Submission on the proposed amendments to the Telecommunications (Service Provider – Identity Checks for Prepaid Mobile Carriage Services) Determination 2013

18 November 2014

Mr Peter Sutton
Manager – National and Community Interests
Australian Communications and Media Authority
Level 32, 360 Elizabeth Street
MELBOURNE VIC 3000

Dear Mr Sutton

Submission by the Office of the Australian Information Commissioner on the proposed amendments to the Telecommunications (Service Provider – Identity Checks for Prepaid Mobile Carriage Services) Determination 2013

Thank you for giving the Office of the Australian Information Commissioner (OAIC) the opportunity to comment on the proposed amendments to the Telecommunications (Service Provider – Identity Checks for Prepaid Mobile Carriage Services) Determination 2013 (2013 Determination) as outlined in the Australian Communications and Media Authority’s (ACMA) consultation paper: ‘Proposed new ID verification: Draft Telecommunications (Service Provider – Identity Checks for Prepaid Mobile Carriage Services) Amendment determination 2014 (No. 1)’.

As Australian Privacy Commissioner I welcome ACMA’s ongoing engagement in relation to the development of the 2013 Determination. In particular, I support consideration being given to the potential privacy impacts of any proposed changes to this determination. In saying this, I appreciate that the 2013 Determination is intended to prevent the anonymous use of prepaid mobile services and to allow law enforcement and national security to obtain information about the identity of customers, where needed, for the purposes of their investigations.

General Comments

I note that the proposed amendments to the 2013 Determination are consistent with recommendations we made in response to ACMA’s consultation on the draft 2013 Determination.[1] Specifically, our support for:

  • the shift from the ‘point of sale’ identity verification model to the ‘point of activation’ identity verification model for a prepaid mobile service, and

  • for carriage service providers (CSPs) to collect only the minimum amount of personal information necessary to meet their obligations under the Telecommunications Act 1997 (Telecommunications Act).

Importantly, it would appear that the ‘point of activation’ identity verification model has the benefit of meeting the law enforcement and national security objectives associated with identity verification of prepaid mobile customers in a way that minimises the impact on an individual’s privacy.

Specific comments

Offering additional prepaid services to existing prepaid customers

I note that the proposal to allow CSPs to offer additional prepaid mobile services to existing customers without having to re-verify their identity is privacy-enhancing, as further collection of personal information is minimised. However, I note the concern of law enforcement agencies that this amendment may reduce the accuracy of identity information for prepaid services over time and the associated increased risk of identity crime. This is because the customer’s information will not be updated each time they purchase an additional prepaid mobile service. I also note that ACMA proposes to amend the 2013 Determination so that a two year time limit applies, after which information relating to an existing prepaid mobile service cannot be used as a form of identity verification for additional prepaid services.

ACMA should be aware that in addition to any time limit imposed in the 2013 Determination, CSPs covered by the Privacy Act must comply with Australian Privacy Principle (APP) 10. APP 10 requires those CSPs to ensure that the personal information they use or disclose is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete and relevant. This includes information relied on for the purpose of offering additional prepaid mobile services.[2]

Visual checking of identification documents at a CSP shopfront

I understand that the proposed amendments will allow CSPs to visually check identity documents produced by customers at the CSP shopfront at the time the pre-paid mobile service is activated. Further, that this proposal is intended to assist customers who have had difficulties verifying their identity online or over the phone when they attempt to activate the service. This practice is consistent with our recommendation that CSPs collect only the minimum amount of personal information necessary to meet their obligations under the Telecommunications Act. This is because CSPs will not be required to collect any additional personal information than they are already required to collect for online or phone identity verification.

Further, consistent with our previous submission, I support the requirement for CSPs to record only the ‘type of form of’ identity document presented by a customer for visual checking at the time a prepaid mobile service is activated. Under section 7.3 of the 2013 Determination, CSPs are restricted from making a copy of an identity document provided by a customer for the purposes of identity verification. This restriction minimises the personal information that CSPs are required to collect, and the security risks that would be associated with copies of identity documents being collected and stored at CSPs’ shop fronts (such as unauthorised access to, or disclosure of, that information).

If you would like to discuss any of the comments made in this submission, please contact Este Darin-Cooper, Director, Privacy Law and Practice on [contact details removed].

Yours sincerely

Timothy Pilgrim
Australian Privacy Commissioner
18 November 2014

Footnotes

[1] Office of the Australian Information Commissioner, Submission on the new streamlined identity-checking requirements for prepaid mobile carriage services: Consultation on the draft 2013 determination, viewed 11 November 2014, Office of the Australian Information Commissioner website <http://www.oaic.gov.au/news-and-events/submissions/privacy-submissions/new-streamlined-identity-checking-requirements-for-prepaid-mobile-carriage-services-consultation-on-the-draft-2013-determination>.

[2] For further information about the obligations under APP 10, see Office of the Australian Information Commissioner, Australian Privacy Principles guidelines, Chapter 10

Was this page helpful?

Thank you.

If you would like to provide more feedback, please email us at websitefeedback@oaic.gov.au