8 March 2024

Optus fined $1.5 million over large-scale breaches of public safety rules

| Andrew McLaughlin
Join the conversation
1
Optus store

ACMA says Optus failed to upload 200,000 customer numbers to the Integrated Public Number Database. Photo: Optus.

The Australian Communications and Media Authority (ACMA) has fined Optus $1.5 million after the telco was found guilty of “large-scale breaches of public safety rules”.

The fine comes after Optus failed to upload the information of nearly 200,000 customers between January 2021 and September 2023 to the Integrated Public Number Database (IPND).

The IPND is used to provide location information of phone users and to send emergency alerts to emergency services including police, fire and ambulance.

An investigation into Optus was opened by ACMA in November 2023.

READ ALSO ACMA’s strong message to five telcos: Comply with anti-spam rules or face fine

ACMA said the investigation focussed on the telco’s obligations under the Telecommunications (Emergency Call Services) Determination 2019, specifically:

  • To provide assistance to one another (emergency ‘camp-on’)
  • That networks and facilities give an end user access to emergency call services
  • That end users who make an emergency call are given access to the emergency call service
  • To ensure that an emergency call is carried to the relevant termination point for the call
  • To notify the emergency call person as soon as possible about a significant network outage
  • To undertake a welfare check on an end user who made an unsuccessful emergency call during a significant network outage
  • To cooperate with the emergency call person during a disruption to the emergency call service.

ACMA member Samantha Yorke said the ACMA commenced its investigation after a compliance audit indicated Optus had failed to upload data via a supplier, Prvidr Pty Ltd.

“When emergency services are hindered there can be very serious consequences for the safety of Australians,” she said in a release.

“While we are not aware of anyone being directly harmed due to the non-compliance in this case, it’s alarming that Optus placed so many customers in this position for so long.

“Optus cannot outsource its obligations, even if part of the process is being undertaken by a third party,” she added.

“All telcos need to have systems in place that ensure they are meeting their obligations, including having robust oversight and assurance processes for third-party suppliers.”

READ ALSO Small businesses urged to ramp up data security ahead of changes to privacy laws

In addition to the $1,501,000 penalty, ACMA accepted a court-enforceable undertaking from Optus that requires an independent review of its IPND compliance where it uses a third-party data provider, and make any improvements recommended by the review.

Optus has also been formally directed to comply with the IPND industry code.

In a statement, Optus said it accepted that proper audits and checks were not in place to ensure IPND obligations were being met for services it supplied through partner brands.

“We apologise for this and accept that we have not met community expectations,” a company spokesman said.

“Optus has now introduced those audits and checks over its supplier’s performance to ensure this issue is not repeated.

“Optus accepts the ACMA’s findings and has agreed to an enforceable undertaking to complete an independent review of the processes used to manage compliance with our IPND obligations for these partner brands and make any further improvements if required.”

Join the conversation

1
All Comments
  • All Comments
  • Website Comments
LatestOldest

I guess it’s more than the OAIC do/have done following the Optus data “breach” (nearly 18 months and still going with no updates to complainants).

Realistically though 1.5 mil to Optus is nothing and unlikely to dissuade future “oversights”.

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.