If the privacy commissioner's investigation finds serious or repeated breaches of privacy law,then she can apply to the Federal Court for penalties of up to $2.2 million per issue.
Privacy commissioner Angelene Falk said Optus had co-operated with her preliminary inquiries but that a full investigation would give her the power to compel the production of information and documents. “I’ve decided that a full investigation is warranted because Australians are entitled to know whether Optus had reasonable security safeguards in place to protect their personal information at the time of the breach,” she toldThe Sydney Morning HeraldandThe Age.
Transparency advocates have long argued that Falk’s office is under resourced to assess freedom of information request appeals and carry out complex privacy investigations.
Falk said that she had recommended the government consider models of funding used overseas,such as the one in the United Kingdom where the regulator is paid a small fee by organisations that collect personal data,to ensure her office has the appropriate resources to regulate the digital economy.
Meanwhile,ACMA’s investigation will focus on whether Optus has complied with its obligations as a licensed telecommunications firm,including its obligations around data storage and fraud protection.
“When customers entrust their personal information to their telecommunications provider,they rightly expect that information will be properly safeguarded,” ACMA chair Nerida O’Loughlin said. “Failure to do this has significant consequences for all involved.”