ACMA issues direction to Telstra

Telstra has been directed to comply with the privacy clause in the Telecommunications Consumer Protections Code (the code) after it failed to protect the privacy of its customers’ personal information.

ACMA’s direction is the first given to a telecommunications provider under the recently registered TCP Code.

In June this year, ACMA found that Telstra had failed to protect the privacy of up to 734,000 of its customers’ personal details after information, stored in a web-based customer management tool, was made accessible via a link available on the internet.

Personal information such as usernames, passwords and, in some cases, addresses, driver’s licence numbers and dates of birth of Telstra customers were publicly accessible from 29 March to 9 December 2011.

ACMA investigated the matter after Telstra advised it that the personal information was available on the internet via its Visibility Tool database, which Telstra used to track orders for bundled products.

“Put simply, if a provider breaches the code, you can expect us to direct it to comply,” said ACMA Chairman Chris Chapman.

“Given Telstra has proactively taken steps to remedy its processes with a view to preventing such an incident from happening again, a direction with respect to the specific code provision is the appropriate measure,” Chapman said.

The direction means that Telstra must comply with clause 4.6.3 of the TCP Code. Failure to do so may result in ACMA taking Federal Court action seeking the imposition of a pecuniary penalty.