From 13 October 2015, telecommunications service providers that use communications infrastructure in Australia to provide any of their services may be required to retain and secure certain data for two years. The new obligations under the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 (Cth) apply to licensed carriers, carriage service providers and internet service providers. However, some services are specifically excluded including, for example, broadcasting services. The data retention obligations will apply regardless of the size of the company and/or its customer base.
Broadly, the type of data that must be retained includes:
- the source and destination of a communication
- the date, time and duration of a communication
- communication type
- location of communications equipment.
Service providers that cannot fully comply with the obligations of the new legislation by 13 October 2015 can apply to the Communications Access Coordinator for an extension of up to 18 months by lodging an implementation plan detailing how they will achieve compliance in the extended period. Specific services can also be eligible for an exemption from and/or variation to the data retention obligations.
The Office of the Australian Information Commissioner is set to release a public report at the end of October on its findings into how telecommunications companies are responding to requests for personal data from Australian law enforcement agencies.
For more information (including links to a fact sheet and list of the data set required to be maintained) see the Attorney General’s information page here.
The Australian Communications and Media Authority’s blog post in relation to the new data retention laws can be found here.