Privateness investigations stemming from the Optus and Medibank knowledge breaches might stretch into 2024, because it emerged they’re simply two of eight open investigations by Australia’s privateness watchdog.
The Workplace of the Australian Data Commissioner has issued notices to supply paperwork to each Optus and Medibank, nonetheless it solely “expects to have acquired all of the core data for consideration and evaluation earlier than the tip of the calendar 12 months.”
“It’s tough to make judgments on how lengthy an investigation will take as there are a variety of variables,” the OAIC mentioned.
The workplace mentioned it had additionally transferred “most” particular person privateness complaints concerning the Optus knowledge breach to the Telecommunications Business Ombudsman (TIO), which might act in an exterior dispute decision capability.
The facility to switch complaints to different our bodies is contained inside part 50 of the Privateness Act.
Up to now, the OAIC has spent $481,000 on “exterior authorized companies and cyber safety consultants” for the Optus investigation, and an extra $112,000 on the Medibank investigation.
Nonetheless, it seems that with the spate of data breaches that impacted Australian organizations within the again half of 2022, that the OAIC has plenty of different breaches beneath lively investigation.
Its most recent statistics release confirmed there have been 5 knowledge breaches over the interval that impacted not less than 1 million folks.
“Along with the Optus and Medibank investigations, the OAIC is investigating the privateness compliance of six entities in relation to knowledge breaches within the well being, finance, telecommunications and never for revenue sectors,” the workplace mentioned, with out naming all the events.

