Several investigations have been launched into the massive Optus data breach, which compromised the personal details of millions of Australians.
The Office of the Australian Information Commissioner commenced an inquiry on Tuesday.
The agency will examine the personal information handling practices of Optus and its parent company.
Its investigation will focus on whether Optus took reasonable steps to protect the personal details of customers and whether the information collected and retained was necessary to their business.
The inquiry will be co-ordinated with one conducted by the Australian Communications and Media Authority, which will investigate Optus’s obligations regarding customer information as a telecommunications provider.
If the investigation reveals serious or repeated privacy breaches, the commissioner has the power to seek civil penalties through the Federal Court of up to $2.2 million per contravention.
Information and Privacy Commissioner Angelene Falk urged all organisations to review their handling of personal information and data breach response plans.
“Collecting and storing personal information that is not reasonably necessary to your business breaches privacy and creates risk,” she said.
“Only collect what is reasonably necessary.”
The personal details of 10 million Optus customers were exposed in a data breach last month.
The passport, licence and Medicare numbers of hundreds of thousands of customers were exposed in the breach.
The two regulatory investigations will be added to an external review conducted by Deloitte for Optus.
The Australian Federal Police is also running two inquiries into who obtained and attempted to sell the data and protections for more than 10,000 customers who had their records posted online.
The consumer watchdog has been flooded with Optus-related scam complaints following the data breach.
Scammers have been taking advantage of the large-scale data breach and posing as the telecommunications giant or Equifax Protect, the credit reporting agency tasked with supporting victims of the breach.
Australian Competition and Consumer Commission chairwoman Gina Cass-Gottlieb said people were confused about the legitimacy of the communications.
Ms Cass-Gottlieb told a parliamentary committee there had only been a few instances of fraudsters successfully scamming victims out of money by pretending to be from Optus.