Skip to Navigation Skip to Content Read about Accessibility on the Telecommunications Ombudsman website

New data retention obligations for providers

17 July 2015

The Australian parliament has passed legislation that requires telco providers to keep metadata about their customers’ communications for two years.

The Telecommunications (Interception and Access) Amendment (Data Retention) Act (the Data Retention Act) comes into effect on 13 October 2015 and has the objective of preventing and identifying perpetrators of serious and organised crime.

What is metadata?

The Commonwealth Attorney General's Department defines metadata as information about a communication (the who, when, where and how) - not the content or substance of a communication (the what).

New obligations for telco providers

The Data Retention Act requires telcos to keep metadata for two years. The data must be encrypted and protected from unauthorised interference or access.

More information about the types of data to be retained and implementation of these new obligations can be found on the Attorney General’s Department website.

Privacy protections for consumers

Privacy protections for consumers under the Data Retention Act are based on existing protections under the Commonwealth Privacy Act.

However, the Data Retention Act will require that all telco service providers (regardless of annual turnover) comply with the Privacy Act for data retained for the purpose of compliance with the Data Retention Act.

The TIO’s role to handle privacy complaints

The TIO handles complaints from consumers about a breach of privacy by their telco, including complaints about:

  • access to their own personal information (potentially including metadata)
  • the collection, use or disclosure of their personal information, and
  • charges imposed by a provider to the consumer for access to their own personal information.

We do not handle complaints about law enforcement agencies’ requests to access metadata (or other information) held by a provider, or how providers respond to those requests. These complaints are more appropriately handled by the Commonwealth Ombudsman or the Privacy Commissioner. 

If you have a privacy-related complaint, but are unsure if we can help, please contact us.

Recent Posts:

Contracts

case study image

A man contacted us because he was not provided with the service agreed to in his contract for a bundled landline and internet service.

Next step?