Optus has scaled back its estimate on the cost it will incur in being forced to retain customer data for at least two years for law enforcement, stating that the data set proposed by the Australian government is "workable".
When the government first announced plans to force Australian telecommunications companies to retain an as-yet-undefined set of customer information for two years, Optus reportedly estimated that the cost to set up the system to hold and make available the data to law-enforcement agencies could be up to AU$200 million.
Now that Optus has been negotiating with the government through a working group on the exact set of data to be held, although the set is not publicly known at this point, Optus' vice president of regulatory affairs David Epstein told a parliamentary committee hearing that the proposed scheme is now workable.
"As the likely data set has been more refined, we're certainly a lot more comfortable that we have a workable regime. Our view is that while the costs are substantial [it is] considerably below the upper end of costs speculated about [but] you're still talking about significant amounts of money," he said on Friday.
As with Telstra, Optus is also declining to publicly reveal the costs it will incur, but it has informed PricewaterhouseCoopers of the expected costs.
"We do regard it as commercial-in-confidence. It is difficult to even provide indicative public numbers just because they go to the business processes that are sensitive for our business," Epstein said.
He said it would take Optus at least two years to fully implement the requirements for mandatory data retention should the legislation pass later this year.
Unlike Telstra, Epstein is more relaxed about the possibility of stored data in a centralised location being attractive to hackers.
"If you have a well-defined data set, it makes it relatively easy to design discreet storage, and hopefully be able to segregate it from your main operation systems and your other systems that are more exposed than others. If it is tightly defined and stored in the way we would envisage it, you've probably got an easier design task to protect it," he said.
Epstein said one concern for the telco is that as Optus moves to a softer network that is more software than hardware based, the company may need to maintain legacy systems to comply with data-retention regulations.