Government Amendments Improve Data Retention Legislation – Concerns Remain Around Encryption and Costs
Sydney, 19 March 2015 - The proposed Government amendments to the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, circulated today represent a net improvement to the legislation, but significant concerns remain for services providers and telecommunications consumers.Communications Alliance CEO, John Stanton, expressed concern about the amendment requiring all data to be encrypted.
“Service providers recognise that data security is important and typically don’t object in principle to encrypting the data,
“But it must be recognised that some legacy systems or databases do not lend themselves to encryption – it is impossible to guarantee that all service providers will be able to encrypt all data,
“The amendment should be refined to reflect this reality and to give service providers greater discretion to use appropriate data protection strategies,
“The burden of encryption will also tend to fall more heavily on smaller service providers, particularly if the legislation means they have to invest to retrospectively include encryption capability into existing IT systems to meet this requirement.
“In circumstances where the Government still refuses to say how much it is willing to contribute to the costs it is imposing on industry, this amendment adds further to the worrying uncertainty for industry and the potential additional costs for Australian telecommunications users,” Mr Stanton said.
“If the only option for relief from an encryption requirement for a specific system is via an exemption from the CAC under 187K, then the exemption category should be explicitly called out.”
Mr Stanton said that one element of the PJCIS recommendations that appears to be missing from the amendments is an express exclusion of passwords and PINs.
“PIN-type information should be excluded, or at the very least should not be released without a warrant of some form, as it could potentially give access to communications content or stored content or unauthorised access to personal information.”
Industry has additional concerns about the practical implications of the amendment which deems retained data to be “personal information”.
“We are also uncomfortable about the lack of certainty in circumstances where the Minister can change the regulatory requirements relating to the dataset, requiring service providers to take action, but the Minister’s decision might be rescinded 40 days later.
“Industry had proposed that any changes to regulation not take effect until the expiry of the parliamentary disallowance period – providing certainty for all stakeholders, “ Mr Stanton said.
“We note that Government also plans to introduce a mandatory data breach notification later this year – we look forward to consultation on the detail of this proposal.”
He said industry would continue to consult with all parties in an attempt to improve the Bill before it becomes law.
ABOUT COMMUNICATIONS ALLIANCE
Communications Alliance is the primary telecommunications industry body in Australia. Its membership is drawn from a wide cross-section of the communications industry, including carriers, carriage and internet service providers, content providers, search engines, equipment vendors, IT companies, consultants and business groups.
Its vision is to provide a unified voice for the telecommunications industry and to lead it into the next generation of converging networks, technologies and services. The prime mission of Communications Alliance is to promote the growth of the Australian communications industry and the protection of consumer interests by fostering the highest standards of business ethics and behaviour through industry self-governance. For more details about Communications Alliance, see www.commsalliance.com.au.
Media information contact:
Kreab
Lucy Chamberlain lchamberlain@kreab.com 0402 106 613