Australia proposed an overhaul of consumer privacy rules that will help facilitate targeted data sharing between telecommunication firms and banks following a massive data breach at Optus, the nation’s second-largest mobile operator.
Last month’s cyberattack on Optus, owned by Singapore Telecommunications Ltd (Singtel), was one of Australia’s most significant data breaches and compromised the data of almost 10 million customers including home addresses, passport numbers, and driver’s licenses.
The changes will enable telcos to share government-issued identification documents with banks to permit them to implement enhanced monitoring for customers impacted by data breaches.
The Australian government will recommend to the governor-general to amend the privacy regulations, the nation’s Treasurer Jim Chamlers said.
The proposed changes will also allow for increased fraud detection in the broader financial services sector through existing industry mechanisms to report fraudulent transactions, like fraud information exchanges.
Chalmers said the government would not disclose financial institutions that receive the data from Optus due to data security reasons.
The banks are obligated to destroy the received information when it has served its purpose and can only be used for the sole purpose of preventing or responding to cyber security incidents, scam activity, fraud, or identity theft, the treasurer said.
The country’s telecommunications, government, and financial sectors have been on high alert since the cyberattack at Optus and had flagged changes to privacy rules to aid banks to take immediate actions to prevent fraudulent transactions.