Telstra has the ‘honour’ of being the first telco to receive a Direction to Comply with the new TCP Code. It’s part of the two step enforcement process that applies to the Code.
What Telstra did wrong
In 2011, Telstra accidentally allowed personal information about 700,000+ customers to be exposed via the web. The data included names, some addresses and in about 41,000 cases, user names and passwords. Ouch.
That was a breach of the old TCP Code, which also required service providers to guard customer information. ACCC made an adverse finding back in June 2012.
What ACMA did next
Telstra has now been formally directed to comply with the privacy requirement of the 2012 TCP Code. ACMA Chair Chris Chapman explained the regulator’s reasoning very bluntly:
Put simply, if a provider breaches the code, you can expect us to direct it to comply.
What’s it all mean?
Think of a Direction to Comply like a gun being cocked. The next step is to fire. Under the Telecommunications Act, once ACMA has directed a telco to comply with a provision of the Code, any further breach becomes a breach of the Telco Act itself, with penalties of up to $250k applying.
Some service providers mistake TCP Code enforcement process as a ‘toothless’ one because it requires two steps. We’ve already explained why that’s a very unwise belief. The direction to Telstra is just a two page letter, and now the company is exposed to the full range of penalties under the Telecommunications Act in case of any further breach of clause 4.6.3 of the TCP Code.