The recent data breach of Optus customer identity data brings up a lot of questions:
- Why did Optus retain the identity information longer than they were required to?
- Why are the fedeal government requirements for pre-paid mobile phones also used for post-paid telephone (and internet) services? Isn’t this an over reach?
- Should the federal government requirements for establishing identity of purchasers of pre-paid mobile phones (and SIM cards) be changed so that once the identity data has been used for this purpose it is no longer stored - rather like once credit card information is used for transaction it is not stored. Or as this is a government requirement make the government responsible for using the identity data for this purpose, and also for proper disposal & retention of the identity data.
- Does Australia need penalties for companies using information for purposes other than the legislated purpose? For example Qld law says that drivers licence is only to be used to establish ability to drive on public roads (and not for shopping rewards systems, buying a phone, entry to council garbage disposal sites, etc)
