The Australian Communications and Media Authority (ACMA) has fined Optus $1.5 million after the telco was found guilty of “large-scale breaches of public safety rules”.
The fine comes after Optus failed to upload the information of nearly 200,000 customers between January 2021 and September 2023 to the Integrated Public Number Database (IPND).
The IPND is used to provide location information of phone users and to send emergency alerts to emergency services including police, fire and ambulance.
An investigation into Optus was opened by ACMA in November 2023.
ACMA said the investigation focussed on the telco’s obligations under the Telecommunications (Emergency Call Services) Determination 2019, specifically:
- To provide assistance to one another (emergency ‘camp-on’)
- That networks and facilities give an end user access to emergency call services
- That end users who make an emergency call are given access to the emergency call service
- To ensure that an emergency call is carried to the relevant termination point for the call
- To notify the emergency call person as soon as possible about a significant network outage
- To undertake a welfare check on an end user who made an unsuccessful emergency call during a significant network outage
- To cooperate with the emergency call person during a disruption to the emergency call service.
ACMA member Samantha Yorke said the ACMA commenced its investigation after a compliance audit indicated Optus had failed to upload data via a supplier, Prvidr Pty Ltd.
“When emergency services are hindered there can be very serious consequences for the safety of Australians,” she said in a release.
“While we are not aware of anyone being directly harmed due to the non-compliance in this case, it’s alarming that Optus placed so many customers in this position for so long.
“Optus cannot outsource its obligations, even if part of the process is being undertaken by a third party,” she added.
“All telcos need to have systems in place that ensure they are meeting their obligations, including having robust oversight and assurance processes for third-party suppliers.”
In addition to the $1,501,000 penalty, ACMA accepted a court-enforceable undertaking from Optus that requires an independent review of its IPND compliance where it uses a third-party data provider, and make any improvements recommended by the review.
Optus has also been formally directed to comply with the IPND industry code.
In a statement, Optus said it accepted that proper audits and checks were not in place to ensure IPND obligations were being met for services it supplied through partner brands.
“We apologise for this and accept that we have not met community expectations,” a company spokesman said.
“Optus has now introduced those audits and checks over its supplier’s performance to ensure this issue is not repeated.
“Optus accepts the ACMA’s findings and has agreed to an enforceable undertaking to complete an independent review of the processes used to manage compliance with our IPND obligations for these partner brands and make any further improvements if required.”
Original Article published by Andrew McLaughlin on Riotact.