Telstra has been found to have breached the National Privacy Principles (now replaced by the Australian Privacy Principles) in relation to the personal information of 15,775 Telstra customers (including active silent line customers) between February 2012 and May 2013. During that time, personal information of Telstra customers from 2009 and earlier was accessible online. The Privacy Commissioner found that Telstra disclosed personal information other than for a permitted purpose, and failed to take reasonable steps to ensure the security of the personal information it held and to destroy or de-identify the information.
In relation to the same circumstances, the ACMA found that Telstra contravened the requirement in the TCP Code to ensure that customers' personal information is protected from unauthorised use or disclosure, and an ACMA direction to comply with that requirement (given in response to a previous breach of the TCP Code).
For more information, and a copy of the ACMA's report, please see the ACMA media release.
Please click on the link for a copy of the Privacy Commissioner's report.