter of time before we experienced an attack of this size, and it exposed the problems with responsibility and accountability in the cyber security space”.
While the NDB scheme makes it mandatory for a regulated entity to inform the Office of the Australian Information Commissioner and impacted individuals, CDU law lecturer Dr Jenny Ng said that “it remains difficult for the victims of data breaches to establish a successful cause of action in court”.
She detailed that this is “mainly due to the lack of a specific cause of action under Australian law that would allow a person to bring an action for a breach of privacy”.
Associate Professor Alazab outlined several instances in corporate Australia of poor data management and breaches reported under the NDB scheme.
“Cyber threats are increasing at a rapid rate, and they are becoming more sophisticated, so without comprehensive monitoring and policing, it is making people extremely vulnerable,” he said.
“This will not be the last time that Australia’s corporate world will have to face such a large data breach, and it will be judged by its response to it.”
Strengthening data management and privacy laws will increase the accountability of public agencies and businesses in order to, in the words of Professor Alazab, prevent “victims of a data breach [being] responsible for dealing with the consequences”.
Last week’s breach was the second such to be constructed against Optus, with the telecommunications giant previously reported to the NDB in October 2019 after it mistakenly published 50,000 private mobile phone numbers in the White Pages.
CDU’s recommendations follow a report published earlier in the year that found that Australians lost more than $300 million last year to online scams; further to this, in July, the Australian Competition and Consumer Commission (ACCC) released a three-step plan to minimise the cyber security threat.
Moreover, both the Australian Small Business and Family Enterprise Ombudsman and the ACCC have provided additional resources to help mitigate the cyber risk.
Newsletter
