A data retention scheme by its very nature would require the collection of large amounts of data, potentially increasing the risk of security breaches that could reveal the personal information of large numbers of Australians, the privacy commissioner has warned.
"At this stage, it is unclear exactly what type of information would be retained," said a statement issued today by the privacy commissioner, Timothy Pilgrim.
"However, there is the potential for the retention of large amounts of data to contain or reveal a great deal of information about people's private lives, and that this data could be considered 'personal information' under the Privacy Act."
"The retention of large amounts of personal information for an extended period of time increases the risk of a data breach. Organisations holding this information need to comply with all their obligations under the Privacy Act, including the requirements to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure."
Representatives of the ISP and telco industries have previously warned that data retention creates security risks by potentially forcing service providers to collect and store large amounts of information they would not otherwise keep.
"Key to this debate will be ensuring the ongoing privacy interests of Australians. It will also be important to consider whether a data retention scheme is effective, proportional, the least privacy invasive option and consistent with community expectations," Pilgrim's statement said.
"Any scheme should also be transparent, accountable and have appropriate independent oversight."