On 26 March 2015 the Government’s controversial new telecommunications data retention laws were passed by Parliament. These laws, enacted through the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 (Cth), will now come into effect 6 months from the date that the Act receives royal assent.
In his article on IP Whiteboard, Michael Swinson considers the core features of the Act, highlighting the most significant changes from the earlier draft Bill following the report by the Parliamentary Joint Committee on Intelligence and Security, including:
- Defining the data set – the Act includes a table that describes all of the data that must be retained, and gives the Minister a power to add new categories of data by declaration.
- Controlling access and enhancing security – to allay concerns that the data retained pursuant to obigations under the Act may act as “honeypots” that attract fraudsters and others who may wish to use that data for criminal purposes, the Act requires telecommunications providers to protect the confidentiality of their retained data by use of encryption and other steps to protect the data against unauthorized interference or access.
- Additional protection for journalists – the Act introduces a special requirement to obtain a warrant to access telecommunications data relating to a journalist where the purpose of accessing the data is to identify a source (in other cases equivalent data can be accessed under an authorization given by an appropriate senior officer within a law enforcement agency, without needing to obtain a warrant).
- Government contribution to funding – the Act provides a mechanism for the Government to provide financial assistance to assist telecommunications providers to comply with their data retention obligations. However, givent he significant costs involved, for industry this remains a significant grey area,.
Importantly, while the original Bill reduced the number of agencies authorized to access telecommunications data, the Act has expanded this list to also cover the ACCC and ASIC, as those organizations also have an important role to play in investigating and taking action in response to white collar crime.
Michael also notes that, while the Joint Committee recommended that there be a mandatory data breach notification scheme, which would not only let people know when their retained telecommunications data has been accessed for an unauthorized purpose but would also apply more broadly to other types of personal information as well, such legislation is yet to be drafted. Watch this space.
You can read Michael’s full post here.