Media release 26/2013 - 24 April
The Australian Communications and Media Authority has formally warned AAPT Limited after it failed to protect the privacy of its customers’ personal information as required by the Telecommunications Consumer Protections Code (TCP Code).
The ACMA started an investigation following media reports in July 2012 of a security incident involving AAPT customer information being stolen.
The ACMA found that AAPT did not protect the personal information of some of its small business customers whose billing and related personal information it had collected. The personal information was stored in a server offsite managed by a third party, and was the subject of a hacking incident.
‘Consumers need to have confidence that the personal information they give their provider is treated appropriately, and is only accessed by those authorised,’ said ACMA Chairman, Chris Chapman. ‘They also want to know that their details are stored securely with appropriate access restrictions.’
Telecommunications providers are required to comply with the TCP Code and protect their customers’ personal information from unauthorised use or disclosure, ensuring it is dealt with in compliance with all applicable privacy laws. This includes having robust procedures in relation to the storage and security of the personal information in their possession.
Since the incident, AAPT has taken steps to improve its processes and staff awareness of the provider’s policies about information management and privacy to comply with the privacy requirements in the TCP Code.
Given the prompt action taken by AAPT to remedy the breach, the ACMA considers a formal warning is appropriate in the circumstances.
For more information or to arrange an interview please contact: Blake Murdoch, (02) 9334 7817, 0434 567 391 or firstname.lastname@example.org.