Some telco service providers do not understand what data they are required to retain under the Data Retention Act, which has come into effect today, a Communications Alliance survey has found.
Under provisions of the Act, telcos and ISPs will be mandated to retain a range of customer data for 24 months.
The survey received responses from 63 service providers. It found that 23 were not confident that they understood what data they are required to retain and encrypt or for how long under the new legislation.
A further 19 service providers were only somewhat confident they understood their requirements under the Act.
The survey also found that only 10 out of the 63 service providers were ready to retain and encrypt data as required without needing to submit a data retention implementation plan.
Meanwhile, 58 per cent of most survey respondents said they had lodged a data retention implementation plan.
Fifty eight per cent of providers estimated that their one-off set up costs to comply with the Act would cost between $10,000 and $250,000.
Another 24 per cent of providers said their set up costs would amount to over $250,000.
Sixty-one per cent of service providers had lodged an exemption for some of the retention or encryption requirements. However, only 5 per cent of those exemptions had been approved by the Attorney General’s Department Communications Access Coordinator.
Commenting on the results, Communications Alliance CEO, John Stanton, said this highlighted the magnitude of the challenge ahead for all stakeholders if the industry was to achieve compliance with the new laws.
"It is no surprise that many service providers won't be compliant when the legislation comes into force - many of these because they are still waiting to hear from government as to whether their implementation plans have been approved,” he said.
According to Stanton, all telco service providers are still waiting to hear from government as to how it will apportion the $131.3 million that has been pledged to partially meet set-up costs.
"The government has indicated it will consult with industry in coming weeks on how to apportion the subsidy and this remains an urgent task, as service providers now have to commit to investment decisions without knowing how much of that spending will remain unfunded,” he said.
Stanton said the onus remains on government to work constructively with industry and not rush to enforcement over coming months. This will help providers come into line with what is proving to be “a very challenging and somewhat confusing impost” on the industry.
Internet Australia has asked the federal government to review the Data Retention Act, saying there are security issues and costs that need to be addressed.
According to Internet Australia CEO, Laurie Patton, the data retention implementation process is behind schedule.
“Many ISPs affected by the legislation [are] still struggling to understand their obligations and therefore still compiling their implementation plans,” he said.
The industry body has identified some areas that need examining.
For example, it has suggested that the length of data retention should be reduced from two years to six months.
“This would be more in line with other countries and would lessen the burden on ISPs by reducing the costs of storing vast amounts of data. It would also lesson the risks of security breaches leading to unlawful disclosure of people’s personal and private information,” said Patton.