Australia flags tough new data protection laws this year

tech.hindustantimes.com:

Australia could have tough new data protection laws in place this year in an urgent response to a cyberattack that stole from a telecommunications company the personal data of 9.8 million customers, the attorney-general said Thursday.

Attorney-General Mark Dreyfus said the government would make “urgent reforms” to the Privacy Act following the unprecedented hack last week on Optus, Australia's second-largest wireless carrier.

Dreyfus said “I think it's possible” for the law to be changed in the four remaining weeks that Parliament is scheduled to sit this year.

"I'm going to be looking very hard over the next four weeks at whether or not we can get reforms to the Privacy Act into the Parliament before the end of the year,” Dreyfus told reporters. Parliament next sits on Oct. 25.

Dreyfus said penalties for failing to protect personal data had to be increased so that corporate boards could not dismiss fines as a “cost of doing business.”

The “absolutely huge amounts” of customer data companies held for years would have to be justified under the amended law, Dreyfus said.

“Companies need to look at data storage not as an asset, but as a liability or a potential liability,” Dreyfus said. “For too long we have had companies solely looking at data as an asset that they can use commercially."

The government blames lax cybersecurity at Optus, a subsidiary of Singapore Telecommunications Ltd., also known as Singtel, for the theft of current and former customers' personal information.

Singtel apologized in a statement issued Wednesday by its management saying, “We are deeply sorry to everyone affected by the data theft.”

“Since the incident, our focus has been on supporting Optus' efforts to help impacted customers and strengthen their