The Law Handbook 2024

Chapter 12.2: Privacy and your rights 1113 visit www.acma.gov.au. The OAIC can monitor compliance with the record-keeping requirements contained in Part 13 of the Telecommunications Act, which requires telecommunications providers to keep records of certain disclosures of personal information. The TIA Act permits telecommunications providers to disclose personal information to the Australian Security Intelligence Organisation ( ASIO ) or to the Federal Police. The TIA Act prohibits the unauthorised access and interception of communications, subject to various exceptions, unless a warrant is obtained. Those issuing warrants must consider, among other things, the privacy of the people affected by the access and interception. Since 13 October 2015, telecommunications providers have been required to collect and retain certain types of telecommunications data (metadata) for a minimum period of two years. All service providers that collect and retain data under this provision are required to comply with the PA 1988 in relation to that data. Do not call register A national ‘do not call register’ began operating in May 2007 in accordance with the Do Not Call Register Act 2006 (Cth). The register is administered by ACMA. The Act allows people to register (without charge) their home phone, domestic mobile and fax number to opt out of a wide range of unsolicited telemarketing calls. Government bodies and emergency services numbers may also register. The Do Not Call Register Legislation Amendment Act 2010 (Cth) has enabled all Australian telephone and fax numbers to be registered, allowing organisations (including businesses) and individuals to access the protections of the register. Businesses can still contact other businesses with whom they have a relationship under the inferred consent provisions. Businesses that have given express consent to receive calls or faxes may also continue to be contacted. However, ‘cold calls’ and marketing faxes to businesses that do not fall under the express or inferred consent provisions are prohibited for numbers on the register. As a part of the registration process, new registrants are provided with the option to nominate to receive calls or faxes relating to a list of industry classifications. The legislation makes it illegal for any non-exempt telemarketer in Australia and overseas to contact a number on the register without consent. There are exemptions for government bodies, educational or religious organisations, registered political parties, independent members of parliament, electoral candidates and charities. Market and social researchers may call to conduct standard opinion polling and questionnaire research, subject to a national industry standard. Businesses that have an existing relationship with a person may also call numbers on the do not call register. Enquiries and complaints relating to the do not call register can be made by calling the ACMA on 1300 792 958. Consumer Data Right The Consumer Data Right ( CDR ) is intended to give consumers greater control over their data. The CDR also gives consumers the ability to direct a data holder to provide their CDR data to an accredited data recipient in a CDR-compliant format. The CDR was enacted by the Treasury Laws Amendment (Consumer Data Right) Act 2019 (Cth), which inserted a new Part IVD into the Competition and Consumer Act 2010 (Cth). The CDR scheme was introduced in the banking sector on 1 July 2020, and will be rolled out to other sectors. The energy sector has been bound since 15 November 2022. Expansion to the telecommunications sector is currently paused. The Competition and Consumer (Consumer Data Right) Rules 2020 (‘ CDR Rules ’) provide the framework for how the CDR legislation applies, including in relation to consent and privacy safeguards. The CDR is co-regulated by the Australian Information Commissioner and the ACCC. For more information about the CDR, see www.cdr.gov.au. Complaints to the Information Commissioner Individuals may complain to the Information Commissioner if they believe their privacy has been interfered with and there has been a breach of: • the Australian Privacy Principles; • an approved Privacy Code, with limited exceptions; • the credit-reporting provisions in the PA 1988 and the Privacy (Credit Reporting) Code 2014; • the COVIDSafe app data protections under Part VIIIA of the PA 1988;