The Optus data breach has captured national attention and this breach has been quickly followed by those at Medibank and Woolworths MyDeal. There is a lot of news as the fallout continues daily, whilst providing political point scoring at every level of government.
This month’s Ignition, while focused on the breach, intends to dial down the emotionally charged language. We believe that data provides a great opportunity to enable people and as shared through previous Ignitions – is fast providing businesses with competitive advantage. The recent data breaches give us an opportunity to understand and address the risks of data, to avoid putting customers at risk, and the ensuing PR nightmare.
Please see my perspective below, and some of selected news items used as reference.
The Optus data breach has been well publicised since it occurred on September 22nd. And the fallout continues for the organisation and its customers. This extremely challenging time for Optus employees and the people impacted by the data breach provides Australian businesses and Australian consumers with a great learning opportunity going forwards.
- Interpret policy to define privacy and retention obligations
- Quantify the risk of data breaches versus the benefits of keeping it
- Don’t confuse Information, data, and document policies
- Don’t confuse data archiving with data deletion
- Monitor data access as well as data storage
- Learn from PCI-DSS
- Assign clear accountabilities
- OAIC and ACMA investigate Optus breach, putting telco in line to pay billions in compensation (SmartCompany | 12 Oct): There's something about data breaches that riles up all sides. Media pile on, customer backlash and legal feasting. There's blood in the water - it's past time to take action on preventing cuts.
- Voters back tougher privacy rules, penalties to protect personal data (Sydney Morning Herald | 12 Oct): Positive here is that with all this national attention, Australian's should become more vigilant against scams. But with this vigilance, so will be the retribution for future data breaches. 77 per cent of voters surveyed support stronger privacy rules.
- Corporate Australia rushes to check its data hoards after Optus mess (AFR | 11 Oct): Businesses must reflect on why they are collecting data in the first place. Start with what they want to ask of their data to inform business strategy, to provide better products and services. Then work out which private customer data is required.
- Class action firm files claim against Optus (Sydney Morning Herald | 7 Oct): A test for privacy laws that all businesses must pay attention to. While Australia, currently, doesn't allow people to sue directly for privacy breaches, the argument here is negligence - a failure to "take reasonable steps to protect personal information... from misuse, interference and loss, and from unauthorised access, modification or disclosure."
- Government considers centralising digital ID verification on myGov in wake of Optus breach (The Guardian | 7 Oct): A serious rethink of digital ID verification is on the cards. Questions should be asked if it is even needed at all, let alone will it ever take off, given the concerns covered in this article around the data collected beyond ID documents.
- Optus to cover passport renewal costs after massive data breach (7 News | 1 Oct): How severe will the cost be here? Optus has indicated more than 10,000 customers had identity documents released, including medicare, drivers licenses and passports. The cost for a replacement passport is just shy of $200. Can your business afford this make good, let alone any penalties that may come?
- The Optus hack will cost millions (and not just in payouts) (AFR | 23 Sep): The costs are astronomical. And so is the long-term fallout. How many customers will Optus lose, let alone fail to gain? And for everyone else, how will businesses now approach data collection and use, if the public is now this mindful of their data and now less hesitant to part with it?
See where your data journey takes you with Ignite. We are hiring Cloud Data Engineers - learn more >
Ignition curates the essential data science and analytics news from across the globe, delivered to you, free. Subscribe here.
AI ☁ Digital Transformation ☁ Enterprise IT ☁ SDWAN ☁ Security ☁ NBN ☁ Mobile ☁ Cloud Computing ☁Scalable Infrastructure
2yRaises some good thoughts Harj Chand. If there is one positive out of all of this, its that we all use this as an opportunity to review, learn and improve.