With the speed and ease of tooth-pulling, the Attorney-General’s Department continues to reveal information about its pursuit of a data retention régime. Late today it provided a summation of industry views on a régime from its consultations with telecommunications and internet service providers in 2009.
The information was provided as part of an answer to a question taken on notice by the Department when Greens senator Scott Ludlam grilled departmental officers about their consultations with industry, and legislative drafting, for data retention, at Estimates hearings in May.
Most interesting from the response is that industry early on identified the substantial expense of data retention. And one firm made its philosophical objections clear, saying “data retention was not an appropriate and proportionate measure within a democratic society and not necessary to safeguard national and public security related interests.”
Industry consultation continued through until 2012, but due to the strict way in which AGD was able to interpret Ludlam’s questions, they didn’t provide any further information about subsequent consultation:
No formal minutes were taken of the industry consultation meetings rather a general, non- identifying summary of industry views was prepared following the two meetings.
Industry suggested that a two year retention period was too onerous. One suggestion from industry was to retain IP data for six months telephone data for twelve months.
Industry asked whether the same terms of access to telecommunications data by agencies will continue.
Industry preferred a centralised storage model as it has advantages for normalising inconsistent data from C/CSPs into a common format. The centralised database would be operated by on or behalf of the government.
Industry stated that data retention would be costly and industry should be compensated. Aspects of costs include:
- Establishing infrastructure to capture data currently not collected
- Storing collected data for required periods, and
- Transmitting collected data to a central location (if a centralised storage model is chosen).
Industry had various divergent views on whether data retention should include the collection and storage of IP data.
Some industry participants proposed a voluntary industry code supported by statute for data retention, rather than mandatory data retention.
Industry was concerned its obligations under data retention would conflict with its obligations under the Privacy Act 1988. Industry suggested the data retention regime be adjusted or that industry get an exemption from relevant obligations under the Privacy Act.
One industry participant submitted data retention was not an appropriate and proportionate measure within a democratic society and not necessary to safeguard national and public security related interests.