The Federal Government’s data retention scheme is now active, as of mid-April 2017. The effect of this new law requires telecommunication organisations to store the metadata from every mobile phone call and all internet activity for two years. In theory, at least, this information is only to be used to support cases involving issues of national security.
However, less than two weeks into the operation of the new law and the Australian Federal Police have already accessed the metadata of an unnamed journalist in pursuit of a political leak that embarrassed the government – and did so without a warrant! For many critics of the retention policy, their fear was that the data collected would be eventually used for matters other than national security – perhaps not immediately, but through “mission creep” over time. Never-the-less even the most vocal critics did not predict that the system would fail before the end of its first month.
The Attorney-General, Senator Brandis, recently announced that the government will prevent civil litigants from using telecommunications data being stored under the data-retention legislation. For businesses, this should mean that your employee’s activities at work, captured solely for the purpose of the data-retention laws, cannot be used against your organisation in civil matters. However, the retention policy is subject to political change, and you may want to discuss any emerging risks with your legal team.
From a technical perspective, it is possible to avoid the retention scheme altogether by simply using a Virtual Private Network (VPN) that encrypts your organisation’s data in a way that makes it unreadable by the telecommunications organisations that must retain it. If you are interested in understanding your options please contact us or give us a call on 1300 443 573.
Article written by Damien Hogan