Telecommunications (Integrated Public Number Database Scheme – Conditions for Authorisations) Determination 2017 (Cth)

Case
No judgment structure available for this case.

Telecommunications (Integrated Public Number Database Scheme – Conditions for Authorisations) Determination 2017

I, MITCH FIFIELD, Minister for Communications, make the following instrument.

Dated 18 July 2017                                        

MITCH  FIFIELD

Minister for Communications

Contents

1  Name........................................................................................................................................ 1

2  Commencement........................................................................................................................ 1

3  Authority.................................................................................................................................. 1

4  Definitions................................................................................................................................ 1

5  Schedules................................................................................................................................. 2

6  Cross-border disclosure of protected information.................................................................... 2

7  Safeguarding protected information.......................................................................................... 3

8  Addressing breaches of security............................................................................................... 3

9  Notification of breaches by others............................................................................................ 3

10  Secure disposal of protected information after use................................................................. 3

11 Public number directory publishers......................................................................................... 3

12  Researchers............................................................................................................................ 4

Schedule 1—Repeals  5

Telecommunications (Integrated Public Number Database Scheme – Conditions for Authorisations) Determination 2007 (No. 1)   5

1  Name

This instrument is the Telecommunications (Integrated Public Number Database Scheme – Conditions for Authorisations) Determination 2017.

2  Commencement

This instrument commences on the day after this instrument is registered.

3  Authority

This instrument is made under section 295P of the Telecommunications Act 1997.

4  Definitions

In this instrument:

Act means the Telecommunications Act 1997.

contractor means a person who performs services for and on behalf of the holder of a public number directory authorisation or a research authorisation but does not include a person who performs such services in the capacity of an employee of the holder.

customer means a person who is supplied with a carriage service by a carriage service provider.

customer data has the same meaning as in the Telecommunications Integrated Public Number Database Scheme 2017.

directory address means the information contained in the designated directory address fields in the integrated public number database.

directory finding name means the information contained in the designated finding name fields in the integrated public number database.

integrated public number database has the meaning given by subsection 285(2) of the Act.

integrated public number database scheme means the scheme in force under section 295A of the Act.

IPND Manager means the person who maintains the integrated public number database from time to time.

Australian Privacy Principles has the same meaning as in the Privacy Act 1988.

protected information means information or a document disclosed under subsection 285(1A) of the Act for a purpose covered by:

(a)  subparagraph 285(1A)(c)(ii) of the Act; or

(b)  subparagraph 285(1A)(c)(iv) of the Act.

public number has the meaning given by subsection 285(2) of the Act.

public number directory has the meaning given by subsection 285(2) of the Act.

public number directory authorisation means an authorisation under the integrated public number database scheme that permits the person to whom it is granted to use and disclose protected information for a purpose covered by subparagraph 285(1A)(c)(ii) of the Act.

research authorisation means an authorisation under the integrated public number database scheme that permits the person to whom it is granted to use and disclose protected information for a purpose covered by subparagraph 285(1A)(c)(iv) of the Act.

Note: A number of expressions used in this instrument are defined in section 7 of the Act, including the following:

(a)    ACMA;

(b)    carriage service;

(c)    carriage service providers.

(2)  For the purposes of this instrument, protected information is taken to be transferred to someone who is in a foreign country when it becomes accessible to the intended recipient of the information in the foreign country.

Note:          Section 6 of this instrument deals with transborder data flows. It is not intended to capture temporary offshoring of data such as when a document is emailed between two points within Australia but because of Internet routing it travels overseas on the way to its destination.

5  Schedules

Each instrument that is specified in Schedule 1 to this instrument is repealed as set out in the Schedule.

6  Cross-border disclosure of protected information

(1)  An authorisation under the integrated public number database scheme is subject to a condition prohibiting the holder of an authorisation from transferring protected information to someone who is in a foreign country (the recipient) unless:

(a)  the holder reasonably believes that the recipient is subject to a law or binding scheme that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the Australian Privacy Principles protect the information; or

(b)  the holder has made contractual arrangements with the recipient to ensure that the information which it has transferred will not be held, used or disclosed by the recipient inconsistently with the Australian Privacy Principles.

(2)  An authorisation under the integrated public number database scheme is subject to a condition requiring the holder of an authorisation to remain legally responsible for any use or disclosure of protected information by the recipient that is inconsistent with the Australian Privacy Principles.

7  Safeguarding protected information

An authorisation under the integrated public number database scheme is subject to a condition requiring the holder of the authorisation to take reasonable steps to protect and secure the protected information, and any personal information related to the protected information, that it holds from:

(a)  misuse or loss; and

(b)  unauthorised access, modification, use or disclosure.

8  Addressing breaches of security

An authorisation under the integrated public number database scheme is subject to a condition requiring the holder of the authorisation, as soon as practicable after the holder becomes aware of a substantive or systemic breach of security that could reasonably be regarded as having an adverse impact on the integrity and confidentiality of the protected information, to:

(a)  notify the ACMA and the IPND Manager; and

(b)  take reasonable steps to minimise the effects of the breach.

9  Notification of breaches by others

An authorisation under the integrated public number database scheme is subject to a condition requiring the holder of the authorisation, as soon as practicable after becoming aware that a person to whom the holder has disclosed protected information has contravened any legal restrictions governing the person’s ability to use or disclose protected information, to notify ACMA and the IPND Manager.

10  Secure disposal of protected information after use

An authorisation under the integrated public number database scheme is subject to a condition requiring the holder of the authorisation to securely destroy protected information within 10 business days of:

(a)  the protected information no longer being required for the purpose for which it was disclosed to the holder; or

(b)  the authorisation ceasing or being revoked.

11 Public number directory publishers

(1)  A public number directory authorisation is subject to a condition requiring the holder of the authorisation to make contractual arrangements to ensure that any contractor to whom the holder discloses protected information neither uses nor discloses that information except for a purpose covered by subparagraph 285(1A)(c)(ii) of the Act.

(2)  A public number directory authorisation is subject to a condition that the only customer data from the integrated public number database that may be included in a public number directory published and maintained by the holder of the authorisation is the directory finding name, directory address and public number.

(3)  A public number directory authorisation is subject to a condition requiring the holder of the authorisation to ensure that any public number directory that the holder or a contractor publishes using protected information contains the name and contact details of the holder as the copyright owner and a statement concerning the holder’s copyright in the directory.

12  Researchers

(1)  A research authorisation is subject to a condition requiring the holder of the authorisation to make contractual arrangements to ensure that any contractor to whom the holder discloses protected information neither uses nor discloses the information except for a purpose covered by subparagraph 285(1A)(c)(iv) of the Act.

(2)  A research authorisation is subject to a condition requiring the holder of the authorisation to ensure that any database that the holder produces using protected information:

(a)  does not enable a person who only knows the public number of an end-user of a carriage service to readily identify the end-user’s name and/or address; and

(b)  subject to subsection (3), does not enable a person who only knows the whole or a part of the address of an end-user of a carriage service to readily identify the end-user’s name and/or public number.

(3)  The holder of a research authorisation may produce a database of a kind mentioned in subsection (2) that enables a person to search by postcode to find a list of public numbers, and the customer data associated with those numbers, from within the postcode.

(4)  A research authorisation is subject to a condition requiring the holder of the authorisation to use only the directory finding name, directory address and public number fields of the integrated public number database to contact customers.

(5)  A research authorisation is subject to a condition prohibiting the holder of the authorisation from selling or providing customer data to any person for any purpose unless this is authorised or required by or under law.

Schedule 1—Repeals

Telecommunications (Integrated Public Number Database Scheme – Conditions for Authorisations) Determination 2007 (No. 1)

1  The whole of the instrument

Repeal the instrument.

Actions
Download as PDF Download as Word Document


Cases Citing This Decision

0

Cases Cited

0

Statutory Material Cited

0