Over 150 data retention plans approved without finalised compensation model

The Australian Attorney-General's Department (AGD) has received a total of 347 implementation plans or applications for exemptions and variations from organisations having to set up systems to be compliant with the nation's mandatory warrantless data-retention scheme.

The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015, passed by both the ruling Coalition and nominal opposition Labor party in March 2015, came into effect in October. It will see customers' call records, location information, IP addresses, billing information, and other data stored by telecommunications providers for two years, accessible without a warrant by law-enforcement agencies.

AGD told Senate Estimates on Thursday it was working with industry to achieve compliance by April 13, 2017.

"As of 27th April, we received implementation plans and some applications for exemptions and variations from 347 providers. We've notified 343 of those of decisions on their applications, and there have been 155 implementation plans approved," First Assistant Secretary in AGD's National Security Division, Sarah Chidgey, said.

In January, the government announced a grants program to divide AU$128.4 million between telcos and internet service providers to cover the one-off cost of ensuring compliance.

The department said it had received 210 applications for grants, with four applications withdrawn on the basis the companies applying did not have data retention obligations.

Katherine Jones, Deputy Secretary of the National Security and Emergency Management Group, told Estimates the department was yet to hand out any grants.

"We're still processing the applications and finalising the funding model, the detailed elements, so no funding has actually been allocated yet," Jones said.

"There's no expectation that every applicant will receive the total amount that they have sought because the government's program was a substantial contribution to their costs, not the total cost."

The department would not be drawn on which telecommunications providers had working data-retention schemes, as it could be regarded as a breach of privacy.

Despite the industry unleashing its anger on AGD last year, Attorney-General George Brandis maintained a "spirit of cooperation" surrounded data-retention, and he saw no reason why industry would not be compliant by the April 13, 2017 deadline.

"Industry has been cooperative, and this has been a cooperative process ... undergirded by legal obligations, we've got no reason to believe that spirit of cooperation won't continue," Brandis said.

"I think obeying the law is something all good corporate citizens do."

Last month, the Communications Alliance said the risk of bankruptcy is preventing smaller ISPs from meeting their data retention compliance obligations.

"Many service providers -- particularly smaller operators -- have told us that they are doing very little or nothing to build their compliance capabilities at the moment," Communications Alliance CEO John Stanton said.

"Who can blame them -- if they start investing in new systems now, without knowing how much of that investment will remain unfunded once the subsidies arrive, they are putting themselves at risk of bankruptcy.

"Other operators have been investing in compliance measures, but are doing so in an ongoing climate of uncertainty."

Stanton said earlier in April the government had yet to call upon its industry working group to decide how to distribute the AU$128 million in compensation to telcos for complying with data-retention legislation.