Highlights:
- Australia will soon be amending its Privacy Act as a response to a recent cybercrime.
- Recently, Optus flagged that around 9.8 million personal data of customers were hacked and dumped on the dark web.
- Optus is a leading telecommunication carrier in Australia.
On Thursday (29 September 2022), Mark Dreyfus, the Attorney-General said that Australia must impose new data protection laws in the country as an urgent response to the recent cybercrime, that included stealing around 9.8 million customers' personal data.
He also added that the government should make 'urgent reforms' to the Australian Privacy Act followed by a sudden cyber-attack on one of Australia's largest wireless carrier companies, Optus.
Mark believes that it is possible for the lawmakers of the country to change the law in the remaining four weeks of the scheduled Parliament this year.
Mark Dreyfus, Attorney General, said:

Mark also mentioned that government must raise the penalties for failing to secure the personal information of clients so that companies are not able to manipulate penalties in the name of 'cost of doing business.
In his speech, Mark said that companies must consider these personal data as their liability or a potential liability instead of storing them as an asset. The majority of the companies are storing data as their asset and are used it commercially for a long time now.
Therefore, he stated that the 'absolutely huge amounts of customer data that these companies are storing for years need to be justified under the amended data protection law.
Meanwhile, the Australian government blamed the cyber security law of Optus, Singtel, a subsidiary of Singapore Telecommunication Ltd, for the hacking of Optus' existing and former customers' personal data. These data included confidential information such as passport number, driver's license and national health care identification number.
On the other hand, authorities are critical of Optus' failure to disclose that Medicare numbers were also among the data that were hacked. It was revealed on Tuesday (27 September) when the hacker uploaded around 10,000 customers' data on the dark web, which was six days after the incident.