Home & Office

Telstra cops first TCP warning for privacy breach

Telstra is the first telecommunications company in Australia to be given a direction under the new TCP code, following a privacy breach that left customer details exposed for eight months.
Written by Josh Taylor, Contributor

The Australian Communications and Media Authority (ACMA) has issued Telstra a direction to comply with the privacy clause in the Telecommunications Consumer Protection (TCP) code, following a 2011 privacy breach that left the details of 734,000 broadband customers vulnerable.

Telstra's internal tool, prior to it being taken down.
(Screenshot by Michael Lee/ZDNet Australia)

In December last year, Telstra inadvertently exposed customer information online after one of its internal tools was indexed by Google and made public. The tool was designed for Telstra employees to search customer records, but anyone with access to the tool could access information about a Telstra customer's Bundle orders, including their plan, billing account numbers, first and last names, driver's licence number, username and password, as well as notes about their account.

In June this year, ACMA found Telstra to have breached the code, with the tool open to the public for eight months, prior to being discovered by the media and subsequently shut down.

Today, ACMA issued Telstra with the direction to comply with the privacy clause in the TCP code. Although the company has escaped a fine this time, if Telstra is found to breach this clause again, ACMA has the power to take Telstra to court and seek to fine the company for it.

ACMA Chairman Chris Chapman that other telcos can expect a similar direction if they breach the code.

"Put simply, if a provider breaches the code, you can expect us to direct it to comply," he said in a statement. "Given Telstra has pro-actively taken steps to remedy its processes, with a view to preventing such an incident from happening again, a direction with respect to the specific code provision is the appropriate measure."

Telstra also came under fire earlier this year, when it was found to be sending its Next G customers' web-browsing information to a third party company in the United States as part of a planned internet filtering service for parents.

Editorial standards