The Australian Communications and Media Authority (ACMA) says it has fined incumbent telco Telstra A$2.53 million (around $1.9 million) over violations of the authority’s rules on protection of privacy and safety of customers on a massive scale – rules that Telstra has violated in the past.
The ACMA investigation logged close to 50,000 instances where Telstra failed to correctly upload a customer’s choice of an unlisted (or silent) number to the Integrated Public Number Database (IPND). As a result, those numbers could be published in public phone directories or be made available through directory services.
The ACMA also found that Telstra failed to provide data to (or failed to update) the IPND for its Belong customers on over 65,000 occasions.
The IPND is made up of Australian phone numbers and their owner details. All telcos in Australia are required to upload customer information into the IPND for each service they provide. This includes the telephone number, the customer’s name and address and whether the customer wants their number of be listed or unlisted. Flagging a number as listed or unlisted determines whether a customer’s details are available in public phone directories and directory assistance services.
The IPND is not only used by public phone directories – it’s also a key resource for Australia’s emergency services, law enforcement and national security agencies.
By failing to provide the required information to the IPND, Telstra potentially put people’s safety at risk, said ACMA Chair Nerida O’Loughlin in a statement.
“When people request a silent number it is often for very important privacy and safety reasons, and we know that the publication of their details can have serious consequences,” she said.
The IPND is also used by Triple Zero to help locate people in an emergency. The Emergency Alert Service uses the data to warn of emergencies like flood or bushfire, and to assist law enforcement activities.
“The provision of these critical services can be hampered and lives put in danger if data is missing, wrong or out of date. It is alarming that Telstra could get this so wrong on such a large scale,” O’Loughlin said.
Moreover, she added, this isn’t the first time Telstra had breached these obligations – it also did so in 2019. “Telstra initially self-reported these matters and moved quickly to fix them. However, this is not Telstra’s only recent major breach of these rules, which is why the ACMA has taken this action.”
It’s also not a problem unique to Telstra – in 2018 and 2020 the, the ACMA took action against a total of 26 telcos for non-compliance with upload rules, including giving remedial directions. Earlier this year the ACMA penalized Lycamobile A$600,000 penalty for breaching the rules.
If Telstra fails to comply with its obligations in future the ACMA can commence proceedings in the Federal Court for civil penalties of up to A$10 million per contravention.