The Australian Information Commissioner (Information Commissioner) has a range of powers and obligations in regards to the administration of the Telecommunications Act 1997 and the Telecommunications (Interception and Access) Act 1979.
Role of the Australian Information Commissioner
The Information Commissioner:
- is consulted about the development, variation or revocation of codes and standards under the Telecommunications Act 1997 (Telecommunications Act) that deal with privacy matters
- has the power to monitor compliance with the record-keeping requirements contained in Part 13 of the Telecommunications Act, which requires telecommunications carriers and carriage service providers to keep records of certain disclosures of personal information
- is consulted about requirements relating to the form of authorisations made to allow certain law enforcement agencies to access telecommunications data (sometimes called metadata) under the Telecommunications (Interception and Access) Act 1979 (TIA Act)
- has oversight of telecommunications carriers and carriage service providers’ handling of telecommunications data collected under the data retention scheme, which is deemed to be personal information within the meaning of the Privacy Act
The Telecommunications Act contains a number of provisions that deal with personal information held by carriers, carriage service providers and others.
The Telecommunications Act defines a ‘carrier’ as the holder of a carrier licence granted under s 56 of that Act. Licensed carriers provide the infrastructure on which carriage and content services are provided to the public. The Australian Media and Communication Authority (ACMA) publishes a list of licenced and nominated carriers.
A ’carriage service provider’ uses a carriage service to supply phone and/or internet services to the public. The carriage service provider (not the carrier) has direct contact with consumers.
Telecommunications industry codes and standards
Part 6 of the Telecommunications Act provides for the development of industry codes and standards on any matter that relates to a telecommunications activity, which is defined in section 109 of the Act. Codes can be submitted to the ACMA by industry bodies for registration and, where the ACMA is satisfied that the code meets stipulated criteria, it is obliged to include the code on a codes register. Under ss 117 and 134 of the Telecommunications Act, the Information Commissioner must be consulted on codes and standards which deal directly or indirectly with a matter dealt with by the Privacy Act. The codes are voluntary, but the ACMA has the power to direct entities within its jurisdiction to comply with a code.
Information about Telecommunications Act codes and standards, and a register of codes and standards that are currently in force, is available at the ACMA’s Register of Telco Industry Codes & Standards.
Records of disclosures of personal information
Part 13 of the Telecommunications Act sets out strict rules for carriers, carriage service providers and others in their use and disclosure of personal information. The Privacy Act 1988 (Privacy Act) defines ‘personal information’ in s 6(1) as any ’information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not’
What constitutes personal information will vary, depending on what can be identified or is reasonably identifiable in a particular circumstance.
The Information Commissioner has the power to monitor compliance with Part 13, Division 5 of the Telecommunications Act, which requires carriers and carriage service providers to make records of certain disclosures of personal information, including disclosures of telecommunications data collected and retained under the data retention scheme (see below) to law enforcement agencies.
The OAIC has produced a business resource to assist telecommunication service providers to understand their obligations to maintain records of disclosures under ss 306 and 306A of the Telecommunications Act 1997. The resource includes a checklist to help providers ensure the relevant requirements are met when creating records of disclosures.
If you think that a carrier has not complied with the Telecommunication Act you can make a complaint.
Telecommunications (Interception and Access) Act
Under the TIA Act the Australian Security and Intelligence Organisation (ASIO) and certain domestic law enforcement agencies can authorise the disclosure of telecommunications data by a carrier or carriage service provider, including telecommunications data collected and retained under the new data retention scheme. Under s 183(3) of the TIA Act, the Information Commissioner must be consulted about requirements relating to the form of those authorisations.
Data retention scheme
In March 2015, the Australian parliament passed legislation to introduce a data retention scheme into Part 5-1A of the TIA Act.
From 13 October 2015, providers of telecommunications services in Australia (service providers) are required to collect and retain specified types of telecommunications data (sometimes called ‘metadata’) for a minimum period of two years. Importantly, Part 5-1A requires all service providers that collect and retain telecommunications data under the data retention scheme to comply with the Privacy Act in relation to that data (for more information see the telecommunications service providers’ obligations arising under the Privacy Act as a result of Part 5-1A of the TIA Act).