Ordinary Australians remain at risk of data theft through cyber-attack, with warnings that the next strike could come be on a political party.
On the back of this month’s attack on Optus, in which hackers gained access to the private information of thousands of customers, privacy advocates say political parties face the same risk and should have access exemptions revoked.
Advocacy group Digital Rights Watch Australia (DRWA) warns that voter information kept by political parties, which are currently exempted from the Privacy Act, is at risk of a damaging data breach.
In a submission to a parliamentary inquiry into the 2022 federal election, instituted by special minister of state Senator Don Farrell, DRWA recognised a legitimate need for parties to communicate and engage with voters, but called for greater limits.
“It is reasonable and expected for political parties to collect and use personal information of voters for this purpose [political communication] … however, these practices should be subject to the limitations and protections contained in those Acts to ensure that they are lawful, transparent and respectful,” the submission states.
Fears of a serious privacy breach have been heightened by the attack on Optus, but our major political parties have already been the target of an attack.
In February 2019, then Prime Minister Scott Morrison announced that all Australian parties had been the object of an attack by a “sophisticated state actor” in a breach of the Parliament House computer network.
Then Opposition Leader Bill Shorten told parliament that government institutions, such as electoral commissions, were generally well protected, “but our party-political structures perhaps are more vulnerable”.
That is still the case, says DRWA. Parties can currently access voter information via the electoral rolls, with names, addresses, dates of birth and gender among the accessible data.
Ever-more sophisticated technology available to collect voter data increases “the scale and scope by which harm can be caused to everyday Australians through inappropriate or invasive collection, use and disclosure of their personal information”, says DRWA.
The submission said the 2019 attack narrowly avoided a data breach that would have caused “unimaginable damage”.
As part of its submission, one of more than 400 received by the inquiry, DRWA called on political parties to be more responsible in their handling of personal information.
It also said that data collection could result in voter manipulation, misinformation and disinformation. “This stands to weaken our democratic processes and undermine public trust.
“Political parties have a responsibility to exhibit best practices when it comes to handling data ethically, lawfully, and minimising digital technology facilitated harms to Australians.”
Submissions to the parliamentary inquiry closed on 7 October. Associated public hearings took place in Canberra on Monday and Tuesday this week. No date has yet been announced for the publication of the inquiry’s findings.
Have you been the victim of a data breach? Are you concerned by the access political parties have to your private information? Why not share your experience and thoughts in the comments section below?