The Times Australia
The Times World News

.

regulatory changes announced, but legislative reform still needed

  • Written by Brendan Walker-Munro, Senior Research Fellow, The University of Queensland
regulatory changes announced, but legislative reform still needed

In response to Australia’s biggest ever data breach, the federal government will temporarily suspend regulations[1] that stop telcos sharing customer information with third parties.

It’s a necessary step to deal with the threat of identify theft faced by 10 million current and former Optus customers. It will allow Optus to work with banks and government agencies to detect and prevent the fraudulent use of their data.

But it’s still only a remedial measure, intended to be in place for 12 months. More substantive reform is needed to tighten Australia’s loose approach to data privacy and protection.

Read more: A class action against Optus could easily be Australia's biggest: here's what is involved[2]

Changing regulations, not legislation

The changes – announced[3] by Treasurer Jim Chalmers and Federal Communications Minister Michelle Rowland – involve amending the Telecommunications Regulation 2021[4].

This a piece of “subordinate” or “delegated law[5]” to the Telecommunications Act 1997[6]. Amending the act itself would require a vote of parliament. Regulations can be amended at the government’s discretion.

Man pointing while speaking
Treasurer Jim Chalmers has announced new measures to allow banks to help detect fraud against Optus customers. Lukas Coch/AAP Image

Under the Telecommunications Act it is a criminal offence for telcos to share information about “the affairs or personal particulars of another person”.

The only exceptions are sharing information with the National Relay Service[7] (which enables those with hearing or speech disabilities to communicate by phone), to “authorised research entities” such as universities, public health agencies or electoral commissions, or to police and intelligence agencies with a warrant[8].

That means Optus can’t tell banks or even government agencies set up to prevent identity fraud, such as the little-known Australian Financial Crime Exchange[9], who the affected customers are.

Important safeguards

The government says the changes will only allow the sharing of “approved government identifier information[10]” – driver’s licences, Medicare and passport numbers.

This information can only be shared with government agencies or financial institutions regulated by[11] the Australian Prudential Regulatory Authority. This means Optus (or any other telco) won’t be able to share information with the Australian branches of foreign banks.

Man and woman speaking at podium
The government’s new measures are intended to last 12 months, but longer-term reform is needed. Lukas Coch/AAP Image

Financial institutions will also have to meet strict requirements about secure methods for transferring and storing personal information shared with them, and make undertakings to the Australian Competition and Consumer Commission (which can be enforced in court[12]).

The information can be shared only “for the sole purposes of preventing or responding to cybersecurity incidents, fraud, scam activity or identify theft”. Any entity receiving information must destroy it after using it for this purpose.

These are incredibly important safeguards given the current lack of limits on how long companies can keep identity data.

Read more: Optus says it needed to keep identity data for six years. But did it really?[13]

What is needed now

Although temporary, these changes could be a game changer. For the next 12 months, at least, Optus (and possibly other telcos) will be able to proactively share customer information with banks to prevent cybersecurity, fraud, scams and identity theft.

It could potentially enable a crackdown on scams that affect both banks and telcos – such as fraudulent texts and phone calls[14].

But this does not nullify the need for a larger legislative reform agenda.

Australia’s data privacy laws and regulations should put limits on how much data companies can collect, or for how long they can keep that information. Without limits, companies will continue to collect and store much more personal information than they need[15].

Read more: What do TikTok, Bunnings, eBay and Netflix have in common? They’re all hyper-collectors[16]

This will require amending the federal Privacy Act – subject to a government review[17] now nearing three years in length. There should be limits on what data companies can retain, and how long, as well as bigger penalties for non-compliance.

We all need to take data privacy more seriously.

References

  1. ^ temporarily suspend regulations (ministers.treasury.gov.au)
  2. ^ A class action against Optus could easily be Australia's biggest: here's what is involved (theconversation.com)
  3. ^ announced (ministers.treasury.gov.au)
  4. ^ Telecommunications Regulation 2021 (www.legislation.gov.au)
  5. ^ delegated law (peo.gov.au)
  6. ^ Telecommunications Act 1997 (www.legislation.gov.au)
  7. ^ National Relay Service (www.infrastructure.gov.au)
  8. ^ with a warrant (www.homeaffairs.gov.au)
  9. ^ Australian Financial Crime Exchange (www.afr.com)
  10. ^ approved government identifier information (ministers.treasury.gov.au)
  11. ^ regulated by (www.apra.gov.au)
  12. ^ which can be enforced in court (www.accc.gov.au)
  13. ^ Optus says it needed to keep identity data for six years. But did it really? (theconversation.com)
  14. ^ fraudulent texts and phone calls (www.ato.gov.au)
  15. ^ than they need (theconversation.com)
  16. ^ What do TikTok, Bunnings, eBay and Netflix have in common? They’re all hyper-collectors (theconversation.com)
  17. ^ government review (www.ag.gov.au)

Read more https://theconversation.com/optus-data-breach-regulatory-changes-announced-but-legislative-reform-still-needed-192009

Times Magazine

Building an AI-First Culture in Your Company

AI isn't just something to think about anymore - it's becoming part of how we live and work, whether we like it or not. At the office, it definitely helps us move faster. But here's the thing: just using tools like ChatGPT or plugging AI into your wo...

Data Management Isn't Just About Tech—Here’s Why It’s a Human Problem Too

Photo by Kevin Kuby Manuel O. Diaz Jr.We live in a world drowning in data. Every click, swipe, medical scan, and financial transaction generates information, so much that managing it all has become one of the biggest challenges of our digital age. Bu...

Headless CMS in Digital Twins and 3D Product Experiences

Image by freepik As the metaverse becomes more advanced and accessible, it's clear that multiple sectors will use digital twins and 3D product experiences to visualize, connect, and streamline efforts better. A digital twin is a virtual replica of ...

The Decline of Hyper-Casual: How Mid-Core Mobile Games Took Over in 2025

In recent years, the mobile gaming landscape has undergone a significant transformation, with mid-core mobile games emerging as the dominant force in app stores by 2025. This shift is underpinned by changing user habits and evolving monetization tr...

Understanding ITIL 4 and PRINCE2 Project Management Synergy

Key Highlights ITIL 4 focuses on IT service management, emphasising continual improvement and value creation through modern digital transformation approaches. PRINCE2 project management supports systematic planning and execution of projects wit...

What AI Adoption Means for the Future of Workplace Risk Management

Image by freepik As industrial operations become more complex and fast-paced, the risks faced by workers and employers alike continue to grow. Traditional safety models—reliant on manual oversight, reactive investigations, and standardised checklist...

The Times Features

Is our mental health determined by where we live – or is it the other way round? New research sheds more light

Ever felt like where you live is having an impact on your mental health? Turns out, you’re not imagining things. Our new analysis[1] of eight years of data from the New Zeal...

Going Off the Beaten Path? Here's How to Power Up Without the Grid

There’s something incredibly freeing about heading off the beaten path. No traffic, no crowded campsites, no glowing screens in every direction — just you, the landscape, and the...

West HQ is bringing in a season of culinary celebration this July

Western Sydney’s leading entertainment and lifestyle precinct is bringing the fire this July and not just in the kitchen. From $29 lobster feasts and award-winning Asian banque...

What Endo Took and What It Gave Me

From pain to purpose: how one woman turned endometriosis into a movement After years of misdiagnosis, hormone chaos, and major surgery, Jo Barry was done being dismissed. What beg...

Why Parents Must Break the Silence on Money and Start Teaching Financial Skills at Home

Australia’s financial literacy rates are in decline, and our kids are paying the price. Certified Money Coach and Financial Educator Sandra McGuire, who has over 20 years’ exp...

Australia’s Grill’d Transforms Operations with Qlik

Boosting Burgers and Business Clean, connected data powers real-time insights, smarter staffing, and standout customer experiences Sydney, Australia, 14 July 2025 – Qlik®, a g...