The ACMA investigation found almost 50,000 instances where Telstra failed to correctly upload a customer’s choice of an unlisted - or silent - number to the Integrated Public Number Database (IPND) meaning these numbers could be published in public phone directories or be available through directory services.
The ACMA said it also found that Telstra failed to provide data to, or failed to update, the IPND for its Belong customers on over 65,000 occasions.
The IPND is made up of Australian phone numbers and their owner details, is used by public phone directories, and provides an important resource to support the work of Australia’s emergency services, law enforcement and national security agencies.
ACMA Chair Nerida O’Loughlin said that by failing to provide the required information to the IPND, Telstra potentially put people’s safety at risk.
“When people request a silent number it is often for very important privacy and safety reasons, and we know that the publication of their details can have serious consequences.
The IPND is also used by Triple Zero to help locate people in an emergency, for the Emergency Alert Service to warn of emergencies like flood or bushfire, and to assist law enforcement activities.
“The provision of these critical services can be hampered and lives put in danger if data is missing, wrong or out of date. It is alarming that Telstra could get this so wrong on such a large scale,” O’Loughlin said.
The ACMA’s action follows findings in 2019 that Telstra had breached the same obligations.
“Telstra initially self-reported these matters and moved quickly to fix them. However, this is not Telstra’s only recent major breach of these rules, which is why the ACMA has taken this action,” added O’Loughlin.
All telcos are required to upload customer information into the IPND for each service they provide. This includes the telephone number, the customer’s name and address and whether the customer wants their number of be listed or unlisted. Flagging a number as listed or unlisted determines whether a customer’s details are available in public phone directories and directory assistance services.
This is the latest action in the ACMA’s ongoing campaign to improve the accuracy of the IPND and reduce the risk of harm to Australians. In 2018 and 2020 the ACMA says it took action against a total of 26 telcos for non-compliance with upload rules, including giving remedial directions. Earlier this year the ACMA gave Lycamobile a $600,000 penalty for breaching the rules.
The ACMA advised that if Telstra fails to comply with its obligations in future the ACMA can commence proceedings in the Federal Court for civil penalties of up to $10 million per contravention.
As 2021 wraps up, Telstra is definitely on Santa's naughty list, this is the third fine or penalty for the year:
- Telstra was ordered to pay $50M by the Federal Court in May for engaging in unconscionable conduct when it sold mobile contracts to more than 100 Indigenous consumers across three states and territories. "The $50 million penalty imposed against Telstra is the second highest penalty ever imposed under the Australian Consumer Law. This is appropriate given the nature of the behaviour by Australia’s biggest telecommunications company, which was truly beyond conscience,” the ACCC Chair Rod Sims said at the time.
- Also in May, Telstra paid an infringement notice of more than $1,500,000 after the Australian Communications and Media Authority (ACMA) found it failed to provide consumers with the opportunity to keep their existing local phone number when changing telcos, known as local number porting. Telstra had COVID-19-related impacts on its offshore operations from March 2020. At the time the ACMA Chair Nerida O’Loughlin said, “Australian consumers must have the freedom to change their telco provider to take up services that best suit their needs. This includes keeping your own phone number even if you take your business elsewhere.”
Telstra was contacted for comments on this latest infringement a Telstra spokesperson said, "We have an obligation and responsibility to protect the privacy and safety of our customers – and we haven’t met our own high expectations or those of our customers.
"We self-reported these issues to ACMA and took steps to correct them.
"We accept the ACMA findings and have paid the infringement notice." the Telstra spokesperson concluded.
The Australian Communications Consumer Action Network (ACCAN) has welcomed the ACMA’s action against Telstra for breaching consumer privacy rules related to the Integrated Public Number Database (IPND).
“It is vital that consumer information stored in the IPND is accurate and secure. Emergency services use the IPND, as well as a range of other information, to locate people calling for assistance,” said ACCAN acting CEO Andrew Williams.
"The IPND is also used by law enforcement, and for specific research purposes approved by the Australian Communications and Media Authority (ACMA).
“While we recognise and appreciate the fact Telstra self-reported this issue, the multi-million dollar fine imposed by the ACMA recognises the serious breach of customer trust and the significant potential harms for those customers whose information was not updated.
“We hope that this serves as a timely reminder for all telcos regarding their obligations under the IPND rules,” concluded Williams.
Let's hope that Telstra improves next year and moves onto Santa's nice list.
This first appeared in the subscription newsletter CommsWire on 16 December 2021.