Internet Australia has asked the federal government to review the Data Retention Act which comes into effect on Tuesday, saying there are security issues and costs that need to be addressed.
Under provisions of the Act, telcos and ISPs will be mandated to retain a range of customer data for 24 months.
ISPs who could not comply with the regime by October 13 were asked to submit an implementation plan to the Attorney General’s Department detailing how they intend to become compliant within 18 months.
According to Internet Australia CEO, Laurie Patton, the data retention implementation process is behind schedule.
“Many ISPs affected by the legislation [are] still struggling to understand their obligations and therefore still compiling their implementation plans,” he said.
The industry body has identified some areas that need examining.
The first is that the length of data retention should be reduced from two years to six months.
“This would be more in line with other countries and would lessen the burden on ISPs by reducing the costs of storing vast amounts of data. It would also lesson the risks of security breaches leading to unlawful disclosure of people’s personal and private information,” said Patton.
Secondly, the level of oversight within those agencies that are able to access data under the Act needs to be reviewed to ensure proper safeguards are in place.
“We are not convinced that there are processes there to restrict who can access the data, along with checks and balances to ensure that information is not misused”.
Internet Australia also wants government funding of $128 million increased as it should reflect the actual costs of complying for the ISPs.
“The government’s budgeted amount of $128 million is clearly well below the likely total costs for the industry. This means that consumers will eventually pay more in Internet access fees. It is extraordinary that an Act of this complexity is due to come into effect before anyone knows how much they will receive to cover their costs of compliance,” he said.
"There is a risk that some, perhaps many, of the smaller ISPs will simply go out of business as a result of this new law. This is especially unfortunate for regional and remote Internet consumers who rely on local ISPs because they offer a specialised and personalised service.”
Finally, the location and methods of data storage needs to be reviewed to ensure maximum security.
“Are we happy to allow our personal and private information to be stored just anywhere and by anyone? Should ISPs be required to store data within Australia or allowed to move it offshore?”