The Commonwealth Ombudsman released its annual report of the Telecommunications (Interception and Access) Act 1979 (Cth). This report detailed the inspection of agencies’ records relating to stored communications and access to telecommunications data between 1 July 2020 and 30 June 2021. The investigation discovered a serious lack of compliance by law enforcement agencies, such as the Australian Federal Police, with record-keeping and data storage practices.
The purpose of the Ombudsman is to promote transparency and public accountability by observing whether law enforcement agencies are in compliance with the relevant law. This involves an independent oversight of the agencies’ use of covert and intrusive powers and an investigation into records, policies, and processes. Following the investigation, the Ombudsman made 29 recommendations in relation to 6 agencies. A recommendation refers to a serious compliance issue or an issue on which an agency has not made sufficient progress in implementation. Additionally, the Ombudsman made 386 suggestions for improvement and 116 better practice suggestions to identify potential areas of risk of non-compliance.
Key issues identified during the 2020-21 inspections include:
- improperly stored communications – this includes not keeping records demonstrating that preservation notices were properly given; agencies applying for warrants relating to a victim of a serious contravention; warrants issued by an ineligible authority; agencies’ data vetting and quarantining processes; and the destruction of stored communication.
- telecommunications data – agencies not demonstrating that required considerations were taken into account by authorised officers; data vetting and quality assurance processes; Journalist Information Warrant controls; use and disclosure of data received; meeting record-keeping obligations; and agency training and guidance material.
The Ombudsman saw an increase in compliance-related issues in the 2020-21 report. This may have occurred due to increased scrutiny of data handling laws as well as thorough investigations into agencies’ policies, procedures, and controls. Fortunately, most agencies seemed receptive to the feedback and demonstrated a commitment to building/strengthening their culture of compliance going forward.
For a full reading of the report, see here.