The Office of Australian Information Commissioner (OAIC) says “Don’t overdo it”, cautioning organisations against the excessive collection of personal information from customers.
The national regulator for privacy is issuing a call to go "back to basics" and revisit the fundamentals of what it takes to protect privacy leading up to its privacy awareness week in May.
This recommendation comes in the wake of Australia's biggest confirmed data breach, which impacted almost 14 million Australians and New Zealanders and involved sensitive details such as full names, addresses, phone numbers and dates of birth.
Don’t overdo it. Over-collection of personal information increases risk for your organisation in the event of a data breach. Holding onto personal information you don’t need can also undermine customer trust. pic.twitter.com/ofNQDdLZxl— OAIC (@OAICgov) April 11, 2023
Back to basics
On the OAIC website, Australian Information Commissioner Angelene Falk said: “In Privacy Awareness Week this year we are encouraging everyone to check they have covered the basics.
“Once upon a time, the basics were just that – straight-forward.
“We could tell children not to give their information to strangers.
“Documents could be stamped ‘confidential’ or ‘private’ and kept in a locked cupboard, with restricted access by approved staff.
“If you provided your information to a company to access a service, there was a limit to how far it would go, and who would see it.
“Now it can go all around the world in seconds.
“But while the world may have changed, the same basic principles apply.
As we lead up to #PrivacyAwarenessWeek, we’re issuing a call to go ‘back to basics’ and revisit the fundamentals of what it takes to protect privacy – whether it’s your own or someone else’s. Visit our Privacy 101 website to find out more: https://t.co/emOUGbOyhw #PAW2023 pic.twitter.com/8jYizOsSYj— OAIC (@OAICgov) March 24, 2023
War-gaming exercises
The news comes at a time when Australian Home Affairs Minister Clare O’Neil is proposing a series of ‘war-gaming exercises’ to evaluate the cyber readiness of banks and financial institutions.
She said that the recent attacks on Optus, Medibank and Latitude Financial were just the tip of the iceberg when it came to damaging cyberattacks.
She added that the government was preparing for more profound breaches that could potentially disrupt critical infrastructure assets such as the water supply and electricity grid.
These exercises will evaluate their ability to respond to attacks that could potentially disrupt the lives of millions of Australians.