[Index] [Search] [Download] [Related Items] [Help]
TELECOMMUNICATIONS AMENDMENT REGULATIONS 2009 (NO. 1) (SLI NO 31 OF 2009)
EXPLANATORY STATEMENT
Select Legislative Instrument 2009 No. 31
Subject - Telecommunications Act 1997
Telecommunications Amendment Regulations 2009 (No. 1)
Subsection 594(1) of the Telecommunications Act 1997 (‘the Act’) provides that the Governor-General may make regulations prescribing matters required or permitted to be prescribed by the Act, or necessary or convenient to be prescribed for carrying out or giving effect to the Act.
Subsection 292(1) of the Act provides that section 276 does not prohibit a disclosure or use of information or a document in circumstances specified in the Regulations.
Section 276 of the Act provides for the confidentiality of information or documents relating to the contents of communications carried by carriers or carriage service providers, carriage services supplied by carriers or carriage service providers and the affairs or personal particulars (including any unlisted telephone or any address) of other persons.
The Regulations describe circumstances in which the disclosure or use of information or a document, consisting of, or relating to information contained in an integrated public number database is permitted without contravening section 276. The primary purpose of the Regulations is to allow emergency management authorities in each state and territory to obtain phone numbers and personal particulars (including any unlisted telephone or any address) of all the database listings for their respective state or territory for the purpose of ensuring effective arrangements are in place to deal with serious and imminent threats to life and health of persons. Such threats may emanate from natural disasters (such as bushfires and floods), criminal acts and non-natural disasters (such as industrial accidents).
An integrated public number database is maintained by Telstra Corporation Limited (‘Telstra’) as a condition of its carrier licence. The integrated public number database is a database of all Australian public telephone numbers and associated customer information including name and address information. It also includes information such as whether the number or address is to be listed in a public number directory and whether the number is used for residential, business, government or charitable purposes.
All carriage service providers who supply carriage services to customers who have public telephone numbers (landline and mobile) are obliged to provide customer information to Telstra for inclusion in the integrated public number database.
If an authorised person gives Telstra an undertaking, and makes a certification, as to certain matters prescribed under the Regulations, Telstra is permitted to disclose the protected information or documents without contravening section 276.
The Regulations commence on the day after they are registered on the Federal Register of Legislative Instruments.
Regulation Impact Statement
A Regulation Impact Statement is not required for the Regulations on the basis that a preliminary assessment revealed that the proposal would not be likely to have any impact on businesses, individuals or the economy.
Consultation
The Regulations were drafted in consultation with the Commonwealth Attorney-General, Australian Communication and Media Authority, Australian Government Emergency Management Australia, the Commonwealth Department of the Prime Minister and Cabinet, the Federal Privacy Commissioner and Telstra.
Details of the Regulations are set out in the Attachment.
Authority:
Subsection 594(1) of the Telecommunications Act 1997
ATTACHMENT
Details of Telecommunications Amendment Regulations 2009 (No. 1 )
Regulation 1 – Name of Regulations
This regulation provides that the title of the Regulations is the Telecommunications Amendment Regulations 2009 (No. 1).
Regulation 2 – Commencement
This regulation sets out the date on which the Regulations commence, being the day after they were registered.
Regulation 3 - Amendment of Telecommunications Regulations 2001
Regulation 3 provides that Schedule 1 amends the Telecommunications Regulations 2001 (the Principal Regulations) by inserting regulation 5.1B.
REGULATION 5.1B
Regulation 5.1B provides, for the purpose of subsection 292 (1) of the Telecommunications Act 1997 (the Act), the set of circumstances which apply to a disclosure or use of the protected information or a document by Telstra.
All circumstances set out in paragraph (1) need to be satisfied in order to constitute exceptional circumstances for the purposes of subsection 292 (1).
Paragraph 5.1B (1) (a)
Paragraph 5.1B (1) (a) describes two categories of information that fall within the scope of the exceptional circumstances. These are:
(a) information contained in an integrated public number database (subparagraph (1) (a) (i)); or
(b) a document consisting of, or relating to, information contained in an integrated public number database (subparagraph (1) (a) (ii)).
The integrated public number database is a database of all Australian public telephone numbers and associated customer information including name and address information. It also includes information such as whether the number or address is to be listed in a public number directory and whether the number is used for residential, business, government or charitable purposes. All information contained in an integrated public number database is captured under the first set of circumstances.
Paragraph (1) (b) describes the second set of circumstances that apply for the purposes of subsection 292 (1) of the Act.
Under both limbs of paragraph (1) (b), the authorised person is required to certify to Telstra that the disclosure or use by the authorised person is for the purpose of either:
(a) preventing or lessening a serious and imminent threat to the life or health of persons or a class of persons (sub-subparagraph (1) (b) (i) (A)); or
(b) ensuring effective arrangements are in place to deal with such threats when they arise (sub- subparagraph (1) (b) (i) (B)).
Sub-subparagraph (1) (b) (i) (A) covers actual disclosure or use of the protected information in a real-life case where there is a serious or imminent threat to a person’s or class of person’s life or health.
Sub-subparagraph (1) (b) (i) (A) is intended to capture any kind of threat that represents an actual serious and imminent threat to the life or health of a person. In this context, the term, 'serious and imminent threat' may include threats to people’s lives or health stemming from natural occurrences, such as bushfires, cyclones and floods. It may also extend to threats arising from non-natural occurrences, such as criminal acts or industrial accidents. It is not intended to cover threats to property (real or personal), livestock or vegetation.
The reference to a person and class of persons is intended to capture not only threats facing known individuals, but threats facing persons in similar circumstances. For example, in the case of bushfire, persons situated in a particular ‘at risk’ geographical location.
Sub-subparagraph (1) (b) (i) (B) is intended to allow disclosure of the relevant information or document to an authorised person for the purposes of ensuring that effective arrangements are in place to deal with serious and imminent threats to the life or health of persons. This is intended to include the purpose of testing the effectiveness of arrangements (such as systems, databases, procedures and practices) proposed, or in place, to prevent or lessening the threats to people’s lives or well-being.
Identity of recipient of protected information
Subparagraph (1) (b) (ii) sets out the requirements for the authorised person to identify to Telstra the person or entity who is to receive the protected information or document.
Undertaking regarding the use or disclosure of the information
As a further precondition to the disclosure of the protected information under sub-subparagraph (1) (b) (ii) (A) is the requirement that the authorised person provide an undertaking to Telstra that:
(a) any use or disclosure by a person other than Telstra or an employee of Telstra will be for a permitted purpose, as provided for under the Regulations (sub-subparagraph (1) (b) (iii) (A)); and
(b) reasonable steps are taken to ensure that any use or disclosure will not adversely affect the operation of Telstra’s telecommunications network (sub-subparagraph (1) (b) (iii) (B)).
Sub-subparagraph (1) (b) (iii) (B) is intended as a safeguard to assure network continuity. This is because there is a risk that sending telecommunication-based warnings in a real emergency situation (where there is a serious and imminent threat to people’s lives or health) or a testing scenario, could adversely impact upon telecommunications networks, particularly where large number of messages were sent. For instance, where telecommunication-based warnings were made on a large scale, telephone subscribers in a particular geographic area affected must still be able to make outbound calls, especially to 000, while the message is being transmitted for the relevant purpose.
The nature of much of the customer information contained in the integrated public number database (such as names, telephone numbers (in particular unlisted) and residential addresses) is inherently personal and confidential. As the Regulations allow emergency management authorities in each relevant state and territory to obtain all the database listings for their respective state or territory for the purpose of ensuring arrangements are in place to deal with serious and imminent threats to life and health of persons, it is considered that further safeguards are required in respect of the use and handling of such sensitive information.
Paragraph (1) (c)
The exceptional circumstance specified in paragraph (1)(c) applies in the case where a certification given by an authorised persons for the purposes of sub-subparagraph (b) (i) (A) (actual threats to people’s lives or health), and the recipient is not Telstra.
In the case of an actual serious or imminent threat to a person’s life or health (as provided for under sub- subparagraph (1)(b)(i) (A), the recipient of the protected information is not required to enter into an agreement with Telstra. However, in order to ensure that there are appropriate safeguards against unauthorised use or disclosure of the protected information, the authorised person is required to give an undertaking to Telstra that the recipient will destroy the information or document when there is no longer an operational need for it.
Paragraph (1)(d)
As a further safeguard to the improper use of protected information or document disclosed under the circumstances described in these Regulations, subparagraph (1) (d) requires the authorised person to certify to Telstra (where the authorised person is not Telstra itself) that a legally binding agreement is in effect between Telstra and the recipient and that such an agreement makes provision for the matters specified under sub-subparagraphs (1) (d) (ii) (A) to (E). These requirements are specified to ensure that adequate measures are in place to protect against the improper or unauthorised use (advertent or inadvertent) of the information contained in the integrated public number database.
The matters covered under the aforementioned sub-subparagraphs include:
(a) provision for the Privacy Commissioner to have oversight of the use of the information or document by the recipient;
(b) a prohibition against unauthorised use or disclosure of the information or document by the recipient or any other person for a purpose other than that mentioned in sub-subparagraph (d) (i) (B);
(c) a requirement the information or document to be destroyed when there is no longer an operational need for it; and
(d) provision for the secure handling, transmission and destruction of the relevant information to prevent the unauthorised disclosure or use of the information or document.
Subregulation (2)
Subregulation 5.1B(2) defines the terms ‘authorised person’, ‘certified’ and ‘integrated public number database’.
‘Authorised person’ means a person who holds, occupies or performs the duties of an office or position specified in writing for the purposes of this regulation by the Minister administering the Administrative Decisions (Judicial Review) Act 1977. Currently, such a Minister is the Commonwealth Attorney-General.
It is intended that these appointments would be senior-ranking officials of a Commonwealth, state or territory emergency management authority.
Meaning of certified
The term, ‘certified’ means certified in writing in a form determined in writing for the purposes of this regulation by the Minister administering the Administrative Decisions (Judicial Review) Act 1977. The certification provides a further assurance as to certain matters making up preconditions to the disclosure or use under subregulation 5.1B(1).
The term, 'integrated public number database' means the database maintained by Telstra in accordance with clause 10 of the Carrier Licence Conditions (Telstra Corporation Limited) Declaration 1997.