The Privacy Commissioner’s office has extended the deadline for comment on its proposals for a “telecommunications information privacy code” to allow the major telecommunications companies to have their say.
Principles for such a code have been under discussion between the commissioner and telecommunications companies since 1997, having originally been suggested by the telcos.
The current draft code mostly reinforces the standard requirements of the Privacy Act as they would apply to telecommunications — customer information should be obtained directly from the customer and should not be reused for other purposes, and the customer should have the right to examine and correct information held about him or her.
One possible sticky point, particularly for internet service providers — who appear to fall under the class “telecommunications agency” as defined in the code — is a provision covering information that can be collected from the customer. This, the code says, should be limited to information on the location of the subscriber’s connection and call-time and data volume information necessary for accounting.
Most ISPs deny collecting any other information relating to a user’s activity on the internet, but TelstraSaturn subsidiary Paradise Net, for one, states specifically in its terms and conditions that it will “monitor [users’] usage of the system if necessary for the purpose of ensuring use of the system is in accordance with the terms and conditions stated here”. These terms include unlawful use of intellectual property, hacking and spam.
Clear’s manager of industry and regulatory affairs, Grant Forsyth, says it, TelstraSaturn and Vodafone are working together on their response to the code.
The Privacy Commissioner’s proposed code also places controls on the collection of information under section 103 of the Telecommunications Act, dealing with the monitoring and recording of telecommunications to ensure reliability and integrity of the network and for training of employees. This information should be used only for those designated purposes and should be destroyed as soon as the recording no longer serves its purpose, the code says. If a recording is made of a call involving an identifiable person, that person should be “specifically made aware that such a recording is being made” and should consent to its being made.
The telcos have proposed watering down the provision requiring identifiable callers to be informed of any recording of calls to a blanket advisory that calls “may be” recorded.
Forsyth says Clear and ClearNet do not monitor content to ensure compliance with terms and conditions, and agrees that such a provision in other ISPs’ conditions may be “problematical” in light of the code.
Xtra refers questions to Telecom, where spokeswoman Mary Parker says Telecom is “reviewing” the code.
Ihug director Tim Wood said last week he had been unaware of the code, but is following it up.