Quick Guide to Australia’s new Data Retention Laws
Times have changed, and so too have Data Retention Laws in Australia. If you’re a telecommunications provider – a licensed carrier, carriage service provider or internet service provider – it’s really important to know your obligations.
The new laws came into effect on 13 October 2015. You’re now obliged by law to collect and protect specific metadata for a period of two years. All retained data must be stored, encrypted and protected from unauthorised interference or access.
Sounds complex? It doesn’t need to be. Here we make it easy with a quick guide to complying with the new Data Retention Laws.
Why the law changed
Metadata is important information that helps fight criminal activity and protects national security. In the past, lack of information and data records have prevented criminals from being brought to justice and have hampered investigations. The previous law lagged poorly behind the rapid changes in modern technology, even referencing floppy disks which nobody uses anymore.
The new laws will help authorities to track illegal activity, such as child exploitation and terrorism threats, for which perpetrators often share information online.
Metadata you must collect
The new Data Retention Laws are designed to capture metadata – information that identifies the communication source and destination – not the actual content. For example, metadata about every phone call, text message and email sent by customers will be tracked, but the message content will not be recorded. Metadata to be captured includes:
- the source and destination of the communication
- date, time and duration of the communication
- type of service used (eg phone, sms, laptop)
- location of equipment or the device used.
Other, more general metadata to be collected includes:
- name, address and billing information
- telephone number
- IP address
- email address
- download and upload volumes.
Who can access the metadata?
Police, major crime and anti-corruption commissions, customs and border protection agencies can access the metadata you collect. These organisations are required to have well developed internal systems for protecting the data and ensuring privacy at all times.
Where to go for help
The Australian Government’s Data Retention Industry Grants Programme provides financial assistance for works undertaken to meet your new Data Retention obligations. The Government has allocated $128.4 million to this programme.
Get in quick, because applications for grants close on 23rd February 2016.
How to simplify data protection
The new laws place two specific obligations on telecommunications providers:
- Metadata collection
- Metadata protection
For most businesses, the collecting part is easy. Protecting the data from unauthorised access, however, is far more challenging. This is where Stickman Consulting steps in to help.
Stickman has developed a customised methodology and solution to assist companies achieve and maintain the Data Retention guidelines. The methodology consist of four phases:
Phase 1 – Define the scope of the data retention for your organisation
Phase 2 – Plan the implementation and assess the solutions required to achieve the data retention guidelines
Phase 3 – Execute the plan to achieve the data retention guidelines
Phase 4 – Maintenance plan and actions to continuously meet the data retention guidelines.
Stickman’s Data Retention solution helps protect any structured or unstructured data located on servers, laptops and desktops. The solution covered detailed workshops, interviews, awareness and training along with recommendation of technology to support encryption, masking, tokenisation and anonymisation, and offers dynamic, context-aware security levels.
The solution can address the needs of telecommunications providers, with:
- basic to defence level
- access control
- multi-factor authentication
- logging and auditing
- high performance
- small to enterprise scalability
- transparent implementation
- privileged user protection levels
- application white and black list control
- high availability.
If you’d like to know more about about data protection and how to meet your data retention obligations, please get in touch today.