New Use and Disclosure Exceptions

In the shadow of the Victorian bush fires, regulations create a new exception to the use and disclosure offences under Part 13 of the Telecommunications Act 1997.

Part 13 of the Act requires that Carriers, CSPs, their employees and contractors protect the confidentiality of protected information such as the content of communications, the affairs and personal particulars of people and namely the integrated public number database. The offences under this part are contained in sections 276 to 278, and can include a penalty of imprisonment against offenders.

s292(1) of the Act allows regulations to be made that provides for circumstances in which there may be exceptions to the offences under sections 276 to 278.

Although the Act already allows disclosure of documents and information in cases of threat to life or health (s287) in very limited situations, the Telecommunications Amendment Regulations 2009 (No.1) provides for an exception for the purpose of:

1. preventing or lessening a serious and imminent threat to the life or health of a person or a class of persons; or
2. ensuring that effective arrangements are in place to deal with such threats

The Explanatory Statement to these new Regulations states that:

The primary purpose of the Regulations is to allow emergency management authorities in each state and territory to obtain phone numbers and personal particulars (including any unlisted telephone or any address) of all the database listings for their respective state or territory for the purpose of ensuring effective arrangements are in place to deal with serious and imminent threats to life and health of persons. Such threats may emanate from natural disasters (such as bushfires and floods), criminal acts and non natural disasters (such as industrial accidents).

The Regulations permit disclosure of either (a) the information in an integrated public number database; or (b) a document that consists or relations to information contained in the integrated public number database.

Before disclosure is permitted there are 3 requirements that an authorised person must meet, these are:

1. certify to Telstra that the disclosure and use of the information is required for the two permitted purposes (as set out above); and
2. identify the recipient of the information; and
3. provide Telstra with an undertaking that (a) any disclosure or use by a person other than Telstra or an employee of Telstra will be fore the same purpose; and (b) reasonable steps will be taken to ensure that any disclosure or use by a person other than Telstra or an employee of Telstra will not adversely affect the operation of Telstra telecommunications network;

There are also a number of safeguards requiring destruction of information when no longer required, and authority for the Privacy Commissioner to monitor the use of the information or documents.

We recently received an emergency communication from the Victoria Police, which we presume took advantage of these new Regulations, by way of an SMS warning of:

Extreme weather in Vic expected Mon night & Tues. High wind & fire risk. Listen to Local ABC Radio for emergency updates. Do not reply to this msg.

This Regulation is a welcome yet long over due regulatory development.