Privacy Law and Policy Reporter
The major reforms to telecommunications regulation and structure are still to be played out as the details of the Telecommunications Act 1997 and related legislation are put into practice. Privacy protection surrounding the IPND is one very good example.
Until the reforms, Telstra was responsible for the maintenance of a number data base which contained the names, addresses, phone numbers and phone location of all residential and business customers.
The more open competition introduced by the telecommunications reforms meant change was inevitable. While Telstra is the primary supplier of the final phone connection into people’s homes, it is the obvious repository for a data base for all telephone subscribers (at least for fixed telephones).
With the possibility of other suppliers of services into homes and offices, that is no longer the case. Further, the obvious commercial advantage of holding such a complete data base of all telephone subscribers means that one carrier holding such information would not be acceptable in a competitive environment.
The telecommunications reforms, therefore, provided for the Minister to determine that Telstra — or another person — would provide and maintain an integrated public number base.
The database issue has taken two further steps since the passage of the legislation: a licence condition on Telstra and the formation of an IPND Working Committee.
The Minister included in Telstra’s licence the requirement that:
the licensee must establish and maintain an industry-wide integrated public number database to provide information for purposes connected with the following activities;
The Australian Communications Industry Forum (ACIF) has also established an IPND Working Committee to establish a code of practice which will cover the provision of information by carriers and carriage service providers to the IPND, and from the IPND to carriers and carriage service providers.
The Committee includes representatives from four carriers, a representative from the major telecommunications users group, ATUG, and a representative from the Consumers’ Telecommunications Network. At its first meeting on 31 October, the Committee began discussions on a draft code.
There are many issues facing the IPND Code, including the technical issues of information transfer to and from the IPND, and responsibility of accuracy of the information. But there are also important privacy issues.
What information is retained? How secure is the information? Who has access to the information and under what conditions? What limitations are to be placed on the use of that information, and on the reuse of that information by others?
In its submission to the Senate Telecommunications Bills Inquiry, the Privacy Commissioner’s Office raised specific privacy issues relating to the IPND.
The IPND provisions seem to be designed to achieve two separate and potentially competing purposes: the provision of directory services, and facilitation of information access requests from various law enforcement and revenue protection agencies.
Further, the Act is silent on the details of information which will be retained by the IPND, the objectives for holding that information, who will have access to that information and for what purposes.
Finally, the Act provides for ‘primary disclosure/use offences’ which would clearly include INPD providers and users. But it does not include prohibition/offence provisions for secondary use — clearly an issue with IPND.
There are critical privacy issues facing the IPND Working Committee. Hopefully, the Committee’s final Code [see Frances Wood’s article in this issue for an explanation of the Code process (Ed)] will fill in the privacy protections left in doubt or simply not addressed in the new telecommunications legislative reforms.
Holly Raiche, Consumers’ Telecommunications Network