(no title)
ecdavis | 3 years ago
That said, yes: government legislators and regulators have been zealously telling private companies to hoover up sensitive PII for years. Here's ACMA's rules for customer auth for telcos: https://www.acma.gov.au/customer-identity-authentication-rul...
There are efforts underway to enable complying with these rules _without_ hoovering up data, but they are not progressing nearly as fast as they need to.
roenxi|3 years ago
It kind of does. If Optus hires worlds most competent security person, the first comment on this subject would be "there is no commercial or technical upside to storing this data, and massive risks if it leaks. We should delete it immediately".
If the government swoops in and bans them from fixing the problem, it is a bit weird for the government to also penalise them for not fixing the problem. Optus is legally barred from putting an engineering solution in place to remove this risk.
Literally the only two outcomes here for Optus are:
Option 1 - wasted storage fees.
Option 2 - international scandal.
They aren't allowed to pick any other option. It isn't fair to get angry at them for a rather predictable outcome of spreading PII around. Sure with hindsight they could have done a better job of sticking to the first outcome, but seriously if they had the choice it would have been option 3 - take money, ask no questions. Maybe store a credit card number, maybe just use Paypal like a normal merchant.
Dylan16807|3 years ago