List of recommendations

Recommendation 1

3.49

The Committee recommends that the administrative guidelines to the Telecommunications and Other Legislation Amendment Bill 2016 be revised to provide comprehensive information, clarity and certainty to industry in a greater range of circumstances. In particular, the revised administrative guidelines should provide further clarity regarding a company’s security obligation in circumstances where:

a company is providing or reselling an over‑the‑top service,

telecommunications infrastructure is used (but not necessarily owned or operated) by the company,

a company’s infrastructure is located in a foreign country, and used to provide services and carry and/or store information from Australian customers, and

a company provides cloud computing and cloud storage solutions.

The Committee considers that inclusion of this additional information should be finalised prior to the conclusion of the 12 month implementation period.

Recommendation 2

3.53

The Committee recommends the Telecommunications and Other Legislation Amendment Bill 2016 be amended to clarify that, in circumstances where a broadcaster is exempt from being treated as a carriage service provider under the Telecommunications Act 1997, they are also not intended to be subject to the obligations set out in the Bill.

Recommendation 3

4.33

The Committee recommends that the Attorney-General’s Department works collaboratively with industry to ensure effective and regular information‑sharing, in particular sharing threat information with industry, leveraging existing mechanisms where possible.

These information-sharing mechanisms should ensure industry receives timely and tailored threat information to aid industry compliance.

The Committee considers that these processes should be finalised prior to the conclusion of the 12 month implementation period.

Recommendation 4

4.45

The Committee recommends that the administrative guidelines to the Telecommunications and Other Legislation Amendment Bill 2016 be expanded to provide greater detail about the existing list of notifiable items.

This could be achieved, for example, by listing the sorts of changes that are envisaged to not require notification to the Communications Access Co‑ordinator (CAC), as well as providing more detailed information about the sorts of changes that do require notification to the CAC.

The Committee considers that inclusion of this additional information should be finalised prior to the conclusion of the 12 month implementation period.

Recommendation 5

4.58

The Committee recommends that the Telecommunications and Other Legislation Amendment Bill 2016 be amended to outline the application process for exemptions from notification requirements. The Bill should clarify that:

carriers and nominated carriage service providers may request the Communications Access Co-ordinator (CAC) to provide either a partial or complete exemption from the notification requirement in relation to certain types of changes, and

the CAC may vary or revoke exemptions.

Recommendation 6

5.62

The Committee recommends that the Telecommunications and Other Legislation Amendment Bill 2016 be amended to make clear that the Bill does not affect the operation of existing legislated privacy obligations.

Recommendation 7

6.21

The Committee recommends that section 315J of the Telecommunications and Other Legislation Amendment Bill 2016 be amended to specify that the annual report presented to Parliament must include:

the number of occasions the information-gathering powers have been exercised,

the number of notifications and security capability plans received,

regulatory performance measures, including the average response timeframes of the Communications Access Co-ordinator to notifications and the proportion of responses made within the statutory timeframes,

details of the Government’s information-sharing arrangements with industry,

a summary of any feedback or complaints received from stakeholders, and

the number of occasions the directions-powers have been exercised.

The annual report should indicate if trends or issues have emerged in relation to any of the above.

Recommendation 8

6.27

The Committee recommends the Explanatory Memorandum for the Telecommunications and Other Legislation Amendment Bill 2016 be amended to clarify that negotiating in ‘good faith’, as set out in proposed subsection 315B(5), includes whether the Communications Access Co-ordinator has complied with the applicable statutory timeframes.

This would make it clear that the Attorney-General will take into account whether the Communications Access Co-ordinator responded to any relevant notifications or security capability plans received from industry within the applicable statutory timeframe, prior to issuing a direction.

Recommendation 9

6.28

The Committee recommends that the Explanatory Memorandum to the Telecommunications and Other Legislation Amendment Bill 2016 be amended to outline the avenues available for industry to recover reasonable costs in circumstances where:

the Communications Access Co-ordinator has not responded within the statutory timeframe to the carrier or nominated carriage service provider (C/NCSP)’s notification of a proposed change, and

the C/NCSP has proceeded with the proposed change on the basis of no response having been received, and

the Attorney-General has subsequently issued a direction relating to the change.

Recommendation 10

6.58

The Committee recommends that, at the time of the review required to be undertaken by the Parliamentary Joint Committee on Intelligence and Security under section 187N of the Telecommunications (Interception and Access) Act 1979, the scope of the review be expanded to include consideration of the security of off-shored telecommunications data that is retained by a service provider for the purpose of the data retention regime.

Recommendation 11

6.61

The Committee recommends that the Telecommunications and Other Legislation Amendment Bill 2016 be amended to include, in relation to data retained under Part 5-1A of the Telecommunications (Interception and Access) Act 1979, a specific obligation within the notification requirement in proposed section 314A to require C/NCSPs to notify the CAC of any new or amended offshoring arrangements.

Recommendation 12

6.64

The Committee recommends that the Telecommunications and Other Legislation Amendment Bill 2016 be amended to require the Parliamentary Joint Committee on Intelligence and Security to review the operation, effectiveness and implications of the reforms, commencing within three years of the Bill receiving Royal Assent. The scope of the review should include:

the security of critical and sensitive data,

the adequacy of information-sharing arrangements between government and industry, and

the adequacy and effectiveness of the administrative guidelines in providing clarity to industry on how it can demonstrate compliance with the requirements set out in the Bill.

Recommendation 13

6.72

The Committee recommends that, subject to the above recommendations being accepted, the Telecommunications and Other Legislation Amendment Bill 2016 be passed.

| Contents |