Investigations by the Australian Communications Authority (ACA) shows telecommunications customers' information is being sold to other companies for direct marketing.
Acting ACA chairman Dr. Bob Horton said today there was evidence that customer information was being collected by public number directory producers and collated with data drawn from other sources to create consumer 'profiles'.
"Current use of telecommunications customer data appears to go beyond what is allowed under existing legislation," Horton said. "In fact, our investigations indicate that databases are being created and maintained based on information provided by customers to their telecommunications service providers."
Under existing regulations, the personal details of telecommunications customers are collected and stored in the Integrated Public Number Database (IPND) -- an industry-wide database of all listed and unlisted telephone numbers -- and databases used for telephone number directories.
This data can only be used for approved purposes, including the operation of the 000 emergency call service, investigations by law enforcement and national security agencies, providing directory assistance and producing telephone directories.
However, Horton believes these databases are being sold to other companies for direct marketing and other commercial activities. Horton said "In the ACA's opinion, this is not only a breach of existing law but also outside what customers providing personal information expect to happen."
Horton said many telecommunications customers were not specifically warned about all the possible uses and disclosure of their personal information when they provided it to their telecommunications company.
In the discussion paper Who's Got Your Number? Regulating the Use of Telecommunications Customer Information, ACA proposed new measures to prevent unauthorised commercial use of personal data provided by customers to telecommunications companies.
This includes obtaining a customer's consent before disclosing personal information, restricting access to customer information to specific entities, and more tightly specifying how the information can be used.