Telstra Pays $2.5 Million Penance for Failing To Protect Consumers’ Phone Number Privacy

Telstra Pays $2.5 Million Penance for Failing To Protect Consumers’ Phone Number Privacy

Telstra has paid a $2.5 million penance after the ACMA found the telco breached the rules that protect ‘silent’ phone numbers from being made public. Telstra’s budget brand, Belong, was also pulled up for consumer safety failings.

According to a statement from the Australian Communications and Media Authority (ACMA), Telstra Corporation Limited paid an infringement notice of $2.53 million after the watchdog found large-scale breaches of rules intended to protect the privacy and safety of customers. Telstra self-reports a lot of these type of things to the watchdog.

The ACMA said its investigation found almost 50,000 instances where Telstra failed to correctly upload a customer’s choice of an unlisted – or silent – number to the Integrated Public Number Database (IPND). What does this mean? Well, these numbers could be published in public phone directories or be available through directory services. This is the exact opposite of why someone wants a silent number.

A Telstra spokesperson told Gizmodo Australia that it accepts the findings made by the ACMA.

“We have an obligation and responsibility to protect the privacy and safety of our customers – and we haven’t met our own high expectations or those of our customers,” they said.

“We self-reported these issues to ACMA and took steps to correct them.

“We accept the ACMA findings and have paid the infringement notice.”

The ACMA also found that Telstra failed to provide data to, or failed to update, the IPND for customers of its budget brand Belong. On over 65,000 occasions, in fact.

All telcos are required to upload customer information into the IPND for each service they provide. This includes the telephone number, the customer’s name and address and whether the customer wants their number of be listed or unlisted. Flagging a number as listed or unlisted determines whether a customer’s details are available in public phone directories and directory assistance services.

The IPND is made up of Australian phone numbers and their owner details, is used by public phone directories and, as the ACMA explains, provides an important resource to support the work of Australia’s emergency services, law enforcement and national security agencies.

“When people request a silent number it is often for very important privacy and safety reasons, and we know that the publication of their details can have serious consequences,” ACMA chair Nerida O’Loughlin said.

She said that by failing to provide the required information to the IPND, Telstra potentially put people’s safety at risk.

“The IPND is also used by Triple Zero to help locate people in an emergency, for the Emergency Alert Service to warn of emergencies like flood or bushfire, and to assist law enforcement activities,” she continued.

“The provision of these critical services can be hampered and lives put in danger if data is missing, wrong or out of date. It is alarming that Telstra could get this so wrong on such a large scale.”

The ACMA’s action follows findings in 2019 that Telstra had breached the same obligations.

“Telstra initially self-reported these matters and moved quickly to fix them. However, this is not Telstra’s only recent major breach of these rules, which is why the ACMA has taken this action,” O’Loughlin added.

On the breach, the ACMA said that if Telstra fails to comply with its obligations in future, the ACMA can commence proceedings in the Federal Court for civil penalties of up to $10 million per contravention.