EFA Statement on Optus Data Breach

EFA notes with dismay that the recent Optus data breach once again shows that individual action cannot protect us from systemic problems.

Government regulations require Australians to hand over our private information to government departments and private businesses. We are given no choice in the matter.

When those organisations fail to keep our private information secure, we are the ones that suffer. We are the ones that must scramble to determine if we are at risk, often without any help from the people who we were forced to give our information to.

Government advice to update our devices or enable multi-factor authentication does nothing to protect us from organisations that fail to keep our information secure. When hackers make off with a dataset en masse, there is nothing we, individually, can do about it. 

It is time for the people who keep failing to keep our private information safe to take responsibility for their failures. They are to blame, not us.

The Privacy Act must be amended to prevent organisations from collecting and storing information they don’t truly need. There must be penalties for systemic failures to keep our information safe, and they must be enforced. These restrictions and penalties must be particularly strong in cases of collecting and storing personally identifiable information, especially sensitive documents like passports and driver licences that are not easily replaced and pose a significant risk to individuals in case of a data breach. 

There must also be a private right of action, as recommended by the ALRC in 2014 (eight years ago!), because the people who are supposed to be keeping our data safe keep proving they are either unwilling or unable to do so. We have to take matters into our own hands because we cannot rely on the people who claim to “take security seriously”.

It is long past time the Australian government acted to protect our privacy instead of constantly passing laws that require more and more private data to be collected, stored, and inevitably stolen. This is a systemic problem that only they can do something about.

So do it, or get out of the way so that someone else can do the job you refuse to.