Legislative Council: Wednesday, October 19, 2022


Data Protection

The Hon. R.A. SIMMS (14:38): I seek leave to make a brief explanation before addressing a question without notice to the Attorney-General on the topic of data protection.

Leave granted.

The Hon. R.A. SIMMS: Last month, the data breach at Optus left millions of customers vulnerable to scams and identity theft. At a renters' forum I held last month, renters raised concerns about the safety of their data in the wake of the Optus breach. Renters are often required to provide their driver's licence, bank statement, employment history, rental history, passport and the number of their dog's microchip (if indeed they have one). If renters refuse to provide any information the landlord or property manager asks for, they will not be considered for a rental home.

On 4 October, The Guardian Australia reported on this issue and claimed that the culture of data hoarding by the real estate sector undermines the right of privacy and worsens the power imbalances between renters and landlords. My questions to the Attorney-General are:

1. What assurances can the government provide that the personal data of renters is being protected?

2. Will the government be legislating to protect the personal data of renters as part of their review of the Residential Tenancies Act?

The Hon. K.J. MAHER (Minister for Aboriginal Affairs, Attorney-General, Minister for Industrial Relations and Public Sector) (14:39): I thank the honourable member for his question. It is an important one. I think many people have been horrified at what they have seen with the Optus data breach and I know that as a government we have discussed it. I think my colleague the member for West Torrens, the Hon. Tom Koutsantonis, as the Minister for Transport, has put in place people being able to get their licence reissued for free. I think that is a sensible initiative of the government for people who, through no fault of their own, can have their identities compromised, to have a new and different licence to be issued at no cost of their own.

It is an interesting question because, of course, other jurisdictions, most notably European jurisdictions, have, as I understand it, very significant sanctions for data breaches as occurred with Optus. I just don't have the information in front of me, but there are specific instructions and guidelines in terms of data that the government holds and sanctions for that, but in terms of data that private entities—whether they be rental companies, real estate companies or strata corporations—hold, I am happy to look to see what we can do in relation to a review of acts that include rental provisions to see if there is a way to include those in those.