Part J—Telecommunications

71. Telecommunications Act

Recommendation 71–1 Part 13 of the Telecommunications Act 1997 (Cth) should be redrafted to achieve greater logical consistency, simplicity and clarity.

Recommendation 71–2 The Australian Government should initiate a review to consider whether the Telecommunications Act 1997 (Cth) and the Telecommunications (Interception and Access) Act 1979 (Cth) continue to be effective in light of technological developments (including technological convergence), changes in the structure of communication industries and changing community perceptions and expectations about communication technologies. In particular, the review should consider:

(a) whether the Acts continue to regulate effectively communication technologies and the individuals and organisations that supply communication technologies and communication services;

(b) how these two Acts interact with each other and with other legislation;

(c) the extent to which the activities regulated under the Acts should be regulated under general communications legislation or other legislation;

(d) the roles and functions of the various bodies currently involved in the regulation of the telecommunications industry, including the Australian Communications and Media Authority, the Attorney-General’s Department, the Office of the Privacy Commissioner, the Telecommunications Industry Ombudsman, and Communications Alliance; and

(e) whether the Telecommunications (Interception and Access) Act should be amended to provide for the role of a public interest monitor.

Recommendation 71–3 The Telecommunications Act 1997 (Cth) should be amended to provide that a breach of Divisions 2, 4 and 5 of Part 13 of the Act may attract a civil penalty in addition to a criminal penalty. The Australian Communications and Media Authority should develop and publish enforcement guidelines setting out the criteria upon which a decision to pursue a civil or a criminal penalty is made.

Recommendation 71–4 The Australian Communications and Media Authority, in consultation with the Office of the Privacy Commissioner, Communications Alliance, the Telecommunications Industry Ombudsman, and other relevant stakeholders, should develop and publish guidance that addresses privacy issues raised by new technologies such as location-based services, voice over internet protocol and electronic number mapping.

Recommendation 71–5 Section 117(1)(k) of the Telecommunications Act 1997 (Cth) should be amended to provide that the Australian Communications and Media Authority cannot register a code that deals directly or indirectly with a matter dealt with by the Privacy Act, or an approved privacy code under the Privacy Act, unless it has consulted with, and taken into consideration any comments or suggested amendments of, the Privacy Commissioner.

Recommendation 71–6 Section 134 of the Telecommunications Act 1997 (Cth) should be amended to provide that the Australian Communications and Media Authority cannot determine or vary an industry standard that deals directly or indirectly with a matter dealt with by the Privacy Act, or an approved privacy code under the Privacy Act, unless it has consulted with, and taken into consideration any comments or suggested amendments of, the Privacy Commissioner.

72. Exceptions to the Use and Disclosure Offences

Recommendation 72–1 Sections 280(1)(b) and 297 of the Telecommunications Act 1997 (Cth) should be amended to clarify that the exception does not authorise a use or disclosure that would be permitted by the Privacy Act if that use or disclosure would not be otherwise permitted under Part 13 of the Telecommunications Act.

Recommendation 72–2 The Telecommunications Act 1997 (Cth) should be amended to provide that a use or disclosure of information or a document is permitted if a person has reason to suspect that unlawful activity has been, is being, or may be engaged in, and uses or discloses the personal information as a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities.

Recommendation 72–3 The Telecommunications Act 1997 (Cth) should be amended to provide that a telecommunications service provider may use or disclose ‘personal information’ as defined in the Privacy Act about an individual who is an existing customer aged 15 or over for the purpose of direct marketing only where the:

(a) individual would reasonably expect the organisation to use or disclose the information for the purpose of direct marketing;

(b) organisation provides a simple and functional means by which the individual may advise the organisation that he or she does not wish to receive any further direct marketing communications; and

(c) the information does not relate to the contents of a communication carried, or being carried, by a telecommunications service provider; or carriage services supplied or intended to be supplied by a telecommunications service provider.

Recommendation 72–4 The Telecommunications Act 1997 (Cth) should be amended to provide that a telecommunications service provider may use or disclose ‘personal information’ as defined in the Privacy Act about an individual who is an existing customer and is under 15 years of age for the purpose of direct marketing only in the following circumstances:

(a) either the:

(i) individual has consented; or

(ii) information is not sensitive information and it is impracticable for the organisation to seek the individual’s consent before that particular use or disclosure; and

(b) the information does not relate to the contents of a communication carried, or being carried, by a telecommunications service provider; or carriage services supplied or intended to be supplied by a telecommunications service provider;

(c) in each direct marketing communication, the organisation draws to the individual’s attention, or prominently displays a notice advising the individual, that he or she may express a wish not to receive any further direct marketing communications;

(d) the organisation provides a simple and functional means by which the individual may advise the organisation that he or she does not wish to receive any further direct marketing communications; and

(e) if requested by the individual, the organisation must, where reasonable and practicable, advise the individual of the source from which it acquired the individual’s personal information.

Recommendation 72–5 The Telecommunications Act 1997 (Cth) should be amended to provide that in the event that an individual makes a request of an organisation not to receive any further direct marketing communications, the organisation must:

(a) comply with this requirement within a reasonable period of time; and

(b) not charge the individual for giving effect to the request.

Recommendation 72–6 A note should be inserted after s 280 of the Telecommunications Act 1997 (Cth) cross-referencing to Chapter 4 (Access to telecommunications data) of the Telecommunications (Interception and Access) Act 1979 (Cth).

Recommendation 72–7 Sections 287 and 300 of the Telecommunications Act 1997 (Cth) should be amended to provide that a use or disclosure by a ‘person’, as defined under the Act, of information or a document is permitted if:

(a) the information or document relates to the affairs or personal particulars (including any unlisted telephone number or any address) of another person; and

(b) the person reasonably believes that the use or disclosure is necessary to lessen or prevent a serious threat to a person’s life, health or safety.

Recommendation 72–8 Section 289 of the Telecommunications Act 1997 (Cth) should be amended to provide that a use or disclosure by a ‘person’, as defined under the Act, of information or a document is permitted if the information or document relates to the affairs or personal particulars (including any unlisted telephone number or any address) of another person; and

(a) the other person has consented to the use or disclosure; or

(b) the use or disclosure is made for the purpose for which the information or document came to the person’s knowledge or into the person’s possession (the primary purpose); or

(c) the use or disclosure is for a purpose other than the primary purpose (the secondary purpose); and

(i) the secondary purpose is related to the primary purpose, and if the information or document is sensitive information (within the meaning of the Privacy Act), the secondary purpose is directly related to the primary purpose; and

(ii) the other person would reasonably expect the person to use or disclose the information.

Recommendation 72–9 Part 13 of the Telecommunications Act 1997 (Cth) should be amended to provide that ‘consent’ means ‘express or implied consent’.

Recommendation 72–10 Part 13 of the Telecommunications Act 1997 (Cth) should be amended to provide that use or disclosure by a person of credit reporting information is to be handled in accordance with the Privacy Act.

Recommendation 72–11 The Telecommunications Act 1997 (Cth) should be amended to clarify when a use or disclosure of information or a document held on the integrated public number database is permitted.

Recommendation 72–12 Clause 3 of the Carrier Licence Conditions (Telstra Corporation Limited) Declaration 1997 (Cth) should be amended to provide that ‘enforcement agency’ has the same meaning as that provided for in the Telecommunications (Interception and Access) Act 1979 (Cth).

Recommendation 72–13 Section 285 of the Telecommunications Act 1997 (Cth) should be amended to provide that a disclosure of an unlisted number is permitted if the disclosure is made to another person for purposes connected with dealing with the matter or matters raised by a call to an emergency service number.

Recommendation 72–14 The Australian Government should amend s 285(3) of the Telecommunications Act 1997 (Cth) to provide that before the Minister specifies a kind of research for the purpose of the use or disclosure of information or a document contained in the Integrated Public Number Database, the Minister must be satisfied that the public interest in the relevant research outweighs the public interest in maintaining the level of protection provided by the Telecommunications Act to the information in the Integrated Public Number Database.

Recommendation 72–15 The Telecommunications (Integrated Public Number Database Scheme—Conditions for Authorisations) Determination 2007 (No 1) should be amended to provide that an authorisation under the integrated public number database scheme is subject to a condition requiring the holder of the authorisation to notify the Privacy Commissioner, as soon as practicable after becoming aware:

(a) of a substantive or systemic breach of security that reasonably could be regarded as having an adverse impact on the integrity and confidentiality of protected information; and

(b) that a person to whom the holder has disclosed protected information has contravened any legal restrictions governing the person’s ability to use or disclose protected information.

Recommendation 72–16 The Telecommunications Act 1997 (Cth) should be amended to provide that directory products that are produced from data sources other than the Integrated Public Number Database should be subject to the same rules under Part 13 of the Telecommunications Act as directory products which are produced from data sourced from the Integrated Public Number Database.

Recommendation 72–17 The Telecommunications Act 1997 (Cth) should be amended to prohibit the charging of a fee for an unlisted (silent) number on a public number directory.

73. Other Telecommunications Privacy Issues

Recommendation 73–1 Section 79 of the Telecommunications (Interception and Access) Act 1979 (Cth) should be amended to provide that the chief officer of an agency must cause a record, including any copy of a record, in the possession of an agency, made by means of an interception to be destroyed when it is no longer needed for a permitted purpose.

Recommendation 73–2 Section 79 of the Telecommunications (Interception and Access) Act 1979 (Cth) should be amended to require the destruction of non-material content intercepted under a B-Party warrant.

Recommendation 73–3 The Telecommunications (Interception and Access) Act 1979 (Cth) should be amended to provide that the Australian Security Intelligence Organisation and enforcement agencies must destroy in a timely manner irrelevant material containing accessed telecommunications data which is no longer needed for a permitted purpose.

Recommendation 73–4 Sections 151 and 163 of the Telecommunications (Interception and Access) Act 1979 (Cth) should be amended to provide for reporting requirements relating to the use of stored communication warrants that are equivalent to the interception warrant reporting requirements under Part 2–7 and s 102 of the Act.

Recommendation 73–5 The Australian Government Attorney-General’s Department should develop and, where appropriate, publish guidance on the interception and access of information under the Telecommunications (Interception and Access) Act 1979 (Cth), that addresses:

(a) the definition of the term ‘telecommunications data’;

(b) when voluntary disclosure of telecommunications data to the Australian Security Intelligence Organisation and other enforcement agencies is permitted; and

(c) timeframes within which agencies should review holdings of information and destroy information.

Recommendation 73–6 The Telecommunications (Interception and Access) Act 1979 (Cth) should be amended to provide expressly that where the Ombudsman has reason to believe that an officer of an agency is able to give information relevant to an inspection of the agency’s records relating to access to a stored communication, the Ombudsman may:

(a) require the officer to give the information to the Ombudsman and to attend a specified place in order to answer questions relevant to the inspection; and

(b) where the Ombudsman does not know the officer’s identity, require the chief officer, or a person nominated by the chief officer, to answer questions relevant to the inspection.

Recommendation 73–7 The Australian Communications and Media Authority should add the Office of the Privacy Commissioner as a member of the Law Enforcement Advisory Committee.

Recommendation 73–8 The Office of the Privacy Commissioner, the Telecommunications Industry Ombudsman and the Australian Communications and Media Authority should develop memorandums of understanding, addressing:

(a) the roles and functions of each of the bodies under the Telecommunications Act 1997 (Cth), Spam Act 2003 (Cth), Do Not Call Register Act 2006 (Cth) and Privacy Act;

(b) the exchange of relevant information and expertise between the bodies; and

(c) when a matter should be referred to, or received from, the bodies.

Recommendation 73–9 The document setting out the Office of the Privacy Commissioner’s complaint-handling policies and procedures (see Recommendation 49–8), and its enforcement guidelines (see Recommendation 50–3) should address:

(a) the roles and functions of the Office of the Privacy Commissioner, Telecommunications Industry Ombudsman and the Australian Communications and Media Authority under the Telecommunications Act 1997 (Cth), Spam Act 2003 (Cth), Do Not Call Register Act 2006 (Cth) and Privacy Act; and

(b) when a matter will be referred to, or received from, the Telecommunications Industry Ombudsman and the Australian Communications and Media Authority.

Recommendation 73–10 The Australian Communications and Media Authority, in consultation with relevant stakeholders, should develop and publish guidance relating to privacy in the telecommunications industry. The guidance should:

(a) outline the interaction between the Privacy Act, Telecommunications Act 1997 (Cth), Spam Act 2003 (Cth) and Do Not Call Register Act 2006 (Cth);

(b) provide advice on the exceptions under Part 13 of the Telecommunications Act, Spam Act and the Do Not Call Register Act; and

(c) outline what is required to obtain an individual’s consent for the purposes of the Privacy Act, Telecommunications Act, Spam Act and Do Not Call Register Act. This guidance should cover consent as it applies in various contexts, and include advice on when it is, and is not, appropriate to use the mechanism of ‘bundled consent’.

Recommendation 73–11 The Australian Communications and Media Authority, in consultation with relevant stakeholders, should develop and publish educational material that addresses the:

(a) rules regulating privacy in the telecommunications industry; and

(b) various bodies that are able to deal with a telecommunications privacy complaint, and how to make a complaint to those bodies.