The Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015 (Cth) (Data Retention Bill) is now law in Australia after stumbling its way through the lower house and senate last week despite vocal public opposition, such as Get-Up’s ‘Citizens Not Suspects’ petition, and warnings from industry groups about the high price for mandatory data retention.

Data retention obligation

Now that the laws have passed, industry players need to quickly come to terms with their new data retention obligations. Telecommunications or internet service providers (service providers) will be required to retain their customers’ metadata for two years.

Metadata that service providers must keep includes:

·         account and service information

·         source of a communication

·         destination of a communication

·         date, time and duration of a communication

·         type of a communication or of a relevant service used in connection with a communication

·         location of equipment, or a line, used in connection with a communication.

Service providers must keep the metadata confidential by encrypting the information and protecting it from unauthorised interference or access.

Deadlines?

While there is no deadline stipulated under the Data Retention Bill for the service provider to lodge a Plan, if a service provider does not have a Plan approved by the date that is six months from the Royal Assent of the Bill, it will have to be fully compliant with the new laws at that time.

Penalties for non-compliance

Penalties for non-compliance include fines up to $250,000 for each breach of key provisions of the new data retention laws. Additionally, an authorised officer may issue an infringement notice if the officer believes that a breach has occurred.

Author: Sonia Sharma, Senior Associate – Maddocks sonia.sharma@maddocks.com.au