Telstra customers gain access to own metadata from next month

Customers of Telstra will be able to request the same metadata that law-enforcement agencies are able to access, the telco has said.
Written by Chris Duckett, Contributor

From April 1, Telstra customers will be able to access metadata that the telco is keeping on them for a fee that is expected to begin at AU$25.

"We believe that if the police can ask for information relating to you, you should be able to as well," Telstra said in its announcement.

Users will be able to lodge metadata requests via an online form, with costs depending on the size of the request. Telstra said that a "simple" request will cost AU$25, with larger requests to be billed on a per-hour basis.

"This is the same practice of cost recovery that is applied to requests from law-enforcement agencies," the telco said.

"This new approach is all about giving you a clearer picture of the data we provide in response to lawful requests today."

The move by Australia's dominant telco follows recommendations made last week in the advisory report from the Joint Parliamentary Committee on Intelligence and Security on changes to the Telecommunications Act involving metadata retention, one of which is to allow customers to access their metadata.

In its other recommendations, the committee backed the establishment of a two-year period for metadata retention; the government making a "substantial contribution" to the costs of creating the regime; and the data set to be retained and agencies able to access the metadata being set in legislation.

The committee recommended that telcos be mandated to encrypt any metadata retained, and, in the event of a security breach of a metadata store, the telco would be compelled to provide notification of such an event.

"The committee considers that a mandatory data breach-notification scheme would provide a strong incentive for service providers to implement robust security measures to protect data retained under the data-retention regime," the report said.

The committee recommended that breach-notification be in place by the end of 2015, prior to the start of the retention scheme.

Editorial standards