Pilgrim prods telcos on data retention privacy
- 10 August, 2015 15:00
Acting information commissioner Timothy Pilgrim has reminded telcos of their privacy obligations when it comes to retaining customer information in order to comply with the government's data retention regime.
Under the data retention scheme, telcos will need to retain for at least 24 months a range of customer information, ranging from billing information to call and email records.
The government's legislation defines information that relates to an individual and is kept by a service provider to meet their data retention obligations as personal information covered by the provisions of the Privacy Act 1988.
"As the national privacy regulator, I would like to take this opportunity to encourage all carriers and service providers to consider how they will comply with their privacy obligations in relation to data collected and retained under the data retention scheme," Pilgrim's letter (PDF) states.
The letter was distributed by the Telecommunications Industry Ombudsman to its members and included a copy of the Office of the Australian Information Commissioner's recently issued privacy guidance for data retention.
"For the larger service providers, their obligations will not change in terms of compliance with the Privacy Act," the guidance notes.
However, a range of smaller service providers that may have previously been exempt from Privacy Act provisions will now be affected by the legislation, but only in relation to the telecommunications data they are compelled to retain under the new regime.
Service providers should minimise the risk of a data breach and ensure consistency in data handling processes, the OAIC advised.
Prior to the legislation being passed, telcos warned that data retained under the scheme could be an appealing target for hackers.
Last year before the government revealed details of its legislation, Pilgrim said that a scheme that involved the storage of large amounts of personal data was a potential risk to privacy.
At the time Pilgrim was the Privacy Commissioner; a role that has been unfilled since his term expired in July.