The Australian Federal Police (AFP) has revealed that it "mistakenly" accessed a journalist's call records without a warrant in breach of the data-retention legislation.
According to the AFP, there was no "malice" involved in the breach, and there should be no inference that the journalist in question had committed an offence leading to their call records being illegally accessed by the AFP.
"Earlier this week, the AFP self-reported to the Commonwealth Ombudsman that we had breached the Telecommunications Interception Act. The breach ... related to an investigator who sought and was provided access to the call records of a journalist without the prior authority of a journalist information warrant," AFP Commissioner Andrew Colvin said on Friday afternoon.
"No investigational activity has occurred as a result of us being provided with that material. Put simply, this was human error. It should not have occurred, the AFP take this very seriously, and we take full responsibility for a breach in the Act. I also want to say there was no ill will, malice, or bad intent by the officers involved who breached the Act. Quite simply, it was a mistake that should not have happened."
The data involved the records of one phone number calling another phone number, as well as the times, dates, and duration of the phone calls over the period of a week. The data that was accessed by the officer has been destroyed, and as this data was accessed illegally, it cannot have any bearing on the investigation in question, the AFP confirmed.
The journalist in question has not been advised that their metadata was breached, with the AFP adding that it is "extremely rare" that journalists' metadata is needed or accessed for investigations.
As a result of the breach, the AFP said it has tightened its internal practices and procedures, made "significant changes", and enhanced and raised the level of authorisation required to access data of this type, and those who can approve access to data of this type.
It has also increased mandatory training for investigators and officers on their obligations under the Act; however, there will be no action taken against the officer involved in the breach.
In a review of its systems, the AFP said it discovered no further breaches that have occurred; however, the Commonwealth Ombudsman will launch its own audit of the AFP's processes and compliance next Friday.
The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015, passed by the Australian government in March 2015, came into effect in October 2015 and sees customers' call records, location information, IP addresses, billing information, and other data stored for two years by telecommunications carriers, accessible without a warrant by law-enforcement agencies.
However, then-Prime Minister Tony Abbott agreed, prior to the law's passage, to insert an amendment that will require law-enforcement agencies to obtain a warrant for access to journalists' metadata.
"I have decided that a further amendment be moved that will require agencies to obtain a warrant in order to access a journalist's metadata for the purpose of identifying a source," Abbott said at the time.
"The government does not believe that this is necessary, but is proposing to accept it to expedite the Bill."
The federal government earlier this year finally passed data breach notification laws during its third attempt in February, making it mandatory for Australians to be alerted of their data being inappropriately accessed.