Telstra, Optus, Vodafone and eight other Australian telcos failed to comply with their customer data obligations that support key emergency services, according to the Australian Communications and Media Authority.
ACMA found the 11 telcos failed to, or had provided inaccurate data to the Integrated Public Number Database (IPND), which supports the emergency call service (Triple Zero), the emergency alert system, and law enforcement and national security agencies.
The eight other telcos were AAPT, Agile Communications, Chime Communications, PowerTel, Primus Telecommunications, Symbio Networks, TransACT Communications and TransACT Capital Communications.
“While the ACMA is not aware of any specific instances of harm caused by the missing or inaccurate information, the scale of the issue and its potential impact on emergency services is very concerning,” ACMA chair Nerida O’Loughlin said.
“The ACMA has taken steps to ensure telcos prioritise remediation of their records and that the underlying causes of the breaches are identified and addressed.”
ACMA did not reveal specific numbers, but said the majority of the breaches concerned Optus, Telstra and Vodafone.
Telcos are mandated by the Telecommunications Act to provide specific customer information, including phone numbers and addresses to the IPND in an effort to improve the quality of its data. They face penalties of up to $10 million for failing to comply with the remedial directions, and up to $250,000 for the directions to comply.
ACMA said the telcos directed to undertake independent audits of their processes, conduct data reconciliations and comply with the IPND code. Optus, Telstra and Symbio have also been directed to address outstanding missing and inaccurate records.
“We’ll be looking very closely at the reconciliations and independent audit results and will consider further action if needed,” O’Loughlin said.