The Office of the Australian Information Commissioner (OAIC) became aware of an allegation about inappropriate access to an individual's telephone records in May 2015. Since then, the OAIC has been in contact with Vodafone to make inquiries about the allegation. The OAIC has also been liaising with the Australian Communications and Media Authority about these allegations, in accordance with the memorandum of understanding between the two agencies.
All organisations, including telecommunications providers, have an obligation under the Privacy Act 1988 (Cth) (Privacy Act) to protect the personal information that they hold from misuse, interference and loss and from unauthorised access, modification or disclosure. The OAIC’s Guide to securing personal information provides guidance to organisations about how to comply with this obligation, including in relation to access security controls, internal practices, procedures and systems and ICT security.
