Australia: The Optus data breach – an earthquake whose aftermath is still being felt - Bartier Perry

Australia: The Optus data breach – an earthquake whose aftermath is still being felt - Bartier Perry

In the wake of the Optus data breach, amendments to the Telecommunications Regulations 2021 were introduced in October 2022. They enable telcos to disclose certain customer data to financial institutions (generally banks), the Commonwealth, and States and Territories, in order to manage the risks of malicious cyber activities.


Other changes enable telcos to provide government agencies with information to help prevent fraud. The changes will apply for 12 months and will then be reviewed by government, with no parliamentary discussion required.


However, requesting personal information carries additional privacy considerations that government entities need to be aware of.


What can government do under the amendments?


The amendments allow telcos to temporarily share certain government identifier information such as driver licence, Medicare and passport numbers with regulated banks and the Commonwealth and States and Territories. The information may be requested to:


  • prevent a cyber security incident, fraud, scam activity or identity theft

  • respond to a cyber security incident, fraud, scam activity or identity theft

  • respond to the consequences of a cyber security incident, fraud, scam activity or identity theft

  • address malicious cyber activity.

  • The regulations include safeguards to ensure customer information is only made available for the purposes above. In addition, certain security requirements must be met, including that information or documents:


  • must be stored in a manner that prevents unauthorised access, disclosure or loss

  • must be destroyed when no longer required

  • if not required to be destroyed, the entity must review its need to retain the information or document at least once every 12 months.

  • The provisions also allow the government entity requesting the information to share it with an associate (for example, a related company or contractor), ..

    Support the originator by clicking the read the rest link below.