Telecommunications (Integrated Public Number Database Scheme Conditions for Authorisations) Determination 2007 (No. 1) (Cth)

Case

Commonwealth of Australia

Telecommunications Act 1997

Telecommunications (Integrated Public Number Database Scheme –

Conditions for Authorisations)

Determination 2007 (No. 1)

I, HELEN LLOYD COONAN, Minister for Communications, Information Technology and the Arts, make the following instrument under section 295P of the Telecommunications Act 1997.

Dated 4 May 2007

HELEN LLOYD COONAN

Minister for Communications, Information Technology and the Arts

_________________________________________________________

  1. Name of instrument

This instrument is the Telecommunications (Integrated Public Number Database Scheme – Conditions for Authorisations) Determination 2007 (No. 1).

  1. Commencement

    This instrument commences on the same day as Schedule 1 to the Telecommunications Amendment (Integrated Public Number Database) Act 2006.

  2. Definitions

(1)    In this instrument:

ACMA means the Australian Communications and Media Authority.

Act means the Telecommunications Act 1997.

carriage service has the same meaning as in the Act.

carriage service provider has the meaning given by section 87 of the Act.

contractor means a person who performs services for and on behalf of the holder of a public number directory authorisation or a research authorisation but does not include a person who performs such services in the capacity of an employee of the holder.

customer means a person who is supplied with a carriage service by a carriage service provider.

customer data has the same meaning as in the Telecommunications Integrated Public Number Database Scheme 2007.

directory address means the information contained in the designated directory address fields in the integrated public number database.

directory finding name means the information contained in the designated finding name fields in the integrated public number database.

integrated public number database has the meaning given by subsection 285(2) of the Act.

integrated public number database scheme means the scheme in force under section 295A of the Act.

IPND Manager means the person who for the time being maintains the integrated public number database.

National Privacy Principles has the same meaning as in the Privacy Act 1988.

protected information means information or a document disclosed under subsection 285(1A) of the Act for a purpose covered by:

(a)     subparagraph 285(1A)(c)(ii) of the Act; or

(b)     subparagraph 285(1A)(c)(iv) of the Act.

public number has the meaning given by subsection 285(2) of the Act.

public number directory has the meaning given by subsection 285(2) of the Act.

public number directory authorisation means an authorisation under the integrated public number database scheme that permits the person to whom it is granted to use and disclose protected information for a purpose covered by subparagraph 285(1A)(c)(ii) of the Act.

research authorisation means an authorisation under the integrated public number database scheme that permits the person to whom it is granted to use and disclose protected information for a purpose covered by subparagraph 285(1A)(c)(iv) of the Act.

working day, in a location, means a day that is not a Saturday, Sunday or public holiday in the location.

(2)    For the purposes of this instrument, protected information is taken to be transferred to someone who is in a foreign country when it becomes accessible to the intended recipient of the information in the foreign country.

Note:  Clause 4 of this instrument deals with transborder data flows.  It is not intended to capture temporary offshoring of data such as when a document is emailed between 2 points within Australia but because of Internet routing it travels overseas on the way to its destination.

4             Transborder data flows

(1)    An authorisation under the integrated public number database scheme is subject to a condition prohibiting the holder of an authorisation from transferring protected information to someone who is in a foreign country (the recipient) unless:

(a)     the holder reasonably believes that the recipient is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the National Privacy Principles; or

(b)     the holder has made contractual arrangements to ensure that the information which it has transferred will not be held, used or disclosed by the recipient inconsistently with the National Privacy Principles.

(2)    An authorisation under the integrated public number database scheme is subject to a condition requiring the holder of an authorisation to remain legally responsible for any use or disclosure of protected information by the recipient that is inconsistent with the National Privacy Principles.

5             Safeguarding protected information

An authorisation under the integrated public number database scheme is subject to a condition requiring the holder of the authorisation to take reasonable steps to protect and secure the protected information, and personal information related to the protected information, that is holds from:

(a)      misuse or loss; and

(b)      unauthorised access, modification, use or disclosure.

6             Addressing breaches of security

An authorisation under the integrated public number database scheme is subject to a condition requiring the holder of the authorisation, as soon as practicable after the holder becomes aware of a substantive or systemic breach of security that could reasonably be regarded as having an adverse impact on the integrity and confidentiality of the protected information:

(a)      to notify ACMA and the IPND Manager; and

(b)      to take reasonable steps to minimise the effects of the breach.

7             Notification of breaches by others

An authorisation under the integrated public number database scheme is subject to a condition requiring the holder of the authorisation, as soon as practicable after becoming aware that a person to whom the holder has disclosed protected information has contravened any legal restrictions governing the person’s ability to use or disclose protected information, to notify ACMA and the IPND Manager.

8             Secure disposal of protected information after use

An authorisation under the integrated public number database scheme is subject to a condition requiring the holder of the authorisation to securely destroy protected information within 10 working days of:

(a)     the protected information no longer being required for the purpose for which it was disclosed to the holder; or

(b)     the authorisation ceasing or being revoked.

  1. Public number directory publishers

    (1)    A public number directory authorisation is subject to a condition requiring the holder of the authorisation to make a contractual arrangement to ensure that any contractor to whom the holder discloses protected information neither uses nor discloses that information except for a purpose covered by subparagraph 285(1A)(c)(ii) of the Act.

    (2)    A public number directory authorisation is subject to a condition that the only customer data from the integrated public number database that may be included in a public number directory published and maintained by the holder of the authorisation is the directory finding name, directory address and public number.

    (3)    A public number directory authorisation is subject to a condition requiring the holder of the authorisation to ensure that any public number directory that the holder or a contractor publishes using protected information contains the name and contact details of the holder as the copyright owner and a statement concerning the holder’s copyright in the directory.

10            Researchers

(1)    A research authorisation is subject to a condition requiring the holder of the authorisation to make a contractual arrangement to ensure that any contractor to whom the holder discloses protected information neither uses nor discloses the information except for a purpose covered by subparagraph 285(1A)(c)(iv) of the Act.

(2)    A research authorisation is subject to a condition requiring the holder of the authorisation to ensure that any database that the holder produces using protected information:

(a)     does not enable a person who only knows the public number of an end-user of a carriage service to readily identify the end-user’s name and/or address; and

(b)     subject to subclause (3), does not enable a person who only knows the whole or a part of the address of an end-user of a carriage service to readily identify the end-user’s name and/or public number.

(3)    The holder of a research authorisation may produce a database of a kind mentioned in subclause (2) that enables a person to search by postcode to find a list of public numbers, and the customer data associated with those numbers, from within the postcode.

(4)    A research authorisation is subject to a condition requiring the holder of the authorisation to use only the directory finding name, directory address and public number fields of the integrated public number database to contact customers.

(5)    A research authorisation is subject to a condition prohibiting the holder of the authorisation from selling or providing customer data to any person for any purpose unless this is authorised or required by or under law.

Actions
Download as PDF Download as Word Document


Cases Citing This Decision

0

Cases Cited

0

Statutory Material Cited

0