If the privacy commissioner prosecutes Optus’ handling of customer data to the full extent of her powers, it could be enough to sink the telco.

The privacy commissioner will seek civil penalties of “up to $2.2 million for each contravention”, according to a statement released this morning by Commissioner Angelene Falk.

The Office of the Australian Information Commission will investigate the telco’s breach, in conjunction with Australian Communications Media Authority.

“The OAIC’s investigation will focus on whether the Optus companies took reasonable steps to protect the personal information they held from misuse, interference, loss, unauthorised access, modification or disclosure, and whether the information collected and retained was necessary to carry out their business,” the statement read.

“The investigation will also consider whether the Optus companies took reasonable steps to implement practices, procedures and systems to ensure compliance with the Australian Privacy principles (APPs), including enabling them to deal with related inquiries or complaints.”

ACMA chair Nerida O’Loughlin said they are looking forward to full cooperation from Optus in this investigation

“When customers entrust their personal information to their telecommunications provider, they rightly expect that information will be properly safeguarded. Failure to do this has significant consequences for all involved,” O’Loughlin said.

“All telcos have obligations regarding how they acquire, retain, protect and dispose of the personal information of their customers. A key focus for the ACMA will be Optus’ compliance with these obligations.”