Australian Computer Society
 
 
 
 
 

Australian technology law due for overhaul says ACS

 

Optus breach an opportunity to modernise tech legislation.

 

 

29 September 2022

 

ACS, the professional association for Australia’s technology sector, has welcomed recent statements from the Prime Minister and Minister for Cyber Security, Claire O’Neil, on the need for revising privacy and cybersecurity laws.

 

The association representing over 35,000 Australian workers, sees the current focus on privacy and security as an opportunity to modernise the legal frameworks governing the technology sector.

 

“ACS welcomes the government’s call for reform of the nation’s cybersecurity and privacy regulation in response to the Optus data breach,” says Chief Executive Officer Chris Vein.

 

“Over the past decade we have seen a range of security, data retention, money laundering and privacy legislation to address various problems with little co-ordination between those laws.

 

“As a consequence, it has been difficult for organisation and technology professionals to follow best practice data management while complying with a myriad of conflicting legislation.

 

“ACS sees a review in light of the Optus breach as an opportunity to modernise Australia’s technology legislation framework with an aim of protecting all Australians while enabling the nation’s digital champions to compete globally.”

 

Chair of the ACS Cyber Security Committee, Louay Ghashash, says any review must look at enforcing security best practices with substantial penalties for organisations that fail to do so.

 

“What is the minimum standard for any Australian company to keep their customer data secure?” says Mr Ghashash. “Unfortunately, there isn’t a comprehensive and unified standard across the businesses that we can rely on to ensure companies have a good security control.

 

“There should be a push from government to establish minimum standard best practice and require companies handling and dealing with sensitive data to implement; but this is a complex task, it will cause a huge burden on smaller companies to implement and comply, therefore this must be done using a consultative approach.

 

“The standard must be comprehensive enough to cover various type of threats and malicious act, including companies’ internal staff behaviour and data handling. For instance, take Australian Cyber Security Centre’s Essential Eight requirements, Optus’ breach would probably still have happened even if they had implemented it, as Essential 8 requirements’ focus on malware and ransomware attack and don’t cover handling sensitive data or exposing it the internet.”

 

“Additionally, we also have to consider the regulatory burden on companies where they are required to store vast amounts of personal and sensitive data to validate and identify customers in order to comply with legislation.

 

“There has been for years now payment gateway companies to relief the burden of companies storing customer credit cards and replace it with token ‘tokenised payment gateways’, we should think of adopting similar identity gateway to stop companies from storing personal data and replace it with a token

 

“Rethinking legislative data collection requirements along with how that information is stored and handled would help reduce the risks of future events on the scale of what has happened to Optus.

 

“Finally, the financial penalties of companies mishandling users’ personal data should be High, prohibitive and commensurate with the size of the breach.”

 

ACS is keen to work with the key ministers in the cybersecurity, technology and telecommunications space to ensure we get the best results for all Australians, said Mr Vein: “We look forward to working with the Albanese government, particularly Ministers Gallagher, Rowland and Husic in developing a legal framework that meets the demands of the 21st century’s digital economy.”

 

 

 

-ENDS-

 

 

 

Further information

 

Troy Steer

 

Director of Corporate Affairs and Public Policy

 

M – 0417 173 740

 

E – [email protected]

 

 

About Us

 

ACS is the professional association for Australia’s technology sector and the largest community with 47,000+ members from across business, government and education.

 

ACS champions the technologies, people and skills critical to Australia’s future, creating value for ACS members, the tech sector and society in four ways:

 

Community

 

Our focus is on fostering an innovative and inclusive community that is dedicated to powering positive change through technology.

 

Capability

 

We set the standard for assessing, developing and recognising the skills and experience of technology professionals.

 

Career

 

We create career pathways to guide technology professionals and ensure Australia has a pipeline of talent with the right skills and knowledge.

 

Migration

 

We assess and support skilled technology migrants to address critical skills shortages, improve diversity and enrich Australia’s workforce.

 

Find out more at: acs.org.au