Data Retention FAQs
With the introduction of new data retention laws on 13 October 2015, you may have some questions about how this data will be kept and who will have access to it. These FAQs will help explain more about the changes to give you a better understanding of our obligations.
What are data retention obligations?
The Government has made laws which require phone companies and internet service providers (ISPs) to keep certain information about customers and their use of services for two years.
What data must be kept?
The data we have to keep is basic detail about customer's account information, calls, internet connection, equipment and location.
Are you keeping any of my personal information?
Yes, the data relates to customer accounts and use of services. It is personal information but it never includes the content of your communications i.e. we don't record what websites you visit. The good thing is that any retained data is covered by the Privacy Act.
Do phone companies and ISPs already collect this data?
It'll vary according to the business needs of each company, but much of the data is already collected for business purposes. For example we use data to know when to send you your bill or whether you're entitled to a particular service as well as all the basics of making sure your account information is kept so we can identify you when you make an enquiry. Some data might be collected but only retained for a short period of time. The rules aim to standardise what is kept and for how long (two years).
Will the data be protected?
Every phone company and ISP is required to keep the data secure and encrypted. These rules are part of our data retention implementation plan. It's a confidential document every phone company and ISP has to develop and get approved by the Attorney-General's Department. Vividwireless takes the security of customer information seriously. We keep all information secure - whether or not it's information collected and required to be kept under this legislation.
Which agencies can access the data?
Under the legislation, agencies can only request access when they have a clear operational or investigative need. They've also got to have internal arrangements in place for protecting privacy. The agencies that can request access to data are: The Australian Security Intelligence Organisation, the Australian Federal Police, a Police Force of a State, State and Territory crime and orruption commissions, NSW Police Integrity Commission, Department of Immigration and Border Protection, Australian Securities and Investment Commission, Australian Competition and Consumer Commission, NSW and Australian Crime Commission. Organisations making requests have to go through the Government to access data. The idea is that the Government knows what's being done with the data at all points in the process.