The fallout from a data breach at Optus last month continued to reverberate across Australia, with the Office of the Australian Information Commissioner (OAIC) and the Australian Communications and Media Authority (ACMA) kicking off separate investigations.

OAIC’s review will focus on whether Optus took reasonable steps to protect user data from misuse or disclosure, and to implement practices and systems to ensure compliance with Australian privacy principles.

The regulator also will look at how Optus handled personal information and whether the details collected and held were necessary for its business.

In a statement OAIC explained its probe will be coordinated with ACMA’s investigation into Optus’ obligations as a telecoms service provider, covering the acquisition, authentication, retention, disposal and protection of personal information, and requirements to provide fraud mitigation protections.

The ACMA review will be made public once completed. It is working with OAIC and the Department of Home Affairs.

Last week, the government prepared new regulations to better protect consumers from fraud and Optus appointed Deloitte to independently review its security systems and controls.