Today, the Attorney-General tabled the Commonwealth Ombudsman’s report on oversight of agencies’ use of stored communication and telecommunications data powers in Australia from 1 July 2020 to 30 June 2021.

Stored communications are communications that already exist and are stored on a carrier’s systems. This includes items like emails and text messages. Telecommunications data is the information about a communication, but not the content of the communication itself – commonly referred to as ‘metadata’. This can include subscriber information and the date, time and duration of a communication.

In 2020–21 the Commonwealth Ombudsman reviewed 20 Commonwealth, state and territory law enforcement and integrity agencies’ use of these powers against the requirements of the Telecommunications (Interception and Access) Act 1979 (the Act). The Ombudsman made 29 recommendations, 386 suggestions and 116 better practice suggestions for improvement across the agencies inspected.

“A person does not generally know when an agency has used these powers to access their data”, Mr Anderson said. “My Office’s oversight provides assurance to the Parliament and public about agencies’ compliance with legal requirements when they use these intrusive powers”.

In 2020–21, the Office increased its emphasis on inspecting agencies’ policies, procedures, and controls to mitigate risks of non-compliance, as well as inspecting the records relating to individual warrants and authorisations.

The report outlines the key issues and areas that we found were critical to an agency’s compliance with the Act in 2020–21. This includes agencies’:

Some of our findings relate to new and emerging issues. Some findings relate to issues we also observed in previous years. This includes instances where agencies have not completed remedial action to address previous findings we have made.

“Most agencies were receptive to my Office’s findings”, Mr Anderson said. “I am pleased that my Office observed a maturing compliance culture among agencies which has included proactive identification and reporting of compliance issues to our Office”.

“My Office and I will continue working with all agencies to strengthen compliance with legal safeguards when agencies access stored communications and telecommunications data”.

Finalisation of this report was delayed due to the considerable number and complexity of stored communications and telecommunications data inspections the Office was required to conduct in 2020–21 to inform this report.

“My Office is enhancing our oversight process to improve the timeliness of reporting and the level of assurance we provide to Parliament and the public,” Mr Anderson said.

The report can be found on the Commonwealth Ombudsman website here .

Skip to main content
    0 results available.
      0 results available.
      language assistant menu topper outer language assistant menu topper inner

      Read documents in your language

      If you need more translations, please contact us via: 1300 362 072 or ombudsman@ombudsman.gov.au

      Today, the Attorney-General tabled the Commonwealth Ombudsman’s report on oversight of agencies’ use of stored communication and telecommunications data powers in Australia from 1 July 2020 to 30 June 2021.

      Stored communications are communications that already exist and are stored on a carrier’s systems. This includes items like emails and text messages. Telecommunications data is the information about a communication, but not the content of the communication itself – commonly referred to as ‘metadata’. This can include subscriber information and the date, time and duration of a communication.

      In 2020–21 the Commonwealth Ombudsman reviewed 20 Commonwealth, state and territory law enforcement and integrity agencies’ use of these powers against the requirements of the Telecommunications (Interception and Access) Act 1979 (the Act). The Ombudsman made 29 recommendations, 386 suggestions and 116 better practice suggestions for improvement across the agencies inspected.

      “A person does not generally know when an agency has used these powers to access their data”, Mr Anderson said. “My Office’s oversight provides assurance to the Parliament and public about agencies’ compliance with legal requirements when they use these intrusive powers”.

      In 2020–21, the Office increased its emphasis on inspecting agencies’ policies, procedures, and controls to mitigate risks of non-compliance, as well as inspecting the records relating to individual warrants and authorisations.

      The report outlines the key issues and areas that we found were critical to an agency’s compliance with the Act in 2020–21. This includes agencies’:

      • record-keeping of internal authorisations for access to telecommunications data
      • policies and procedures for checking (vetting) whether communications and data received are consistent with the parameters of the relevant warrant or authorisation
      • frameworks for use, communication, recording and destruction of communications consistent with legal requirements, and
      • availability and quality of training and guidance materials to support officers in complying with legal requirements.

      Some of our findings relate to new and emerging issues. Some findings relate to issues we also observed in previous years. This includes instances where agencies have not completed remedial action to address previous findings we have made.

      “Most agencies were receptive to my Office’s findings”, Mr Anderson said. “I am pleased that my Office observed a maturing compliance culture among agencies which has included proactive identification and reporting of compliance issues to our Office”.

      “My Office and I will continue working with all agencies to strengthen compliance with legal safeguards when agencies access stored communications and telecommunications data”.

      Finalisation of this report was delayed due to the considerable number and complexity of stored communications and telecommunications data inspections the Office was required to conduct in 2020–21 to inform this report.

      “My Office is enhancing our oversight process to improve the timeliness of reporting and the level of assurance we provide to Parliament and the public,” Mr Anderson said.

      The report can be found on the Commonwealth Ombudsman website here .