Last week, the Attorney-General’s Department revealed it had just no way of knowing whether the data stored as part of the mandatory data retention regime was actually being stored in Australia. One concerned constituent wrote to her local Senator, Eric Abetz, about this matter, and in a generalised response — where it is clear Abetz has sought advice from the department — Abetz talked about the current legislation rather than the data retention scheme, and said that not forcing companies to keep data in Australia was about “flexibility”:
“The Bill does not specify where or how data must be stored. The amendments support a risk-based approach to managing national security concerns to the telecommunications sector, while also retaining flexibility in decision making for industry.
The continually changing nature of this environment necessitates the need for industry to innovate and be flexible to support their changing needs and with minimal but sensible regulatory burden.”
ISP iiNet, back in the day when it was a company fighting for the interests of its customers rather than for TPG’s bottom line, suggested that if there were no restriction on where the data had to be stored, it would go for the cheapest option in China. At least now if there is a data breach they will have to inform us.
Crikey is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while we review, but we’re working as fast as we can to keep the conversation rolling.
The Crikey comment section is members-only content. Please subscribe to leave a comment.
The Crikey comment section is members-only content. Please login to leave a comment.