Government Review of Data Retention Laws Faces Complexity and Scope Challenges
The Australian government’s review of data retention laws is proving challenging due to unclear, outdated, and conflicting obligations. Peter Anstee from Home Affairs explained at the AISA Melbourne CyberCon that the process involves mapping all Commonwealth requirements and evaluating whether rationalisation is feasible, particularly in regulated sectors like healthcare and finance. The review aims to address issues exposed by incidents like the Optus data breach.
Strengthening Digital Resilience
Anstee also highlighted digital supply chain vulnerabilities, referencing the CrowdStrike incident that disrupted Windows machines. The government is working with industry to map dependencies in critical infrastructure sectors and improve visibility of global supply chains, guided by the Security of Critical Infrastructure Act.
A New Cybersecurity Framework
Australia’s first cybersecurity law offers a framework for addressing evolving threats. Initial requirements focus on transparency, such as disclosing ransomware payments, with the government prioritising collaboration over penalties. Anstee stressed the importance of adaptable policies to strengthen the nation’s cybersecurity resilience.