Data breaches are a global phenomenon. The biggest breaches can be hugely impactful, with significant repercussions for the organization, the consumers whose data was comprised, and the industry as a whole.
Australia recently saw two of the biggest data breaches in its history, and the impact from both is already being felt. The breaches involved telco Optus and health insurer Medibank Private, and both saw the sensitive data of millions of customers stolen.
There are sweeping changes afoot, with Attorney General Mark Dreyfus stating that Australia needs “better laws to regulate how companies manage the huge amount of data they collect, and bigger penalties to incentivize better behavior.” What do these changes mean for businesses, and how can the GoAnywhere Managed File Transfer (MFT) solution help organizations with compliance requirements?
Australian Data Breaches
The recent Australian data breaches were two of the biggest the country has ever seen. Optus is Australia’s second-largest telecommunications provider, and its data breach saw about 10 million customers - about 40% of the population - have personal data stolen in the September 2022 attack. This included names, birthdates, home addresses, phone and email contacts, and passport and driving license numbers.
Those whose passport or license numbers were taken - roughly 2.8 million people – were said to be at significant risk of identity theft and fraud, and the incident raised serious questions about how Australia manages data and privacy. Optus has earmarked AU$140 million to cover the costs of managing the aftermath of the breach, according to a statement by its parent company Singtel.
The second data breach involved health insurer Medibank Private and was arguably even more severe. Around 10 million Australians had their personal data breached after the credentials of a staff member with high-level access to Medibank systems were obtained and sold to hackers on a Russian cybercriminal forum.
The group has since released highly sensitive customer data on a dark web blog linked to the REVil Russian ransomware group. Thousands of lawsuits could arise from the breach, and the impact on users could be unheard of in its severity, with the breach including those affected by domestic violence having their addresses compromised.
Legislative Changes – Australian Privacy Act 1988
These breaches have led to substantial proposed changes to the existing data privacy regulations, the Australian Privacy Act of 1988. Given that the act was published more than 30 years ago and pre-dates the internet and subsequent explosion in the volume of consumer data, the changes were long overdue.
The updates are being driven by Mark Dreyfus, who proposed the Privacy Legislation Amendment (Enforcement and Other Measures) Bill in Parliament in October 2022. The Privacy Act 1988 had a maximum financial penalty of just AU$2.22 million; under the new bill, the penalty will increase significantly.
Organizations will pay whichever is greater - an AU$50 million fine (which is about $33.7 million USD), three times the value of any benefit obtained through the misuse of information, or 30% of a company's adjusted turnover in the period relating to the breach. This feels more in line with penalties for non-compliance with other international data privacy legislation, such as the EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). It means organizations will have to treat data with more care and protection than they have been.
GoAnywhere and Australian Data Privacy Compliance
GoAnywhere MFT treats international compliance legislation with the utmost seriousness. Hundreds of organizations already use it in Australia to help manage data privacy compliance. It remains true that many more people now work from home or remotely, and employees share more files and documents than they have ever done, both inside and outside the organization.
This makes keeping data protected an enormous challenge. Achieving compliance with any legislation will always need a holistic view of an organization's data and a plan as to how best to manage it. GoAnywhere lets an organization secure its files and transmit data using the very latest security standards, making it much easier to comply with regulations and frameworks.
It has a full suite of features designed to keep data safe and secure, from auditing and reporting to authentication and encryption. Although each compliance legislation has nuances and unique requirements, GoAnywhere is used to help organizations with nearly all of these in different countries worldwide.
Download GoAnywhere Trial
Whatever the specific compliance requirements you have, let us know what you need to do, and we can discuss how GoAnywhere can help. Download a free 30-day trial and see for yourself how GoAnywhere addresses compliance issues and keeps data secure