Protecting Information Rights – Advancing Information Policy

Phone iconCONTACT US: 1300 363 992
 
We're now a part of the Office of the Information Commissioner. Go to www.oaic.gov.au to find out more.

Site Changes

Types

Topic(s): Telecommunications
 

Enhanced Mobile Location Information for the Emergency Call Service; Submission to ACMA consultation on a Proposal to Amend the Telecommunications (Emergency Call Service) Determination 2009 (June 2010)

document icon pdf (460.59 KB)


Key recommendations

The Office of the Privacy Commissioner welcomes the opportunity to provide feedback on the proposed amendments the Telecommunications (Emergency Call Service) Determination 2009.

The Office supports the ACMA's proposal that mobile location information will only be transferred on request - a ‘pull' model rather than a ‘push' model.  The Office's main suggestions for ensuring that privacy is protected in the new system are that the ACMA:

  • works with state agencies to develop a uniform approach for state emergency services organisations handling mobile location information they receive in the course of their functions and activities
  • ensures that all participating entities are covered by the Privacy Act. If entities are small businesses, the ACMA could require them (in the terms of the determination) to opt-in to coverage of the Privacy Act under section 6EA
  • develops a clear and specific statement of purpose for the collection, use and disclosure of mobile location information for this initiative, to ensure reasonable limits on the handling of the information
  • considers security options such as:
    • ensuring personal information cannot be intercepted during transmission as far as possible
    • ensuring personal information is stored securely at various steps in the process (we note that the ACMA is proposing firewalls at a number of the key transmission points)
    • whether it is practicable to store location information in the system without identifying information (for example, removing details that may reveal the identity of the caller)
    • maintaining audit logs of those who access information held in the system (for example, anyone who accesses the Eclips database)
    • establishing a system by which the initiative is monitored for compliance with privacy obligations
  • conducts a privacy impact assessment on its proposal.

Office of the Privacy Commissioner 

1. The Office of the Privacy Commissioner (the Office) is an independent statutory body whose purpose is to promote and protect privacy in Australia. The Office, established under the Privacy Act 1988 (Cth) (the Privacy Act), has responsibilities for the protection of individuals' personal information that is handled by Australian and ACT Government agencies, and personal information held by all large private sector organisations, health service providers and some small businesses.

Introduction

2. Our Office welcomes the opportunity to comment on the Australian Communications and Media Authority's (ACMA) paper on Enhanced mobile location information for the Emergency Call Service. The paper outlines a proposal to amend the 2009 Emergency Call Service Determination to make it mandatory for mobile carriers to provide location information they have in association with a call to an emergency call service. We understand that this seeks to address both the rise in the number of calls made to emergency services by mobile phones and the difficulty, in some cases, of working out the caller's location.

3. The Office supports the ‘pull' system proposed by the ACMA in the consultation paper. As our Office understands it, this will mean that mobile location information is not automatically forwarded by mobile carriers to emergency call services but that the information will only be provided on request. This approach accords with the core principles of the Privacy Act that personal information should only be collected, used and disclosed when necessary and for a clear purpose.

4. This submission responds specifically to question two of the paper: ‘What arrangements would be appropriate to protect individual privacy under the proposed model?'

5. We have also set out how the Privacy Act is likely to apply to participants in the proposed initiative. However, we would suggest that the ACMA undertakes a privacy impact assessment to more fully assess legislative privacy obligations and options for enhancing privacy protections.

Mobile location information and privacy

6. Location detection technologies have the potential to reveal information about individuals that they may expect to remain private. For example, location data could potentially reveal a person's:

  • daily movements and behaviour
  • place of residence and the places the individual often stays at or visits
  • place of work
  • health service or other service provider
  • consumer preferences and social activities.

7. This information has the potential to be misused if collected needlessly, held insecurely or disclosed carelessly. More generally, the information could be used to draw conclusions about the individual that they may prefer to keep private. As location detection technologies become more sophisticated and converge with other technologies, other risks may arise in relation to privacy of personal information.

8. Of course, privacy considerations need to be balanced against other public interests, including the public interest in ensuring that emergency service organisations are able to perform their duties with minimal obstruction. We believe that it is possible to achieve the outcomes of emergency services organisations while still respecting the privacy of individuals.

9. In establishing a system that allows for the collection and use of mobile location information, the ACMA should attempt to make sure there are no weak links in the chain that allow for personal information to be breached or misused. We have made suggestions for enhancing privacy protections below.

Key privacy considerations

Application of the Privacy Act

10. The Privacy Act regulates the handling of personal information by setting out privacy principles and providing a system for complaint handling. Assessing the application of the Privacy Act is important in determining whether organisations will be complying with certain standards of information handling when they participate in the initiative and whether individuals will have options for redress (a complaint investigation by the Privacy Commissioner) if things go wrong. We note that in some cases, the Telecommunications Industry Ombudsman may also offer an avenue for individuals wishing to make a complaint.

11. All private sector organisations with an annual turnover greater than $3 million and some small businesses will be covered by the Privacy Act. In the telecommunications sector, all large carriers and carriage service providers will be covered by the Privacy Act. Telecommunications service providers are also covered by the Telecommunications Act 1997, part 13 of which provides protections for the confidentiality of telecommunications information. Section 275A of the Telecommunications Act specifies that part 13 applies to location information associated with mobile phone handsets.

12. The Privacy Act sets out ten National Privacy Principles (NPPs) that organisations covered by the Act must comply with. These relate to collection, use and disclosure, data quality, data security and so on of personal information. Personal information is defined in the Act as ‘information or an opinion ..., whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent or can be reasonably ascertained, from the information.'

13. Some mobile location information, where it is not associated with other identifying information, may not be personal information for the purposes of the Act. However, it is important to note that if the identity of the individual can be figured out from the information (even if it is not immediately apparent) then the Privacy Act will apply.

14. We understand that there will be three main participants in this initiative:

  • mobile carriers
  • emergency call persons and
  • emergency service organisations.

Mobile carriers and emergency call persons

15. Mobile carriers will be covered by the Privacy Act where their annual turnover exceeds $3 million. The emergency call person is the person that connects the caller to the appropriate emergency service organisation. We understand that this role is played by Telstra (for calls made to Triple Zero and 112) and the Australian Communication Exchange (ACE) (for the 106 text service for people with a hearing or speech impairment). Telstra and the ACE are covered by the Privacy Act.

16. Some of the key principles that will apply to these organisations' participation in the initiative will be:

  • NPP 2 Use and disclosure: only using mobile location information for the purpose it was collected for.
  • NPP 4 Data security: making sure appropriate protections are in place to protect mobile location information from misuse and lose.
  • NPP 4 Data security (retention): taking steps to destroy or permanently de-identify personal information when it is no longer needed. Data should not be retained indefinitely, ‘just in case'.
  • NPP 5 Openness: ensuring their privacy policies clearly explain to individuals how mobile location information is handled during an emergency call.

Emergency service organisations

17. Other than ACT emergency services, state emergency service organisations participating in the initiative will not be covered by the Privacy Act, though their acts and practices may be covered by state and territory privacy laws. However, one or two states do not have a legislative privacy regime in place which means that some state emergency service organisations may not be regulated by privacy law. One option for ensuring adequate privacy protections could be for state emergency service organisations not covered by existing state privacy legislation to be brought under the coverage of the Privacy Act by regulations, allowable under section 6F of the Act.

18. Given the differing state and territory privacy regimes in place, the ACMA may wish to work with state agencies to develop a uniform way for state emergency services organisations to deal with mobile location information they receive in the course of their functions and activities.

Other participating entities

19. We encourage the ACMA to ensure that all participating entities (that are not state agencies covered by existing state privacy legislation) are covered by the Privacy Act. If entities are small businesses, the ACMA could require them (in the terms of the determination) to opt-in to coverage of the Privacy Act under section 6EA.

Setting a clear purpose for collection of location information

20. One of the key principles in the Privacy Act is that organisations should only use personal information for the purpose for which it was collected. There are some circumstances prescribed in the Privacy Act where information can be used for a secondary purpose but these are limited.

21. This principle has the effect of lessening the risk of function creep - where personal information is collected for one purpose and then used for something else which is well beyond the original reason for collection.

22. We suggest that the ACMA develops a clear and specific statement of purpose for the collection, use and disclosure of mobile location information for this initiative to ensure reasonable limits on the handling of personal information. This statement of purpose could appear in amendments to the Emergency Call Service Determination. A statement of this kind would clarify participants' obligations under the Privacy Act. We note that the purpose for collection, use and disclosure of mobile location information is likely to be different according to the role of various organisations in the initiative. A statement of purpose of collection, use and disclosure should reflect this.

System security

23. Under the Privacy Act, organisations must take reasonable steps to protect the personal information they hold from misuse and loss and from unauthorised access, modification or disclosure.

24. For the system proposed by the ACMA, we suggest key security considerations will include:

  • ensuring personal information cannot be intercepted during transmission
  • ensuring personal information is stored securely at various steps in the process (we note that the ACMA is proposing firewalls at a number of the key transmission points)
  • whether it is practicable to store location information in the system without identifying information (for example, removing details that may reveal the identity of the caller)
  • maintaining audit logs of those who access information held in the system (for example, anyone who accesses the Eclips database)
  • establishing a system by which the initiative is monitored for compliance with privacy obligations.

25. The Privacy Act also says that an organisation must take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any use or disclosure allowable under the Act. Moreover, by deleting personal information that is no longer needed, organisations further limit the possibilities of function creep or information security breaches.

Privacy impact assessment

26. The Office advocates organisations and agencies undertaking a privacy impact assessment (PIA) when embarking on a new initiative that involves the handling of personal information. A PIA would allow the ACMA to plot out all the personal information flows of the project and determine how participants will meet their obligations under the Privacy Act with regards to those flows.

27. PIAs also provide an opportunity to evaluate options for use of privacy enhancing technologies in system design to ensure that appropriate protections are built in at the beginning rather than bolted on at the end.

28. The Office has recently released an updated version of its PIA guide which now includes modules for both the public and the private sector. It is available at www.privacy.gov.au/materials/types/download/9509/6590.