Optus has voiced concerns that the Government has made no provision to ensure data collected under its proposed retention regime is destroyed once the two-year mandatory storage period is up.
The comments, made by Optus vice president of regulatory affairs David Epstein at a hearing on the draft bill today, echo earlier concerns raised by Australia’s intelligence watchdog, the Inspector General of Intelligence and Security.
IGIS head Dr Vivienne Thom yesterday told the committee that ASIO is not required to erase or destroy telecommunications data it holds, and has never exercised powers to destroy some data on non-suspects.
The Government’s data retention bill does not include any requirement relating to the destruction of data.
Epstein today said Optus is therefore not sure what its responsibilities will be towards the data once the two-year retention period expires.
"It's a little bit ambiguous as to precisely what you would be expected to do in terms of destruction."
He said it was “a matter of common sense” that the data would need to be destroyed after the minimum retention requirement was met, and as such Optus was working on scoping out the potential design of storage facilities.
However, committee deputy chair and Labor MP Anthony Byrne said the committee was concerned that the Government doesn't appear to have held “proper” or “in-depth” conversations with telcos about the disposal of data.
“My concern is, considering how far this has progressed, that this hasn’t been actively discussed, given the privacy concerns that have been articulated frequently during the course of the evidence we’ve received,” Byrne said.
Epstein said Optus had had “entirely proper” discussions with the Government, but whether they were “as extensive as you might expect” was a matter of judgement for the committee.
“You can’t store everything forever,” Epstein said. “And to have a practical storage regime you would need to destroy this data set after the minimum storage requirement is met, unless there was an investigation or enforcement action afoot.”
Epstein’s comments follow calls by IGIS to consider changes to provisions around the destruction of data that is not relevant to inquiries.
Australia’s Privacy Commissioner separately warned that data held under the retention scheme was at risk of major privacy breaches if the proposal was passed in its current form. Telstra also said the storage would be a honeypot for would-be hackers.