Privacy commissioner to audit businesses’ data retention schemes

Timothy Pilgrim still waiting to see draft breach notification law

Australia’s privacy commissioner, Timothy Pilgrim, is planning to conduct privacy assessments of organisations that are forced to collect so-called telecommunications ‘metadata’ to comply with the government’s data retention regime.

In remarks prepared for the iappANZ Summit in Melbourne, Pilgrim said that his office plans to assess telcos “to ensure metadata retained to comply with the data retention scheme is adequately protected”.

Pilgrim noted that telecommunications data collected under the data retention regime is deemed personal information under the Privacy Act.

Pilgrim said that he had recently carried out assessments of Australia’s four most largest telcos to test whether they were meeting their obligations when it came to maintaining records of customer data disclosed to law enforcement organisations.

“Our assessment, while generally positive in outcome, has found potential areas of improvement, and I look forward to discussing those publicly in the near future,” Pilgrim said.

In August Pilgrim wrote to telcos reminding them their obligations when it comes to retaining customer information in order to comply with the government's data retention regime.

The Office of the Australian Information Commissioner has produced a guide about privacy obligations relating to data retention.

Pilgrim said he was still waiting for a chance to scrutinise the government’s promised mandatory data breach notification legislation.

The government committed itself to the introduction of a mandatory data breach notification scheme as part of its response to the inquiry into data retention held by the Parliamentary Joint Committee on Intelligence and Security.

“Mandatory data breach notification was one of the privacy protections that the government agreed to introduce as part of the metadata retention scheme that commenced on 13 October this year,” the privacy commissioner said.

“At this time we are awaiting advice from the Government as to when we may see draft legislation,” Pilgrim said.

The government earlier this year said such a scheme would be legislated and come into effect before the end of the year.

Join the Computerworld newsletter!

Error: Please check your email address.

Tags Timothy PilgrimOffice of the Australian Information Commissionerdata retentionprivacydata retention planOAIC

More about iappANZ

Show Comments