The Parliamentary Joint Committee on Intelligence and Security published its advisory report on Australia’s metadata retention bill today (Friday 27th).  The report is bipartisan, in that representatives of both major political parties agree with its recommendations.

The nature of the bill was described in an earlier post here.  The committee’s report contains 39 recommendations and is over 350 pages long.  We are still coming to grips with it and will likely post a more detailed analysis of a revised bill in due course.

In the meantime, a few potted highlights:

  • Law enforcement agencies will continue to be entitled to obtain access to telecommunications metadata without obtaining a warrant, but the authorising officer must be satisfied that any interference with privacy is justifiable and proportionate (recommendation 25)
  • The types of data required to be retained will be specified in the legislation rather than regulations (recommendation 2)
  • The retention period will remain at 2 years
  • The legislation should be clarified so that it does not apply to providers of ‘over the top’ applications whose facilities are located outside Australia (recommendation 11)
  • The government should make a significant contribution to the up-front capital costs incurred by affected service providers (recommendation 16)
  • The retained data should not be available for use in civil litigation (recommendation 23)
  • The retained data should be held in encrypted form (recommendation 37)
  • A mandatory data security breach reporting regime should apply by the end of 2015 – it appears from the discussion in the report that the Committee had in mind a regime that applies across the board, akin to the lapsed Privacy Alerts bill, rather than a regime specific to telecommunications service providers (recommendation 38)

It is this last point which has the greatest potential impact for Australian businesses in general (as opposed to those in the telecommunications sector).  Mandatory data breach reporting would be a significant change to Australian privacy law.

We’ll be following developments with interest.  Given the Prime Minister’s focus on national security issues and the bipartisan nature of the committee’s report, it seems likely that the bill will move quickly through parliament.