Optus data breach: update for APRA-regulated entities following Federal Government’s announcement of planned changes to the Telecommunications Regulations 2021
APRA is working in close collaboration with the Federal Government, peer regulators and other relevant bodies to facilitate closer coordination and a controlled process of data sharing between Optus and APRA-regulated entities. This move follows the of planned changes to the Telecommunications Regulations 2021, which is intended to provide greater protection to Australians following the recent Optus data breach.
Key points:
- Any data shared can only be used for the purposes of implementing enhanced monitoring and safeguards for customers affected by the data breach.
- All APRA-regulated financial institutions, excluding branches of foreign banks, would be eligible to receive the data should they choose to.
- To opt in, entities will be required to provide written attestation to APRA Prudential Standard CPS 234 Information Security, in the context of accessing data from Optus associated with the recent breach.
- Entities will also need to provide written commitments to ACCC that they will comply with Privacy Act obligations.
- APRA, ACCC and relevant bodies are working closely to coordinate required steps.
- Once an entity has complied with these requests, it would work with Optus to facilitate access to the data.
/Public Release. View in full .