Senate debates

Wednesday, 28 September 2022

Questions without Notice

Cybersecurity

2:29 pm

Photo of Malcolm RobertsMalcolm Roberts (Queensland, Pauline Hanson's One Nation Party) Share this | | Hansard source

My question is to the Minister representing the Minister for Cyber Security, Minister Watt. The Optus data breach has resulted in the personal details of millions of Australians being exposed and some of that data being made available online. The Privacy Act 1988 requires Optus to lodge a notifiable data breach report with the Office of the Information Commissioner. Minister, please advise if Optus has met this legal requirement and provided the appropriate documentation to the Office of the Information Commissioner and, from that, please advise the Senate how many Australians had their private data breached? I understand it is almost 10 million people.

2:30 pm

Photo of Murray WattMurray Watt (Queensland, Australian Labor Party, Minister for Agriculture, Fisheries and Forestry) Share this | | Hansard source

Thank you, Senator Roberts, for a really important question about something that has concerned all Australians. I will have to come back to you on notice with the answers to your specific questions. You have sought some particular figures there that I don't have ready to hand; although I, like you, have certainly heard the reports of the number of Australians being affected to be in the vicinity of nine or 10 million but I want to make sure I give you accurate formation about that.

But I think what we can all agree on is that Optus's handling of this matter has been very unsatisfactory, from the issues around its initial disclosure of this data breach to, frankly, it's communication with the Australian public and the government about this issue and what it's doing to fix it. So your initial question about whether it complied with one of its obligations, again, I will need to come back to you on notice and I will do that as quickly as I can. But if its track record over the last few days is any indication then I do have concerns about Optus's compliance with its obligations under the law. Again, I am happy to come back to you with specific answers.

Photo of Sue LinesSue Lines (President) Share this | | Hansard source

Senator Roberts, a first supplementary?

2:31 pm

Photo of Malcolm RobertsMalcolm Roberts (Queensland, Pauline Hanson's One Nation Party) Share this | | Hansard source

Unconfirmed reports indicate that it was not sophisticated hackers who hacked this data; rather, the Optus data sharing application programming interface, API, was used to obtain the huge amounts of data using an exploit that has been in place for five years. Minister, is an investigation underway to enforce the provisions of section 13G of the Privacy Act, including penalties? And is the maximum penalty of $660,000 enough for a disgusting example of corporate malfeasance?

Photo of Murray WattMurray Watt (Queensland, Australian Labor Party, Minister for Agriculture, Fisheries and Forestry) Share this | | Hansard source

Thank you, Senator Roberts. Again, what I can tell you is the matter is being investigated through a variety of channels. There are issues to do with potential privacy legislation breaches. You probably saw that the FBI is now involved in investigating this matter in addition to a range of Australian authorities. I will come back to you with a specific answer on the particular type of investigation you are asking about.

On the matter of penalties, not only are members of the government on the record saying penalties are insufficient but even members of the former government were on the record. The very ministers who had responsibility for cybersecurity in the former government were on the record saying penalties were too low and, despite being in government, they did nothing to fix this problem. Former Attorney-General Christian Porter back in 2019 admitted penalties were too low, three more years went by, nothing happened and here we are.

Photo of Sue LinesSue Lines (President) Share this | | Hansard source

Senator Roberts, a second supplementary?

2:32 pm

Photo of Malcolm RobertsMalcolm Roberts (Queensland, Pauline Hanson's One Nation Party) Share this | | Hansard source

The previous government circulated legislation for a trusted digital identity bill that watered down privacy provisions and these are now clearly not sufficient to protect Australians. Is the government going to introduce a digital identity bill and, if so, please explain the logic of putting all the data known about every Australian, including web surfing and social media posts, purchase history, financial history, health data, travel and associations with others, in one datafile and to make that available to companies like Optus?

Photo of Penny WongPenny Wong (SA, Australian Labor Party, Minister for Foreign Affairs) Share this | | Hansard source

I rise on a point of order. I understand Senator Watt will seek to respond to you, Senator Roberts, but I would indicate that I don't think that's a supplementary question. I think you have also switched portfolios because, in relation to government digital identification, it would be Senator Gallagher, but we will seek to assist as much as we are able.

2:33 pm

Photo of Murray WattMurray Watt (Queensland, Australian Labor Party, Minister for Agriculture, Fisheries and Forestry) Share this | | Hansard source

T (—) (): Thanks again, Senator Roberts. Senator Gallagher, as Senator Wong has indicated, is the responsible minister here. Senator Gallagher has informed me that this is a priority issue being considered by state, territory and Commonwealth ministers responsible for data management within government and it is intended that they will discuss this matter at a forthcoming meeting of the ministerial council.

More broadly, not only is our government investigating these matters very seriously but we have already commenced a range of reviews around the Privacy Act, cybersecurity. Those reviews commenced before this latest incident, and, frankly, the fact this incident has occurred indicates that our laws do need a massive overhaul and were left neglected by the former government. We take these issues very seriously. We are not going to dither, like the former government did and we're not going to leave Australians exposed in the way that the former government did.