The Australian Communications and Media Authority (ACMA) direction is the first given to a telecommunications provider under the recently-registered TCP Code was registered in early September.
In June this year the ACMA found Telstra failed to protect the privacy of up to 734,000 of its customers’ personal details after information, stored in a web-based customer management tool, was made accessible via a link available on the Internet.
Personal information such as usernames, passwords, and, in some cases, addresses, driver’s licence numbers and dates of birth of Telstra customers were publicly accessible from March 2011 to December 2011.
“Put simply, if a provider breaches the code, you can expect us to direct it to comply,” said ACMA Chairman Chris Chapman. “Given Telstra has proactively taken steps to remedy its processes with a view to preventing such an incident from happening again, a direction with respect to the specific code provision is the appropriate measure.”
The direction means that Telstra must comply with clause 4.6.3 of the TCP Code. Failure to do so may result in the ACMA taking Federal Court action to fine the company.