The Australian Government has now passed legislation to create a data retention scheme. Under the scheme, all telcos will be required to collect and store a significant amount of customer metadata for two years and make it available upon lawful request to certain law enforcement and national security agencies.

This means we will be legally required to collect, store and make accessible certain customer data, such as the time and duration of phone calls, originating IP addresses, the mobile phone tower connected to when initiating a call and email records. This does not extend to the content of communications.

Previously, we have highlighted the increased security risk associated with retaining more customer metadata we don’t currently need in the delivery of our services to our customers. If some of this is stored and made accessible, then we are creating what has been called a ‘honey pot’ for hackers and criminals to target.

With the legislation having passed through the Parliament, we wanted to assure all our customers that we take data security very seriously and we will be protecting any data collected as part of this new regime.

There is a two year period to implement the scheme and we will be using this time to make sure we have the right protections in place. We are still developing our implementation plans but we have already decided to store our customer metadata encrypted at facilities located here in Australia. While geography alone is not a good measure of security, storing the data in Australia should help allay the concerns of some customers.

Any security strategies we implement for data retention will build on the existing measures we have already have in place to secure our networks and customer data, including intrusion detection systems and other active network monitoring of our network to detect, analyse, and respond to identified security incidents.

We understand that customer metadata has enormous value not just to our customers and law enforcement agencies but also to a range of malicious actors who may seek to gain access to our systems. Our commitment to you is to work diligently every day to protect our networks and your data.

While we work to protect our networks and your information, I would like to take this opportunity to reinforce the message that cyber security is everyone’s responsibility. So we recommend all our customers install up-to-date security software, make sure they update their operating systems and applications as soon as a new update is released, have robust and varied passwords, and be aware of phishing emails and other scams that contain malicious attachments or links. Good cyber security starts with all of us.

For some further tips on how you can stay safe online, visit our Consumer Advice page on Cyber Safety or the Australian Signals Directorate’s Security Tips for Home Users.