The Commonwealth Ombudsman has made more than 500 recommendations and suggestions to improve the way law enforcement and integrity Agencies comply with the Telecommunications (Interception and Access) Act 1979.
In her report Monitoring agency access to stored communications and telecommunications data under Chapters 3 and 4 of the Telecommunications (Interception and Access) Act 1979, Acting Commonwealth Ombudsman Penny McKay (pictured) said her Office reviewed 20 of the Commonwealth, State and Territory Agencies’ use of stored communication and telecommunications data powers and how they related against the requirements of the Act.
“Stored communications are communications that already exist and are stored on a carrier’s systems,” Ms McKay said.
“This includes items like emails and text messages,” she said.
“Telecommunications data is the information about a communication, but not the content of the communication itself – commonly referred to as ‘metadata’.
“This can include subscriber information and the date, time and duration of a communication.”
Ms McKay said a person did not generally know when an Agency had used these powers to access their data.
“My Office’s oversight provides assurance to the Parliament and public about Agencies’ compliance with legal requirements when they use these intrusive powers,” the A/Ombudsman said.
She said that some of the key-stored communications issues that were identified included warrants issued by an ineligible authority, and Agencies not keeping records that preservation notices were properly given.
Ms McKay said key telecommunications data issues included Agencies not showing that required considerations were taken into account by authorised officers; meeting record-keeping obligations; and Agency training and guidance material.
“Generally, we saw an increase in the number of compliance-related findings compared to previous inspections,” she said.
“This partly reflects our increased emphasis on inspecting Agencies’ policies, procedures, and controls in place to mitigate risks of non-compliance.
“However, there were also instances where we were not satisfied with the remedial action Agencies took in response to previous compliance findings, including implementing previous recommendations and suggestions made by our Office.”
Ms McKay made 29 recommendations, 386 suggestions and 116 better practice suggestions for improvement across the Agencies inspected.
“Most Agencies were receptive to our findings, demonstrating a commitment to either building or strengthening their culture of compliance,” she said.
The A/Ombudsman’s 74-page Report can be accessed at this PS News link.