The Optus data breach issues a warning on cyber security complacency
The recent Optus data breach has issued a stern reminder to all owners and operators of critical infrastructure and other Australian organisations of their statutory obligations to protect their consumer’s information.
The cyber-attack on Optus led to the unauthorised release of confidential information of millions of Australians. The attack highlighted the regulations that pertain to Optus and called into question whether they were implemented in their daily practice. The telecommunications company is subject to the Security of Critical Infrastructure Act 2018 (Cth), Telecommunications Sector Security Reforms (TSSR), and the Australian Privacy Principles (APPs), amongst others.
The vast number of regulations applicable to each organisation demonstrates how essential t is to complete consistent due diligence. This attack will likely trigger a regulatory reform, with Federal Government Agencies stating their intention to overhaul data security and privacy laws and the penalties for misconduct.
Poor crypto regulation creating a rise in fraud
Due to minimal regulation and a lack of enforcement, fraud in the crypto industry has continued on an upward trajectory. In the last month, the California Department of Financial Protection and Innovation has issued desist and refrain orders to 11 entities for violating California Security Laws.
Although regulatory progress in the digital assets industry has been slow, momentum is gaining. Senators Kirsten Gillibrand and Cynthia Lummis have co-sponsored a bill to establish clear guidance on digital assets and virtual currencies. The level of cooperation between Republicans and Democrats demonstrates the pressing need for regulation. The bills in discussion are expected to pass in 2023.
The European Gaming and Betting Association issues first-ever self-regulatory guidelines
The European Gaming and Betting Association (EGBA) has issued its ‘guidelines on fighting money laundering and terrorist financing’. The Pan-European self-regulatory standards are issued to online gambling operators and will apply across their entire EU and EEA operations.
The guidelines, intended to complement and strengthen existing AML rules, utilise a risk-based approach and include sector-specific guidance to support high standards of compliance. Practical guidance on issues such as how to conduct customer and business risk assessments is also listed.
The Director of Legal Regulatory Affairs, Dr Ekaterina Hartmann, mentions that there is “very little sector-specific guidance to help operators in their compliance efforts”. To ensure the integrity of these standards, EGBA members will be required to submit yearly feedback reports.