Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

ACMA targets Telstra over privacy breach

Telstra has been issued with a direction from the ACMA after privacy breaches last year.

ACMA has directed Telstra to comply with a privacy clause in the Telecommunications Consumer Protections Code (TCP) following the telco’s breach of the code for over eight months last year.

Telstra was found to be in breach of the code by ACMA and also in breach of the Privacy Act when customers' personal information in its database was made publicly available from 29 March, 2011 to 9 December, 2011.

Customer names and phone numbers were made public and in some cases, customers’ dates of birth, drivers' licence numbers and credit card details were also made available. Up to 734,000 customers were affected.

It is the first direction given by ACMA under the revised code since it was registered 1 September this year.

The TCP code aims to protect customers from unexpected charges, sort out confusing mobile plans and improve the handling of customer complaints. It applies to all telecommunications providers, including ISPs and landline and mobile carriers.

New powers given to ACMA include being able to force companies to ensure pricing information is clear on advertising; improve information on plans; improve complaint handling; and increase transparency around billing and expenditure.

“Put simply, if a provider breaches the code, you can expect us to direct it to comply,” Chris Chapman, ACMA chairman, said in a statement.

“Given Telstra has proactively taken steps to remedy its processes with a view to preventing such an incident from happening again, a direction with respect to the specific code provision is the appropriate measure.”

If Telstra fails to comply with the privacy clause in the TCP code, ACMA could talk the telco to court and seek a pecuniary penalty.

Follow Stephanie McDonald on Twitter: @stephmcdonald0

Follow Computerworld Australia on Twitter: @ComputerworldAU

Recommended

  1. Characteristics of emotional intelligence

  2. Commonwealth Bank shifts to activity-based work culture, swanky ...

  3. More Australians are using mobiles to connect to ...

    CMO

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

References show all

Comments

DM

1

“Given Telstra has proactively taken steps to remedy its processes with a view to preventing such an incident from happening again, a direction with respect to the specific code provision is the appropriate measure.”

Proactive? 'With a view'? Appropriate? ACMA's response here is totally and woefully inadequate. Telstra should be prosecuted for an s270 breach of the Act and they're not even getting a s122 formal warning??
If disclosing info of that nature for 735,000 people isn't considered a breach, then what is?

Telstra's demonstrated a flagrant disregard for customer safety and privacy. The unauthorised wiretaps of internet traffic, exporting tracking data to foreign countries, etc. being just the latest. Carriers are trustees of our information and have a duty of care to keep our data private. The regulator (ACMA) has a duty to uphold the regulations that are meant to protect us.

Until a clear message is sent that these kind of breaches are totally unacceptable, companies will continue to cut corners on security.

Why is the regulator so uncaring about our privacy? Could it be because Labor and Liberal are about to perform the most egregious and dangerous abuse of privacy in Australian's history - mandatory data retention?

If Telco's can't even keep a customer's credit card, driver's license, date of birth, etc. private from "accidental" disclosure - it's absolutely guaranteed they can't defend hostile, directed attacks on far more valuable stored data. This will be a gold mine for state-based advanced persistent threats, the biggest national security issue we're likely to face - all engineered courtesy of our own government.

Comments are now closed.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Endpoint Security and Virtualisation
    Besides form factor, virtual systems are not really that different than physical systems. They both use the same operating systems and applications. They both present users with computing resources such as RAM and hard drives. Consequently, the ability to exploit vulnerabilities in a physical environment will present a significant threat to virtualised environments as well. This paper examines the different endpoint security methods for virtualised environments and presents how Endpoint Protection security provides optimal performance, protection and manageability.
    Learn more »
  • Staying Ahead of the Data Explosion
    The total volume of data being processed and stored by businesses is rising exponentially. IDC has estimated that the size of the "digital universe" will increase 29 fold between 2010 and 2020. Data storage technology has undergone a steady increase in capacity, along with a steady decline in the cost per unit to store information. Unfortunately, data storage capacity is not keeping pace with data growth and necessitating greater intelligence in the storage infrastructure. Read more.
    Learn more »
  • New Demands for Real-time Threat Management
    Many organisations are evaluating a new security model based upon IT risk management best practices. This is a good idea, but not enough for today’s dynamic and malevolent threat landscape. To keep up with IT changes and external threats, large organisations need to embrace two new security practices: real-time risk management for day-to-day security adjustments and real-time threat management to detect and remediate sophisticated, stealthy, and damaging security breaches (i.e., advanced persistent threats, or APTs). Learn more.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments