Credit: Telstra
The communications regulator has whacked Telstra with a $300,000 fine for safety and privacy breaches related to the Triple Zero emergency database.
The Australian Communications and Media Authority (ACMA) said Telstra failed to provide accurate details of 19,000 customers to the Integrated Public Number Database (IPND) between October 2010 and August 2022.
The IPND is used by Triple Zero to help locate people for the Emergency Alert Service to warn of emergencies like floods or bushfires and to assist the police.
All telcos must upload accurate customer details to the IPND for each service using a public number that they provide under the Telecommunications Act and the IPND industry code. Consumers also have a right to request a copy of their IPND record and it must be provided within 20 business days.
ACMA first found systemic issues with Telstra’s compliance with IPND rules in 2021, when it fined Telstra $2.5 million for failing to add 850,000 customers accurately.
Then, Telstra said it was to a significant compliance uplift program to ensure future compliance.
However, in September 2022, Telstra notified the ACMA it had found further issues from the same period through monitoring arrangements as part of its uplift program.
A subsequent investigation found Telstra failed to provide accurate customer information to the IPND on more than 19,000 occasions between October 2010 and August 2022, including around 600 occasions where silent numbers were incorrectly flagged for listing in directory services. Telstra also failed to provide over 200 consumers with a copy of their IPND information within the required time frame.
“Telstra needs to focus on completing the program and making sure it is fully compliant with these rules. The IPND is essential in a crisis when emergency services or police need to contact or locate people in harm’s way,” said ACMA chair Nerida O’Loughlin.
“We will keep Telstra focused on fixing these longstanding issues and giving consumers confidence that their data is being accurately recorded,” said O’Loughlin.
In addition to the financial penalty, the ACMA has accepted a court-enforceable undertaking from Telstra that requires an independent review of its IPND compliance uplift, meaning Telstra must check its data quarterly.
If Telstra fails to comply with its obligations or the enforceable undertaking in future, the ACMA can commence proceedings in the Federal Court.
“The ACMA expects all telcos to have and maintain effective processes to meet these critical obligations, especially as we head into the bushfire season in Australia,” O’Loughlin added.
A Telstra spokesperson said the telco has been "working to improve [its] systems and processes that deliver data to the IPND".
"This work uncovered some data inaccuracies as well as an issue that held up processing some customer requests for a copy of their IPND data. We reported these issues to ACMA and took steps to correct them. People's privacy and safety is paramount and we’re sorry this happened," they added.
We accept the ACMA's findings and have also executed an enforceable undertaking which includes appointing an independent reviewer to report on the status of our improvement work program.
In 2020. an ACMA investigation found Telstra had overcharged more than 10,000 customers almost $2.5 million over a 12-year period. Last year, refunded these customers more than $1.73 million and paid a $506,160 infringement notice.
