Story image

Should Aussie organisations be collecting metadata?

25 Feb 2016

UXC Consulting is calling on Australian organisations to take a close look at its position regarding metadata, following the recently-enacted amendment to the Telecommunications Act.

The amendment requires telecommunications providers to retain details of online communications and mobile/landline calls made by Australians from within Australia through the call metadata.

“The Telecommunications Act – Data Retention Amendment came into force in mid-October 2015. However, organisations required to retain data can seek approval to progressively implement the necessary infrastructure and procedures, provided that they will be compliant by April 2017,” says Iain Stevenson, principal consultant with UXC Consulting.  

“Many organisations whose core business is not the provision of telecommunications, including the hospitality, education, healthcare, and local government sectors also potentially fall under this legislation,” he says.

“While deadlines for preparing and submitting an implementation plan, or seeking an exemption or variation to your obligations, have now passed, it’s safe to assume that not every organisation that needed to meet this requirement actually achieved it,” Stevenson adds.

According to Stevenson, retaining metadata can be quite onerous for organisations as the metadata itself has to be collected, encrypted, and stored securely for two years.

He says this can become expensive in terms of the necessary tools and data storage as well as the additional ICT processes, compliance oversight, and reporting required.

“If your organisation is providing telecommunications services on your own network equipment to people outside of your immediate business circle, then it is likely that you must now have a plan for retaining the resultant metadata,” he explains.

Four examples of organisations that fall under the new provisions are:

* A hospital provides Wi-Fi internet services using its own Wireless Access Points (WAPs) to patients and visitors, and its tenants (a flower shop, newsagent, and pharmacy). All have telephone extensions through the hospital switchboard. These may all create the need for metadata retention.

* A university offers its students a life-long university email address as well as providing on-campus Wi-Fi and internet services to all campus visitors. Staff and current students are considered part of the university’s immediate circle and do not create any data retention obligations. However, alumni (past students), conference visitors, and (potentially) visiting lecturers are not, and the university may subsequently find that it needs to collect metadata for all users.

* A chain of coffee shops or hotels provides Wi-Fi Internet services and perhaps an internet terminal or two for its patrons. If the organisation owns and operates the Wi-Fi equipment, certain data must be retained despite the fact that the underlying internet access is provided by their ISP.

* A conference centre operates its own online collaboration services for use by conference attendees. The metadata associated with these ‘internet over-the-top’ services must also be retained.

Organisations need to examine whether they offer some form of internet access to visitors or the general public using their own network equipment, or operate internet collaboration applications available to those outside their immediate business circle,” says Stevenson.

“If so, they may be obliged to collect, encrypt, and retain the associated metadata for two years, and make it available to government authorities on request,” he explains.

“The implications of the Data Retention Amendment are often not immediately clear, and the legislation must be read within the context of specific technical and business circumstances to understand exactly how it applies to individual organisations,” Stevenson says.

“Therefore, it is important that organisations seek proper legal advice to ensure they are meeting the requirements.”

Cryptomining apps discovered on Microsoft’s app store
It is believed that the eight apps were likely developed by the same person or group.
A multi-cloud approach - what is in it for me?
OVH CEO Michel Paulin explains the benefits of a multi-cloud approach to an organisations digitalisation and what to consider before implementation.
IDC: Top 10 trends for Australia’s digital transformation
The CDO title is declining, 35% of us will be working with bots, the Net Promoter Score will be key to success, and more.
Why the IT service integration market is becoming highly automated
"The SIAM market is not large, but it is one of the fundamental pillars of every digital transformation strategy."
Intel and Rakuten partner to address 5G network gap
“We believe this full end-to-end virtualised network will help us to shift away from reliance on dedicated hardware and legacy infrastructure.”
Exclusive: How Australian businesses can foster customer loyalty with CX
From boardrooms to meeting rooms, there’s an overwhelming recognition of the importance of CX, particularly when it comes to building customer loyalty.
Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
HCL and IBM collaborate to encourage global hybrid cloud uptake
HCL announced a collaboration with IBM designed to help advance the hybrid cloud journeys of organisations worldwide.