The Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015 (the Bill) passed Parliament on 26 March 2015. The Bill introduces a mandatory data retention scheme (scheme) for telecommunications service providers which requires that a defined set of data be retained for a period of not less than two years and some information be retained for not less than two years from the date when the customer account is closed. The scope and coverage of the requirements can be expanded by Ministerial declaration.
The Bill includes a reduction in the number of agencies accessing metadata from over 80 to 21, new oversight powers to the Commonwealth Ombudsman specific protections where the target of a notice is a journalist or the employer of a journalists and the purpose of the notice is to obtain the information regarding the journalist sources. Service providers that are unable to comply with the law when it comes into force must prepare and deliver an implementation plan.
A number of matters remain uncertain about the implementation and operation of the Scheme, including the extent to which the government will contribute to the costs of service providers to comply with it.
The scheme commences 6 months after the Act receives Royal Assent. During the 6 months prior to the scheme commencing, service providers can apply for a “data retention implementation plan” (implementation plan). A service provider’s implementation plan must set out the process by which the service provider will transition into compliance with the scheme. The implementation plan will be in place during the implementation phase, which is the period of 18 months from when the scheme commences.