Jurisdiction - Australia
Australia – Telstra In Breach Of The Privacy Act And The Telecommunications Consumer Protection Code.

19 July 2012


Legal News & Analysis – Asia Pacific – Australia – TMT


On 29 June 2012, the Australian Communications and Media Authority (the "ACMA") announced that Telstra has been found to be in breach of both the Privacy Act 1988 (the "Act") and the Telecommunications Consumer Protection Code (the "TCP Code"), after personal information of its customers was published online.
On 9 December 2011, Telstra advised the ACMA that personal information of over 700,000 of its customers had been made publically available on the internet.  The privacy breach exposed the names, address, birthdates, and  in some cases the usernames and passwords of some of its customers.  The ACMA commenced an investigation into Telstra's compliance with the TCP Code.
Telstra has been found to have breached of two National Privacy Principles under the Act including Principles 2.1 and 4.1 which relate to use and disclosure and data security respectively.  The telco was also found to be in breach of clause 6.8.1 of the TCP Code, which holds service providers responsible for the protection of customer data.  The ACMA noted that it was most concerned about the 8 month period of time that the breach occurred over, during which time a large number of customers' personal data was made available.  However, the ACMA noted that on becoming aware, Telstra took immediate steps to restrict access to personal information.  Currently Telstra is not facing any regulatory action, however the regulator could bring an action against Telstra if the telco is found to be in breach of customer privacy again.


For further information, please contact:


Lisa Ritson, Partner, Ashurst

[email protected]



Leave a Reply

You must be logged in to post a comment.