Home » Tech Translated — IT Blog for Australian Businesses | All IT Services » Optus breached the Privacy Act over old data. Wealth firms, take note
Abstract teal document and lock graphic on dark navy background with DATA PRIVACY label
By — Head of Relationships |

The Office of the Australian Information Commissioner has found that Optus breached the Privacy Act by failing to take reasonable steps to protect customers’ personal information. Privacy Commissioner Carly Kind ruled that Optus contravened Australian Privacy Principle (APP) 11.1 after roughly 51,000 customers had their unlisted phone numbers published in the White Pages between 2015 and 2019, as reported by iTnews. Optus argued it didn’t really hold the data and that the errors were small in scale. The Commissioner rejected both arguments.

Here’s why this should land for anyone running a financial advice or wealth management firm. APP 11 isn’t about fending off hackers — it’s about taking reasonable steps. Optus wasn’t pinged for a dramatic breach; it was pinged for process gaps and reconciliation failures that went unaddressed for years, and for assuming another party would handle the data. Wealth firms hold exactly the kind of sensitive client information — identity documents, account details, beneficiary records — where that same “someone else has it covered” assumption is easy to make and expensive to get wrong.

The stakes have risen, too. The OAIC now has powers to issue infringement and compliance notices that can lead to civil penalties, and a representative complaint run by Maurice Blackburn is seeking compensation for affected Optus customers. The real cost here isn’t a single fine — it’s years of investigation, a public determination with your name on it, and the client trust that goes with it.

The practical takeaway is to map where client data actually flows to third parties — platforms, custodians, paraplanners, CRMs and marketing tools — and confirm who is responsible for protecting it at each handoff. Run periodic reconciliations so stale or incorrect records get caught early, and document the steps you take, because “reasonable steps” is precisely what the regulator looks for. If you’d like a hand reviewing how client data is held and shared across your stack, our financial services IT team does this every day.

Posted in Security

About All IT Services

We’re a leading IT specialist providing premium services and support to businesses across Australia’s eastern seaboard. Our strength lies in our size – big enough to tackle complex projects yet small enough to pick up the phone when you call.  At All IT Services, our approach is refreshingly straightforward - no endless wait times or tech jargon. Just real people with genuine passion and expertise in IT solutions.

CONTACT US