Skip to playerSkip to main contentSkip to footer
ABC NEWS (Australia)
  • yesterday
Personal details from more than 25 million customer accounts have been stolen in just three cyber attacks on Australian corporations. Experts say the fallout from such attacks would be limited by giving people the legal right to force companies to delete unnecessary personal information. Tom Sulston is Head of Policy at Digital Rights Watch. He says there's no official time frame for how long companies hold our data.

Category

📺
TV
Transcript
00:00It's a real mixed bag.
00:05Companies can hang on to customer data for a range of reasons.
00:10Sometimes they're required to.
00:11They're required to hang on to our metadata for at least two years if they're a telco.
00:17They're required to hang on to financial records, kind of ATO and ASIC require financial records
00:22held on to for five years and sometimes longer.
00:26But a lot of data companies will just hang on to for as long as they can because they
00:30can derive some utility from it, so they'll hang on to that data about us for as long
00:35as they're able to.
00:36So there could well be then customer details being held long after that customer has ceased
00:43being a client or doing business with an organisation and having an account with them.
00:48Is that the case?
00:51It's definitely the case that for, you know, for the case of retaining records for financial
00:57purposes, yes, that will be around for a long time.
00:59Certainly a lot of companies, when you kind of stop your relationship with the company,
01:03they won't necessarily delete your data.
01:06They will merely mark you as no longer a customer.
01:08So your data is all still in the system.
01:11You're just flagged as not active.
01:13So you're still there.
01:14They still have all of your data.
01:15So if that's the case, can you ask, request a company to delete your information from
01:21their database as things stand now?
01:23Now, you can ask companies to remove your data from their systems, but it's a request,
01:29not a demand.
01:31Under the Australian privacy principles, you're allowed to get in touch with the company's
01:35privacy officer and say, hey, you've got data on me.
01:38Can I see it?
01:39Can I correct it if it's incorrect?
01:42And if I ask you, can you delete it, please, then it gets a little more complicated and
01:48the company may or may not choose to delete that data.
01:52There are some processes that they go through largely around, are we required to hold it?
01:56What are the costs if we don't?
01:58So you can ask for your data to be removed, but the company doesn't have to say yes.
02:01So do you think it would be a good step forward to make that a legal requirement if a request
02:06is submitted, that a company has to take that information off its files?
02:12Certainly, we think the onus should be on the company to prove why they need to hold
02:16that information and that Australians should be given a lot more power in that conversation
02:21to say, that is my data.
02:23It belongs to me as a human individual.
02:25It doesn't belong to the company.
02:26It's not theirs.
02:28So they get a right to use it while we have a relationship for the purposes of conducting
02:32business.
02:33But once that relationship is over or at my request as an individual, they can't have
02:37that data anymore because it belongs to the individual.
02:39Is the quantity of information companies have on customers or clients an issue as well,
02:46Tom?
02:48Absolutely.
02:48Companies hoover up vast amounts of data about us.
02:53And if you were hanging around in the tech industry a few years ago, you would have heard
02:57people describing data as being the new oil and that companies would rush to gather as much
03:03of it as they can because they could monetize it.
03:05But I think what we're seeing now is that actually data is more like asbestos.
03:09It was useful at the time.
03:11It had a utility for us.
03:14But now it's got problems.
03:16It's pretty poisonous in some ways.
03:18And we have to be really careful of how we handle it.
03:21And so, yeah, companies are gathering lots of data.
03:24There's a risk when they gather that data.
03:25And largely that risk is borne by us as individuals because it's our data about us and our personalities,
03:33our personal demographics.
03:35And that's very hard to change if that gets leaked onto the Internet.
03:39Should the priority, though, still be to tighten security, to stop hackers accessing the information
03:44in the first place rather than getting rid of the information itself?
03:48Information security is incredibly important, and it is a very high priority.
03:55Companies absolutely need to do the right practices to look after the data that they're
04:00holding about us to keep it safe from nefarious people.
04:04But the easiest way to keep information secure is to just not have it in the first place.
04:10And so we can solve a lot of information security problems by reducing the attack surface and reducing
04:16the amount of data that companies hold.
04:18So you're a security expert and you do consultancy work for a tech company.
04:23How do you handle this, Tom?
04:25How do you protect your personal data?
04:27What's your advice?
04:30It's a tricky one because so many companies ask so much of you now, and you cannot just
04:36opt out of society.
04:37You can't just not buy things.
04:40You know, you need to buy things like insurance, and they want to know a lot of information about
04:43you.
04:44So you can't just kind of run into the woods and hide.
04:47But you can be a little more careful.
04:50So making sure you know where your information is going and which companies are handling it.
04:55Making sure that you've got a bit of a handle on the privacy policies of those companies
04:59and what they plan to do with it.
05:02Opting out of kind of data sharing agreements and things that you don't kind of understand.
05:06And you can push back on egregious requests for information that you don't really think
05:13companies will need.
05:14They will ask and ask.
05:16I'm sure many people have that experience of buying something in a shop and being asked
05:19at the checkout for your email address.
05:22They don't need that.
05:23You don't have to give it to them.
05:24You can just buy your things and be on your way.
05:27So it's hard as an individual.
05:29And that's why we really need to invest in some proper society-wide responses to too much
05:36data about us being stored.
05:38Tom Selston, good to talk to you.
05:41Thank you very much.

Recommended

1:32
Up next
Mark Latham denies breaching parliamentary rules, abuse allegations in lengthy statement
ABC NEWS (Australia)
today
1:37
South Australian government calls for Commonwealth to support fishers as algal bloom continues
ABC NEWS (Australia)
today
2:20
Canberra's issue-plagued $1.6 million hybrid electric fire truck is out of action again
ABC NEWS (Australia)
today
4:29
Fears rare pod of Adelaide city dolphins could die out
ABC NEWS (Australia)
today
4:33
Millewa-Malle native title allows First Nations people in Victoria's north-west the right to control access to their land
ABC NEWS (Australia)
today
1:29
Bluey and ABC star Myf Warhurst caught in wild fence stoush with neighbour
Australian Community Media
yesterday
2:29
Data of more than 300k customers stolen in cyber attack
ABC NEWS (Australia)
3/16/2023
0:36
23andMe Hit With Data Deletion Surge After Bankruptcy Filing, Customers Race To Remove DNA Data
Benzinga
3/27/2025
2:00
Airline apologises as it investigates cyber attack affecting millions
ABC NEWS (Australia)
7/3/2025
0:37
Elon Musk's Social Security Number Leaked in Tesla Breach
Benzinga
8/21/2023
0:56
Qantas hit by major cyber attack exposing personal data of six million customers
AlArabiya English
7/2/2025
1:30
Medibank admits personal data of users stolen in cyber attack
ABC NEWS (Australia)
10/21/2022
0:59
Major Data Breach Exposes Social Security Numbers, Financial Records and Much More
Benzinga
5/13/2025
5:42
Six million customer records at risk of data breach
ABC NEWS (Australia)
7/2/2025
1:14
Qantas data breach: six million customers exposed
Australian Community Media
7/2/2025
1:54
Airline apologises as it investigates cyber-attack affecting millions
ABC NEWS (Australia)
7/3/2025
0:48
Massive Data Breach at AT&T Exposes Personal Info of Millions of Customers
Benzinga
4/1/2024
1:14
Six million exposed in Qantas data breach
Australian Community Media
7/2/2025
1:02
Marks and Spencer confirm customers' personal data taken in cyber attack
Bang Tech News
5/18/2025
2:45
Optus hack renews calls for better protection of customers and their personal data
ABC NEWS (Australia)
9/23/2022
0:52
Vans Parent Company VF Corp Shares Plunge 7% as Cyberattack Shakes Market Confidence
Benzinga
12/19/2023
2:13
Throwing Money at Cyber Security Won't Solve the Problem
FORA TV
3/29/2016
1:59
Dark Web: Is your personal information at a risk of cybercrime?
NewsNation
4/17/2020
2:20
Australia launches cyber wargames to prepare for hacks
ABC NEWS (Australia)
4/11/2023
3:20
Bunnings told to destroy 'faceprint' data after landmark ruling on facial recognition use
ABC NEWS (Australia)
11/19/2024