The federal government has announced its response to record Optus data breach, with changes to the telecommunications laws.
Almost 10 million Optus customers, and former customers, were affected by a data hack last month, with sensitive passport, licence and Medicare details stolen.
Treasurer Jim Chalmers on Thursday announced that the government will change telecommunications regulations that will help enhanced monitoring for people affected by the breach.
Dr Chalmers said the amended legislation would allow drivers licences, and Medicare and passport numbers to be temporarily shared with financial services.
Optus will be also be able to share that sensitive information with Commonwealth, and state and territory agencies to assist in fraud detection.
Dr Chalmers said the changes would help make customers affected by the breach safer from identity theft and fraud.
“Financial institutions can play an important role in targeting their efforts towards protecting customers at greatest risk of fraudulent activity and scams in the wake of the recent Optus breach,” he said.
“These new measures will assist in protecting customers from scams, and in system-wide fraud detection.”
Financial institutions will need to make undertakings in order to receive the data, including to agreeing to destroy the information when it is no longer required and to honour all privacy obligations.
They would only be able to use the data to help protect consumers from fraud as a consequence of the hack.
The Council of Financial Regulators has been asked by the government to identify options to further strengthen the ability of banks to identify at-risk customers.
Dr Chalmers and Communications Minister Michelle Rowland said financial institutions had been proactive in the breach, despite the government previously criticising elements of the Optus response.
Minister for Government Services Bill Shorten last week slammed Optus for a delay in notifying that Medicare numbers had also been caught up in the hack.
Ms Rowland said the legislation changes were designed to maintain the privacy and security of sensitive data.
“The proposed regulations have been carefully designed with strong privacy and security safeguards to ensure that only limited information can be made available for designated purposes,” she said.
The new regulations will remain in place for one year.