29 September 2022
ACS, the professional association for Australia’s technology sector, has welcomed recent statements from the Prime Minister and Minister for Cyber Security, Claire O’Neil, on the need for revising privacy and cybersecurity laws.
The association representing over 35,000 Australian workers, sees the current focus on privacy and security as an opportunity to modernise the legal frameworks governing the technology sector.
“ACS welcomes the government’s call for reform of the nation’s cybersecurity and privacy regulation in response to the Optus data breach,” says Chief Executive Officer Chris Vein.
“Over the past decade we have seen a range of security, data retention, money laundering and privacy legislation to address various problems with little co-ordination between those laws.
“As a consequence, it has been difficult for organisation and technology professionals to follow best practice data management while complying with a myriad of conflicting legislation.
“ACS sees a review in light of the Optus breach as an opportunity to modernise Australia’s technology legislation framework with an aim of protecting all Australians while enabling the nation’s digital champions to compete globally.”
Chair of the ACS Cyber Security Committee, Louay Ghashash, says any review must look at enforcing security best practices with substantial penalties for organisations that fail to do so.
“What is the minimum standard for any Australian company to keep their customer data secure?” says Mr Ghashash. “Unfortunately, there isn’t a comprehensive and unified standard across the businesses that we can rely on to ensure companies have a good security control.
“There should be a push from government to establish minimum standard best practice and require companies handling and dealing with sensitive data to implement; but this is a complex task, it will cause a huge burden on smaller companies to implement and comply, therefore this must be done using a consultative approach.
“The standard must be comprehensive enough to cover various type of threats and malicious act, including companies’ internal staff behaviour and data handling. For instance, take Australian Cyber Security Centre’s Essential Eight requirements, Optus’ breach would probably still have happened even if they had implemented it, as Essential 8 requirements’ focus on malware and ransomware attack and don’t cover handling sensitive data or exposing it the internet.”
“Additionally, we also have to consider the regulatory burden on companies where they are required to store vast amounts of personal and sensitive data to validate and identify customers in order to comply with legislation.
“There has been for years now payment gateway companies to relief the burden of companies storing customer credit cards and replace it with token ‘tokenised payment gateways’, we should think of adopting similar identity gateway to stop companies from storing personal data and replace it with a token
“Rethinking legislative data collection requirements along with how that information is stored and handled would help reduce the risks of future events on the scale of what has happened to Optus.
“Finally, the financial penalties of companies mishandling users’ personal data should be High, prohibitive and commensurate with the size of the breach.”
ACS is keen to work with the key ministers in the cybersecurity, technology and telecommunications space to ensure we get the best results for all Australians, said Mr Vein: “We look forward to working with the Albanese government, particularly Ministers Gallagher, Rowland and Husic in developing a legal framework that meets the demands of the 21st century’s digital economy.”
Director of Corporate Affairs and Public Policy
M – 0417 173 740
E – [email protected]
ACS is the voice of Australia’s technology sector, representing over 35,000 technology professionals across all industries and across the nation.
Our members work in industry, education, government, and the community delivering the digital services that drive the nation and provide the high-skilled jobs of today and tomorrow.
ACS works to grow the technology sector while making sure IT professionals act ethically, responsibly, and in keeping with the best interests of not only their employers, but the wider community.
Through our network of branches in every state and Territory, our innovation labs, education programs and our history of over fifty years, ACS works to help all Australians be part of the nation’s highest growth sector. Visit www.acs.org.au for more information.