Role of the Australian Information Commissioner
The Australian Information Commissioner (Information Commissioner):
- is consulted about the development, variation or revocation of telecommunications codes and standards and breaches of codes under the Telecommunications Act 1997 (Telecommunications Act)
- has the power to monitor compliance with the Telecommunications Act in relation to certain disclosures of personal information by telecommunications carriers, carriage service providers and number-database operators
- is consulted about requirements to authorise access to telecommunications data information and documents under the Telecommunications (Interception and Access) Act 1979 (TIA Act).
The Telecommunications Act contains a number of provisions that deal with personal information held by carriers, carriage service providers and others.
The Telecommunications Act defines a ‘carrier’ as the holder of a carrier licence granted under s 56 of that Act. Licensed carriers provide the infrastructure on which carriage and content services are provided to the public. The Australian Media and Communication Authority (ACMA) publishes a list of licenced and nominated carriers.
A ‘carriage service provider’ uses a carriage service to supply phone and/or internet services to the public. The carriage service provider (not the carrier) has direct contact with consumers.
Section 112 of the Telecommunications Act provides for the development of industry codes and standards in a range of consumer protection and privacy areas. Under ss 117 and 134 of the Telecommunications Act, the Information Commissioner must be consulted on codes and standards which cover privacy. The codes are voluntary, but the ACMA has the power to direct entities within its jurisdiction to comply with a code.
The industry code that deals with privacy in the telecommunications industry is the Telecommunications Consumer Protection Industry Code. More information about the ACMA’s role in telecommunications regulation is available on the ACMA Telecommunications page.
Part 13 of the Telecommunications Act sets out strict rules for carriers, carriage service providers and others in their use and disclosure of personal information. The Privacy Act 1988 (Privacy Act) defines ‘personal information’ as ‘information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
What constitutes personal information will vary, depending on what can reasonably be ascertained in a particular circumstance.
The Information Commissioner has the power to monitor compliance with Part 13, Division 5 of the Telecommunications Act, which, in particular:
- obliges carriers and carriage service providers to make records of all disclosures of personal information (with only a few exceptions), and
- requires disclosure to law enforcement agencies only in specified circumstances.
If you think that a carrier has not complied with the Telecommunication Act you can make a complaint.
Telecommunications (Interception and Access) Act
The TIA Act prohibits the interception of communications passing over a telecommunications system. It specifies the circumstance and conditions in which telecommunications can be lawful intercepted including for maintenance of telecommunication services and law enforcement.
Under s 183(2) of the TIA Act,the Secretary of the Attorney-General’s Department (Secretary) can determine requirements to authorise access to telecommunications data information and documents.
Under s 183(3) of the TIA Act, the Secretary must consult the Information Commissioner in relation to privacy matters before putting in place requirements for authorising access to telecommunications data information or documents by the Australian Security Intelligence Organisation, law enforcement and foreign law enforcement.
Submissions made by the Information Commissioner on determinations under the TIA Act can be found on the Privacy submissions page [see Proposed determination under section 183(2) of the Telecommunications (Interception and Access) Act 1979 (Cth)]