APRA facilitating action to protect Optus customers
The Australian Prudential Regulation Authority (APRA) says it is working with the Federal Government, and peer regulators on a regulatory change aimed at protecting financial services customers affected by the Optus data breach.
The Government is amending regulations in the wake of the breach so telecommunications companies can temporarily share the relevant identifier information such as drivers licence, Medicare and passport numbers with financial services firms.
“The proposed regulations have been carefully designed with strong privacy and security safeguards to ensure that only limited information can be made available for designated purposes,” Communications Minister Michelle Rowland said.
“This will enable Optus, the financial services sector and relevant agencies to work together more effectively, to implement enhanced monitoring and safeguards to protect customers affected by the breach.”
APRA says data shared can only be used for enhanced monitoring and safeguards for the affected customers and requirements include that entities provide written commitments to the Australian Competition and Consumer Commission (ACCC) that they will comply with Privacy Act obligations.
All APRA-regulated financial institutions, excluding branches of foreign banks, would be eligible to receive the data should they choose to opt in, subject to the conditions.
“APRA, ACCC and relevant bodies are working closely to coordinate required steps,” an announcement says.