Telstra has been issued with a direction from the ACMA to comply with privacy obligations in the Telecommunications Consumer Protections (TCP) Code. The direction is a consequence of Telstra's failure to protect the personal information of up to 734,000 of its customers during the period from 29 March 2011 - 9 December 2011, in which the usernames and passwords of these customers were publicly accessible via a particular internet link.
Where the ACMA finds a TCP Code breach, it can issue the service provider with a direction to comply or with a formal warning. As Telstra has since taken steps to remedy its processes to prevent a repeat incident, the ACMA considered a direction to be the most appropriate measure. This direction is the first to be issued to a telecommunications provider under the recently registered TCP Code. Failure to comply with a direction may result in the ACMA taking Federal Court action for a pecuniary penalty.
For more information, please see the ACCC Media Release.