Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Canberra responds to mandatory data retention review, metadata laws set for an overhaul

The Australian federal government has released its responses to a set of recommendations to overhaul the mandatory data retention scheme, presented to it by the parliamentary joint committee on intelligence and security.

user icon David Hollingworth
Wed, 22 Feb 2023
Canberra responds to mandatory data retention review, metadata laws set for an overhaul
expand image

The government has largely accepted all 22 recommendations, though some it has only accepted in principle.

Top of the list of recommendations is that the Department of Home Affairs should create a set of consistent national guidelines for law enforcement and other agencies, to more clearly define what constitutes the “content or substance of a communication” and to safeguard the contents of communications that have been passed on to agencies in error.

The review also calls for more detailed handling and tracking of all collected data so as to assist in providing adequate oversight and accountability, and that more care be taken when designating “authorised officers” to handle such data. The national guidelines will cover all of these safeguards and will be established within 18 months.

============
============

The government has also agreed to continue limiting the time that data can be held to two years and that data generated by IoT devices does not need to be collected.

The review also calls for telco data to be retained for a minimum amount of time so as to allow proper oversight by the Inspector-General of Intelligence and the Security and the Commonwealth Ombudsman, depending on the agency in question, and that all verbal authorisations for the disclosure of collected data be matched by a record of why the decision was made verbally.

The review also calls for the closing of a loophole that allowed a far wider range of agencies to access collected data, such as the RSPCA, and for better reporting on the outcomes achieved with collected data, such as successful prosecutions.

The final recommendation of the report, and one that the government only agrees to in principle, is that agencies accessing and storing collected data demonstrate that they are doing so in a safe and secure manner. The government’s response is that a range of protections already exist, but it agrees that minimum standards are probably a good idea.

“In addition to the Attorney-General’s Department’s review of the Privacy Act 1988, the Department of Home Affairs is developing a national data security action plan as part of the new cyber security strategy, to deliver whole-of-economy expectations and requirements for data security,” the government response reads.

“The Attorney-General’s Department will work with ACMA, the Department of Home Affairs, security and law enforcement agencies and oversight agencies to determine how minimum standards should be set in light of existing protections and planned reforms.”

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.