undefined | Better HN

0 pointsAerroon3y ago0 comments

And this is why they should be made to pay for it.

Companies should only collect data that they really need. One way to encourage this behavior is to punish them when a breach happens based on the amount of data they collect.

A data breach on a service that only has an email address on it matters a lot less to me than one that has my name, phone, address or picture of my id.

0 comments

3 comments · 1 top-level

ecdavis3y ago· 2 in thread

> Companies should only collect data that they really need.

Collecting and keeping this data is a regulatory requirement for Optus.

The problems with this breach have their roots in how identity is proven and verified in Australia. Far too much relies on possession of a physical document.

collegeburner3y ago

in America i usually prove identity for postpaid services with something like a utility bill which is at least not a government id document. i understand a telco wants some identity before extending credit for any postpaid plan but can y'all not do the same?

ecdavis3y ago

You can see Optus' ID requirements here: https://www.optus.com.au/for-you/support/answer?id=9438

Here are the ID requirements for their major competitor, Telstra: https://www.telstra.com.au/support/account-payment/id-check-...

These are legislated: https://www.legislation.gov.au/Details/F2022L00548

j / k navigate · click thread line to collapse