7 March 2023: Commonwealth Ombudsman’s Stored Communications and Telecommunications Data Annual Report
Today, the Attorney-General tabled the Commonwealth Ombudsman’s report on oversight of stored communication and telecommunications data powers under the Telecommunications (Interception and Access) Act 1979 (the Act).
The report is the outcome of 37 inspections across 21 agencies that used powers to covertly access stored communications and all agencies that had access telecommunications data powers between 1 July 2021 and 30 June 2022.
The Ombudsman made 13 recommendations, 145 suggestions and 97 better practice suggestions - a decrease on the number of recommendations and suggestions made in the previous year1.
Commonwealth Ombudsman, Iain Anderson, was pleased to see a decrease in the number of compliance-related findings, resulting in fewer recommendations and suggestions made across all agencies.
“The results detailed in this report demonstrate the overall maturing compliance culture for all agencies we inspect” Mr Anderson said. “I am once again pleased that agencies were proactive in identifying and reporting of compliance issues to our Office”.
The Ombudsman inspects Commonwealth, state and territory law enforcement and integrity agencies’ use of these powers against the requirements of the Act, reporting annually to Parliament.
Stored communications include items existing on a telecommunications carrier’s system like emails and text messages. Telecommunications data is the information about a communication, but not the content of the communication itself and may include subscriber information, call charge records and location based data.
The report identifies areas posing the greatest risk to agencies’ compliance with the Act in 2021–22. For stored communications, this included:
- destruction of stored communications
- special considerations when applying for a stored communications warrant for a victim of a serious contravention, and
- record keeping requirements regarding the use of Chapter 3 powers.
For telecommunications data, this included:
- access to data where relevant offence thresholds were not met
- demonstrating authorised officer considerations
- data vetting and quality control frameworks
- Journalist Information Warrant controls
- use and disclosure record-keeping obligations
- availability and quality of training and guidance material for agency staff
- authorisations being made for purposes not provided for in the Act, and
- reporting to the Minister.
The report makes findings about instances of non-compliance in authorisations and warrants as well about the adequacy of risk controls such as agency governance frameworks, systems and training.
“Given the intrusive nature of these powers, our inspections are crucial to assuring Parliament and the public that the covert access to someone’s data by law enforcement and integrity agencies is done in compliance with, and in the spirit of, the legislation and its safeguards,” Mr Anderson said.
The report can be found on the Commonwealth Ombudsman website here.
1 The Commonwealth Ombudsman’s Stored Communications and Telecommunications Data Annual Report (2020-2021) made 29 recommendations, 386 suggestions and 116 better practice suggestions for improvement across the 20 agencies inspected.