Keeping records of disclosures under the Telecommunications Act 1997

<!doctype html> <html lang="en"> <head> <title>Keeping records of disclosures under the Telecommunications Act 1997 | OAIC</title>  <meta charset="utf-8"> <meta name="mobile-web-app-capable" content="yes"> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">  <meta name="dcterms.title" content="Keeping records of disclosures under the Telecommunications Act 1997"> <meta name="dcterms.creator" content="OAIC"> <meta name="dcterms.created" content="2022-09-13T11:47:42+10:00"> <meta name="dcterms.modified" content="2024-09-05T13:33:09+10:00"> <meta name="dcterms.issued" content="2023-12-01T08:22:05+11:00"> <meta name="dcterms.format" content="HTML"> <meta name="dcterms.identifier" content="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997">    <meta name="publishedDate" content="1 December 2023"> <meta name="publishedDate_ISO" content="2023-12-01T00:00:00+11:00"> <meta name="description" content="An overview for telecommunication service providers of their obligations to maintain records of disclosures under ss 306 and 306A of the Telecommunications Act 1997." /> <meta name="pdISO" content="2023-12-01T00:00:00+11:00" /> <meta name="robots" content="" />  <meta name="chapter-nav" content="no" /> <meta name="chapter-nav-prev" content="" /> <meta name="chapter-nav-next" content="" /> <meta name="chapter-nav-prev-btn-text" content="Previous chapter" /> <meta name="chapter-nav-next-btn-text" content="Next chapter" /> <meta name="background_color" content="chapter-navigation__wrapper--white" />  <meta name="show-related-articles" content="no" /> <meta name="topic" content="Privacy" /> <meta name="contentType" content="" /> <meta name="featuredNews" content="no" /> <meta name="author-name" content="" /> <meta name="author-title" content="" /> <meta name="author-image" content="" />  <meta name="type" content="web" />  <meta name="showFeedbackWidget" content="yes" /> <meta name="showShareWidget" content="yes" />  <meta itemprop="name" content="Keeping records of disclosures under the Telecommunications Act 1997" /> <meta itemprop="description" content="An overview for telecommunication service providers of their obligations to maintain records of disclosures under ss 306 and 306A of the Telecommunications Act 1997." /> <meta itemprop="image" content="" />  <meta name="twitter:card" content="summary" /> <meta name="twitter:site" content="@OAICgov" /> <meta name="twitter:title" content="Keeping records of disclosures under the Telecommunications Act 1997" /> <meta name="twitter:description" content="An overview for telecommunication service providers of their obligations to maintain records of disclosures under ss 306 and 306A of the Telecommunications Act 1997." /> <meta name="twitter:image" content="" />  <meta property="og:title" content="Keeping records of disclosures under the Telecommunications Act 1997" /> <meta property="og:type" content="website" /> <meta property="og:url" content="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997" /> <meta property="og:image" content="" /> <meta property="og:description" content="An overview for telecommunication service providers of their obligations to maintain records of disclosures under ss 306 and 306A of the Telecommunications Act 1997." /> <meta property="og:site_name" content="OAIC" /> <meta property="article:published_time" content="2023-12-01T08:22:05+11:00" /> <meta property="article:modified_time" content="2024-09-05T13:33:09+10:00" /> <meta property="article:tag" content="" /> <meta name="theme-color" content="#fafafa">  <script src="//cdn-oc.readspeaker.com/script/9755/webReader/webReader.js?pids=wr" type="text/javascript" id="rs_req_Init"></script>  <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-PTH9SP3B');</script>   <meta name="google-site-verification" content="sQVHBUKhjuCjBjithPialZYhGQ5SPKwjb1_rY8OqsjA" /> <link rel="stylesheet" href="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/main.css?h=06ed308"> <link rel="stylesheet" href="https://www.oaic.gov.au/__data/assets/css_file/0024/240585/custom.css?v=0.1.202">  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css"> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap" rel="stylesheet">  <link rel="shortcut icon" href="https://www.oaic.gov.au/__data/assets/image/0016/14182/favicon-32x32.png"> <link rel="apple-touch-icon" href="https://www.oaic.gov.au/__data/assets/image/0015/14181/apple-touch-icon.png">  </head> <body class="inside">  <section class="cookie-banner" aria-labelledby="cookie-heading"> <h2 class="visuallyhidden" id="cookie-heading">We use cookies on this site</h2> <div class="cookie-banner__content"> <div> <p>We use cookies to analyse traffic and to improve your browsing experience on our website. To find out more, read our <a href="https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/plans-policies-and-procedures/privacy-policy">privacy policy</a>.</p> </div> <button class="cookie-banner__close primary-button" id="close-cookie-banner" aria-label="Close and accept cookie policy">Close</button> </div> </section>   <div class="skip-to-content"> <a href="#main-content-area" class="skip-to-content__link visuallyhidden focusable">Skip to main content</a> </div>  <div class="page-wrapper">     <header class="site-header"> <div class="utility-nav"> <div class="utility-nav__wrapper"> <a href="/news" class="utility-nav__link ">News</a> <a href="/about-the-OAIC/join-our-team" class="utility-nav__link ">Join our team</a> <a href="/contact-us" class="utility-nav__link ">Contact us</a> </div> </div> <div class="header-content"> <a href="https://www.oaic.gov.au" class="header-logo"> <img src="https://www.oaic.gov.au/__data/assets/file/0020/13664/oaic-header-logo.svg" alt="OAIC - Australian Government - Office of the Australian Information Commissioner"> </a> <button class="mobile-menu" aria-controls="header-nav" aria-expanded="false"> <img class="menu-icon menu-icon--burger" src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/hamburger-menu.svg" alt="open menu"> <img class="menu-icon menu-icon--close" src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/cancel-icon-white.svg" alt="close menu"> </button> <div class="search-container search-container--header"> <form class="input-form" action="https://www.oaic.gov.au/search" data-action="https://www.oaic.gov.au/search?SQ_ASSET_CONTENTS_RAW"> <input name="query" autocomplete="off" id="autoComplete" placeholder="Search…" class="search-box" aria-label="Search input" data-autocomplete-endpoint="https://dxp-au-search.funnelback.squiz.cloud/s/suggest.json?collection=113e9365-ffcc-4320-a995-5c1b98bea3bb~sp-oaic-web-new&profile=auto-completion-global&fmt=json%2B%2B&alpha=0.5&show=10"> <input type="hidden" name="form" value="result"> <button type="button" id="clear-text-btn" class="cancel-logo" aria-label="Clear text"> <img src="https://www.oaic.gov.au/__data/assets/file/0022/13666/cancel-icon.svg" alt="clear text cancel icon"> </button> <button type="submit" aria-label="Submit search"> <img class="search-icon" src="https://www.oaic.gov.au/__data/assets/file/0023/13667/search-outline.svg" alt="search icon thst submits form"> </button> </form> </div> <div id="header-nav" class="header-nav"> <nav class="header-nav__nav"> <div class="header-nav__item"> <a href="https://www.oaic.gov.au" class="header-nav__link " > Home </a> </div> <div class="header-nav__item"> <button class="header-nav__button current" aria-expanded="false" > Privacy <div class="header-nav__mobile-toggle"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-plus-white.svg" class="icon-plus" alt="expand menu"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-plus-white.svg" class="icon-minus" alt="collapse menu"> </div> <div class="header-nav__desktop-toggle"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/chevron-down-white.svg" alt="expand menu"> </div> </button> <div class="header-nav__sub"> <div class="header-nav__sub-wrapper"> <div class="header-nav__sub-first"> <a href="https://www.oaic.gov.au/privacy" class="header-nav__sub-link"> Privacy </a> </div> <div class="header-nav__sub-grid"> <a href="https://www.oaic.gov.au/privacy/your-privacy-rights" class="header-nav__sub-link"> Your privacy rights </a> <a href="https://www.oaic.gov.au/privacy/privacy-complaints" class="header-nav__sub-link"> Privacy complaints </a> <a href="https://www.oaic.gov.au/privacy/australian-privacy-principles" class="header-nav__sub-link"> Australian Privacy Principles </a> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies" class="header-nav__sub-link"> Privacy guidance for organisations and government agencies </a> <a href="https://www.oaic.gov.au/privacy/notifiable-data-breaches" class="header-nav__sub-link"> Notifiable data breaches </a> <a href="https://www.oaic.gov.au/privacy/privacy-legislation" class="header-nav__sub-link"> Privacy legislation </a> <a href="https://www.oaic.gov.au/privacy/privacy-assessments-and-decisions" class="header-nav__sub-link"> Privacy assessments and decisions </a> <a href="https://www.oaic.gov.au/privacy/privacy-registers" class="header-nav__sub-link"> Privacy registers </a> </div> </div> </div> </div> <div class="header-nav__item"> <button class="header-nav__button " aria-expanded="false" > Freedom of information <div class="header-nav__mobile-toggle"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-plus-white.svg" class="icon-plus" alt="expand menu"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-plus-white.svg" class="icon-minus" alt="collapse menu"> </div> <div class="header-nav__desktop-toggle"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/chevron-down-white.svg" alt="expand menu"> </div> </button> <div class="header-nav__sub"> <div class="header-nav__sub-wrapper"> <div class="header-nav__sub-first"> <a href="https://www.oaic.gov.au/freedom-of-information" class="header-nav__sub-link"> Freedom of information </a> </div> <div class="header-nav__sub-grid"> <a href="https://www.oaic.gov.au/freedom-of-information/your-freedom-of-information-rights" class="header-nav__sub-link"> Your freedom of information rights </a> <a href="https://www.oaic.gov.au/freedom-of-information/how-to-access-government-information" class="header-nav__sub-link"> How to access government information </a> <a href="https://www.oaic.gov.au/freedom-of-information/freedom-of-information-guidance-for-government-agencies" class="header-nav__sub-link"> Freedom of information guidance for government agencies </a> <a href="https://www.oaic.gov.au/freedom-of-information/freedom-of-information-legislation-and-determinations" class="header-nav__sub-link"> Freedom of information legislation and determinations </a> <a href="https://www.oaic.gov.au/freedom-of-information/information-commissioner-decisions-and-reports" class="header-nav__sub-link"> Information Commissioner decisions and reports </a> <a href="https://www.oaic.gov.au/freedom-of-information/freedom-of-information-statistics-for-the-oaic" class="header-nav__sub-link"> Freedom of information statistics for the OAIC </a> </div> </div> </div> </div> <div class="header-nav__item"> <button class="header-nav__button " aria-expanded="false" > Consumer Data Right <div class="header-nav__mobile-toggle"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-plus-white.svg" class="icon-plus" alt="expand menu"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-plus-white.svg" class="icon-minus" alt="collapse menu"> </div> <div class="header-nav__desktop-toggle"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/chevron-down-white.svg" alt="expand menu"> </div> </button> <div class="header-nav__sub"> <div class="header-nav__sub-wrapper"> <div class="header-nav__sub-first"> <a href="https://www.oaic.gov.au/consumer-data-right" class="header-nav__sub-link"> Consumer Data Right </a> </div> <div class="header-nav__sub-grid"> <a href="https://www.oaic.gov.au/consumer-data-right/information-for-consumers" class="header-nav__sub-link"> Information for consumers </a> <a href="https://www.oaic.gov.au/consumer-data-right/consumer-data-right-complaints" class="header-nav__sub-link"> Consumer Data Right complaints </a> <a href="https://www.oaic.gov.au/consumer-data-right/consumer-data-right-guidance-for-business" class="header-nav__sub-link"> Consumer Data Right guidance for business </a> <a href="https://www.oaic.gov.au/consumer-data-right/consumer-data-right-legislation,-regulation-and-definitions" class="header-nav__sub-link"> Consumer Data Right legislation, regulation and definitions </a> <a href="https://www.oaic.gov.au/consumer-data-right/consumer-data-right-assessments" class="header-nav__sub-link"> Consumer Data Right assessments </a> </div> </div> </div> </div> <div class="header-nav__item"> <a href="https://www.oaic.gov.au/digital-id" class="header-nav__link " > Digital ID </a> </div> <div class="header-nav__item"> <button class="header-nav__button " aria-expanded="false" > Engage with us <div class="header-nav__mobile-toggle"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-plus-white.svg" class="icon-plus" alt="expand menu"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-plus-white.svg" class="icon-minus" alt="collapse menu"> </div> <div class="header-nav__desktop-toggle"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/chevron-down-white.svg" alt="expand menu"> </div> </button> <div class="header-nav__sub"> <div class="header-nav__sub-wrapper"> <div class="header-nav__sub-first"> <a href="https://www.oaic.gov.au/engage-with-us" class="header-nav__sub-link"> Engage with us </a> </div> <div class="header-nav__sub-grid"> <a href="https://www.oaic.gov.au/engage-with-us/consultations" class="header-nav__sub-link"> Consultations </a> <a href="https://www.oaic.gov.au/engage-with-us/submissions" class="header-nav__sub-link"> Submissions </a> <a href="https://www.oaic.gov.au/engage-with-us/translations" class="header-nav__sub-link"> Translations </a> <a href="https://www.oaic.gov.au/engage-with-us/events" class="header-nav__sub-link"> Events </a> <a href="https://www.oaic.gov.au/engage-with-us/networks" class="header-nav__sub-link"> Networks </a> <a href="https://www.oaic.gov.au/engage-with-us/research-and-training-resources" class="header-nav__sub-link"> Research and training resources </a> </div> </div> </div> </div> <div class="header-nav__item"> <button class="header-nav__button " aria-expanded="false" > About the OAIC <div class="header-nav__mobile-toggle"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-plus-white.svg" class="icon-plus" alt="expand menu"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-plus-white.svg" class="icon-minus" alt="collapse menu"> </div> <div class="header-nav__desktop-toggle"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/chevron-down-white.svg" alt="expand menu"> </div> </button> <div class="header-nav__sub"> <div class="header-nav__sub-wrapper"> <div class="header-nav__sub-first"> <a href="https://www.oaic.gov.au/about-the-OAIC" class="header-nav__sub-link"> About the OAIC </a> </div> <div class="header-nav__sub-grid"> <a href="https://www.oaic.gov.au/about-the-OAIC/what-we-do" class="header-nav__sub-link"> What we do </a> <a href="https://www.oaic.gov.au/about-the-OAIC/who-we-are" class="header-nav__sub-link"> Who we are </a> <a href="https://www.oaic.gov.au/about-the-OAIC/join-our-team" class="header-nav__sub-link"> Join our team </a> <a href="https://www.oaic.gov.au/about-the-OAIC/access-our-information" class="header-nav__sub-link"> Access our information </a> <a href="https://www.oaic.gov.au/about-the-OAIC/our-regulatory-approach" class="header-nav__sub-link"> Our regulatory approach </a> <a href="https://www.oaic.gov.au/about-the-OAIC/our-corporate-information" class="header-nav__sub-link"> Our corporate information </a> <a href="https://www.oaic.gov.au/about-the-OAIC/information-policy" class="header-nav__sub-link"> Information policy </a> <a href="https://www.oaic.gov.au/about-the-OAIC/serving-legal-documents-on-the-australian-information-commissioner" class="header-nav__sub-link"> Serving legal documents on the Australian Information Commissioner </a> </div> </div> </div> </div> <div class="header-nav__item header-nav__item--mobile-only"> <a href="/news" class="header-nav__link">News</a> </div> <div class="header-nav__item header-nav__item--mobile-only"> <a href="/about-the-OAIC/join-our-team" class="header-nav__link">Join our team</a> </div> <div class="header-nav__item header-nav__item--mobile-only"> <a href="/contact-us" class="header-nav__link">Contact us</a> </div> </nav> </div> </div> </header> <div class="nav-close-overlay"></div>   <main class="main"> <div class="breadcrumb__wrapper"> <div class="section "> <div class="section-item flex-box "> <div class="breadcrumb breadcrumb--separator-chevron"> <nav class="breadcrumb__nav" aria-label="Breadcrumb"> <ul class="breadcrumb__list"> <span class="breadcrumb__list-item"><a href="https://www.oaic.gov.au" class="breadcrumb__list-item-link" aria-label="Go to home page"><svg xmlns="http://www.w3.org/2000/svg" version="1.0" viewBox="0 0 50 50" height="24" width="24"><path d="M25 9.0937 7.281 25.3747h5.563v15.531h24.312v-15.531h5.563L25 9.0937z" fill="currentColor"></path></svg></a></span> <li class="breadcrumb__list-item"> <a class="breadcrumb__list-item-link" href="https://www.oaic.gov.au/privacy">Privacy</a> </li> <li class="breadcrumb__list-item"> <a class="breadcrumb__list-item-link" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies">Privacy guidance for organisations and government agencies</a> </li> <li class="breadcrumb__list-item"> <a class="breadcrumb__list-item-link" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance">More guidance</a> </li> <li class="breadcrumb__list-item"> <a class="breadcrumb__list-item-link" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997">Keeping records of disclosures under the Telecommunications Act 1997</a> </li> </ul> </nav> </div> </div> </div> </div> <div class="content-wrapper"> <div class="lhs-wrapper"> <div class="lhs-nav"> <a href="https://www.oaic.gov.au/privacy" class="lhs-nav__level-1"> Privacy </a> <div class="lhs-nav__nav-wrapper"> <div class="lhs-nav__level-2"> <h4> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies"> Privacy guidance for organisations and government agencies </a> </h4> <button class="lhs-nav__level-2-toggle" aria-expanded="false" aria-label="Expand Level 2 submenu: Privacy guidance for organisations and government agencies"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-plus-white.svg" class="icon-plus" aria-hidden="true" /> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-minus-white.svg" class="icon-minus" aria-hidden="true" /> </button> </div> <ul class="lhs-nav__level-3"> <li class="lhs-nav__level-3-link has-children"> <div class="lhs-nav__level-3-accordion"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/organisations"> Organisations </a> <button class="lhs-nav__level-3-toggle" aria-expanded="false" aria-label="Expand Level 3 submenu: Organisations"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-plus.svg" class="icon-plus" aria-hidden="true" /> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-minus.svg" class="icon-minus" aria-hidden="true" /> </button> </div> <ul class="lhs-nav__level-4"> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/organisations/credit-reporting" class=""> Credit reporting </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/organisations/direct-marketing" class=""> Direct marketing </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/organisations/employee-records-exemption" class=""> Employee records exemption </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/organisations/id-scanners" class=""> ID scanners </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/organisations/opting-in-to-the-privacy-act" class=""> Opting in to the Privacy Act </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/organisations/privacy-for-not-for-profits,-including-charities" class=""> Privacy for not-for-profits, including charities </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/organisations/privacy-management-plan-template" class=""> Privacy management plan template </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/organisations/selling-a-business" class=""> Selling a business </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/organisations/small-business" class=""> Small business </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/organisations/sporting-clubs" class=""> Sporting clubs </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/organisations/start-ups" class=""> Start-ups </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/organisations/tips-for-good-privacy-practice" class=""> Tips for good privacy practice </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/organisations/trading-in-personal-information" class=""> Trading in personal information </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/organisations/guidance-for-edr-schemes-when-handling-complaints-about-notifiable-data-breaches" class=""> Guidance for EDR schemes when handling complaints about notifiable data breaches </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/organisations/tracking-pixels-and-privacy-obligations" class=""> Tracking pixels and privacy obligations </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/organisations/facial-recognition-technology-a-guide-to-assessing-the-privacy-risks" class=""> Facial recognition technology: a guide to assessing the privacy risks </a> </li> </ul> </li> <li class="lhs-nav__level-3-link has-children"> <div class="lhs-nav__level-3-accordion"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/government-agencies"> Government agencies </a> <button class="lhs-nav__level-3-toggle" aria-expanded="false" aria-label="Expand Level 3 submenu: Government agencies"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-plus.svg" class="icon-plus" aria-hidden="true" /> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-minus.svg" class="icon-minus" aria-hidden="true" /> </button> </div> <ul class="lhs-nav__level-4"> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/government-agencies/agency-referee-reports" class=""> Agency referee reports </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/government-agencies/australian-government-agencies-privacy-code" class=""> Australian Government Agencies Privacy Code </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/government-agencies/conducting-surveys" class=""> Conducting surveys </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/government-agencies/guidelines-on-data-matching-in-australian-government-administration" class=""> Guidelines on data matching in Australian Government administration </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/government-agencies/privacy-impact-assessment-register-assessment-program" class=""> Privacy impact assessment register assessment program </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/government-agencies/privacy-code-checklist" class=""> Privacy Code checklist </a> </li> </ul> </li> <li class="lhs-nav__level-3-link "> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/guidance-on-privacy-and-developing-and-training-generative-ai-models"> Guidance on privacy and developing and training generative AI models </a> </li> <li class="lhs-nav__level-3-link "> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/guidance-on-privacy-and-the-use-of-commercially-available-ai-products"> Guidance on privacy and the use of commercially available AI products </a> </li> <li class="lhs-nav__level-3-link has-children"> <div class="lhs-nav__level-3-accordion"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/health-service-providers"> Health service providers </a> <button class="lhs-nav__level-3-toggle" aria-expanded="false" aria-label="Expand Level 3 submenu: Health service providers"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-plus.svg" class="icon-plus" aria-hidden="true" /> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-minus.svg" class="icon-minus" aria-hidden="true" /> </button> </div> <ul class="lhs-nav__level-4"> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/health-service-providers/communications-with-patients" class=""> Communications with patients </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/health-service-providers/data-breach-action-plan-for-health-service-providers" class=""> Data breach action plan for health service providers </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/health-service-providers/guide-to-health-privacy" class=""> Guide to health privacy </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/health-service-providers/individual-healthcare-identifiers" class=""> Individual healthcare identifiers </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/health-service-providers/my-health-record" class=""> My Health Record </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/health-service-providers/privacy-action-plan-for-your-health-practice" class=""> Privacy action plan for your health practice </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/health-service-providers/taking-photos-of-patients" class=""> Taking photos of patients </a> </li> </ul> </li> <li class="lhs-nav__level-3-link has-children"> <div class="lhs-nav__level-3-accordion"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/handling-personal-information"> Handling personal information </a> <button class="lhs-nav__level-3-toggle" aria-expanded="false" aria-label="Expand Level 3 submenu: Handling personal information"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-plus.svg" class="icon-plus" aria-hidden="true" /> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-minus.svg" class="icon-minus" aria-hidden="true" /> </button> </div> <ul class="lhs-nav__level-4"> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/handling-personal-information/anti-money-laundering-obligations" class=""> Anti-money laundering obligations </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/handling-personal-information/centrelink-requests-for-information" class=""> Centrelink requests for information </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/handling-personal-information/dealing-with-requests-for-access-to-personal-information" class=""> Dealing with requests for access to personal information </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/handling-personal-information/dealing-with-requests-for-correction-of-personal-information" class=""> Dealing with requests for correction of personal information </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/handling-personal-information/de-identification-and-the-privacy-act" class=""> De-identification and the Privacy Act </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/handling-personal-information/de-identification-decision-making-framework" class=""> De-identification Decision-Making Framework </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/handling-personal-information/guide-to-securing-personal-information" class=""> Guide to securing personal information </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/handling-personal-information/guide-to-the-privacy-persons-reported-as-missing-rule-2024" class=""> Guide to the Privacy (Persons Reported as Missing) Rule 2024 </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/handling-personal-information/guidelines-for-state-and-territory-governments-creating-nationally-consistent-requirements-to-collect-personal-information-for-contact-tracing-purposes" class=""> Guidelines for state and territory governments: creating nationally consistent requirements to collect personal information for contact tracing purposes </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/handling-personal-information/national-relay-service" class=""> National Relay Service </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/handling-personal-information/posting-photos-and-videos" class=""> Posting photos and videos </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/handling-personal-information/protecting-customers-personal-information" class=""> Protecting customers' personal information </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/handling-personal-information/sending-personal-information-overseas" class=""> Sending personal information overseas </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/handling-personal-information/the-privacy-tax-file-number-rule-2015-and-the-protection-of-tax-file-number-information" class=""> The Privacy (Tax File Number) Rule 2015 and the protection of tax file number information </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/handling-personal-information/transfer-of-financial-adviser-records" class=""> Transfer of financial adviser records </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/handling-personal-information/what-is-personal-information" class=""> What is personal information? </a> </li> </ul> </li> <li class="lhs-nav__level-3-link has-children"> <div class="lhs-nav__level-3-accordion"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/preventing-preparing-for-and-responding-to-data-breaches"> Preventing, preparing for and responding to data breaches </a> <button class="lhs-nav__level-3-toggle" aria-expanded="false" aria-label="Expand Level 3 submenu: Preventing, preparing for and responding to data breaches"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-plus.svg" class="icon-plus" aria-hidden="true" /> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-minus.svg" class="icon-minus" aria-hidden="true" /> </button> </div> <ul class="lhs-nav__level-4"> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/preventing-preparing-for-and-responding-to-data-breaches/data-breach-preparation-and-response" class=""> Data breach preparation and response </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/preventing-preparing-for-and-responding-to-data-breaches/preventing-data-breaches-advice-from-the-australian-cyber-security-centre" class=""> Preventing data breaches: advice from the Australian Cyber Security Centre </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/preventing-preparing-for-and-responding-to-data-breaches/guidance-for-entities-in-preparing-for-and-responding-to-cyber-incidents" class=""> Guidance for entities in preparing for and responding to cyber incidents </a> </li> </ul> </li> <li class="lhs-nav__level-3-link has-children"> <div class="lhs-nav__level-3-accordion"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/privacy-impact-assessments"> Privacy impact assessments </a> <button class="lhs-nav__level-3-toggle" aria-expanded="false" aria-label="Expand Level 3 submenu: Privacy impact assessments"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-plus.svg" class="icon-plus" aria-hidden="true" /> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-minus.svg" class="icon-minus" aria-hidden="true" /> </button> </div> <ul class="lhs-nav__level-4"> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/privacy-impact-assessments/10-steps-to-undertaking-a-privacy-impact-assessment" class=""> 10 steps to undertaking a privacy impact assessment </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/privacy-impact-assessments/assessing-privacy-risks-in-changed-working-environments-privacy-impact-assessments" class=""> Assessing privacy risks in changed working environments: privacy impact assessments </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/privacy-impact-assessments/guide-to-undertaking-privacy-impact-assessments" class=""> Guide to undertaking privacy impact assessments </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/privacy-impact-assessments/privacy-by-design" class=""> Privacy by design </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/privacy-impact-assessments/privacy-impact-assessment-tool" class=""> Privacy impact assessment tool </a> </li> </ul> </li> <li class="lhs-nav__level-3-link has-children"> <div class="lhs-nav__level-3-accordion"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/covid-19"> COVID-19 </a> <button class="lhs-nav__level-3-toggle" aria-expanded="false" aria-label="Expand Level 3 submenu: COVID-19"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-plus.svg" class="icon-plus" aria-hidden="true" /> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-minus.svg" class="icon-minus" aria-hidden="true" /> </button> </div> <ul class="lhs-nav__level-4"> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/covid-19/coronavirus-covid-19-understanding-your-privacy-obligations-to-your-staff" class=""> Coronavirus (COVID-19): understanding your privacy obligations to your staff </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/covid-19/coronavirus-covid-19-vaccinations-understanding-your-privacy-obligations-to-your-staff" class=""> Coronavirus (COVID-19) vaccinations: understanding your privacy obligations to your staff </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/covid-19/covidsafe-reports" class=""> COVIDSafe Reports </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/covid-19/guidance-for-businesses-collecting-personal-information-for-contract-tracing" class=""> Guidance for businesses collecting personal information for contract tracing </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/covid-19/national-covid-19-privacy-principles" class=""> National COVID-19 privacy principles </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/covid-19/privacy-update-on-the-covidsafe-app" class=""> Privacy update on the COVIDSafe app </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/covid-19/retention-and-deletion-of-personal-information-collected-during-covid-19" class=""> Retention and deletion of personal information collected during COVID-19 </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/covid-19/guidance-for-businesses-collecting-covid-19-vaccination-information" class=""> Guidance for businesses collecting COVID-19 vaccination information </a> </li> </ul> </li> <li class="lhs-nav__level-3-link current has-children"> <div class="lhs-nav__level-3-accordion"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance"> More guidance </a> <button class="lhs-nav__level-3-toggle" aria-expanded="false" aria-label="Expand Level 3 submenu: More guidance"> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-plus.svg" class="icon-plus" aria-hidden="true" /> <img src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/mysource_files/icon-minus.svg" class="icon-minus" aria-hidden="true" /> </button> </div> <ul class="lhs-nav__level-4"> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/australian-bushfires-disaster-emergency-declaration-understanding-your-privacy-obligations" class=""> Australian Bushfires Disaster Emergency Declaration: understanding your privacy obligations </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/australian-entities-and-the-european-union-general-data-protection-regulation" class=""> Australian entities and the European Union General Data Protection Regulation </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/emergencies-and-disasters" class=""> Emergencies and disasters </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/guide-to-data-analytics-and-the-australian-privacy-principles" class=""> Guide to data analytics and the Australian Privacy Principles </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/guide-to-developing-an-app-privacy-policy" class=""> Guide to developing an APP privacy policy </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/how-to-develop-an-app-privacy-policy-poster" class=""> How to develop an APP privacy policy (poster) </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/guidelines-for-developing-codes" class=""> Guidelines for developing codes </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/guidelines-for-recognising-external-dispute-resolution-schemes" class=""> Guidelines for recognising external dispute resolution schemes </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/handling-privacy-complaints" class=""> Handling privacy complaints </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997" class="current"> Keeping records of disclosures under the Telecommunications Act 1997 </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/mobile-privacy-a-better-practice-guide-for-mobile-app-developers" class=""> Mobile privacy: a better practice guide for mobile app developers </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/privacy-management-framework-enabling-compliance-and-encouraging-good-practice" class=""> Privacy management framework: enabling compliance and encouraging good practice </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/privacy-public-interest-determination-guide" class=""> Privacy public interest determination guide </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/self-assessment-checklist-privacy-obligations-under-the-data-retention-scheme" class=""> Self-assessment checklist: privacy obligations under the Data Retention Scheme </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/telecommunications-service-providers-obligations-arising-under-the-privacy-act-1988-as-a-result-of-part-5-1a-of-the-telecommunications-interception-and-access-act-1979" class=""> Telecommunications service providers' obligations arising under the Privacy Act 1988 as a result of Part 5-1A of the Telecommunications (Interception and Access) Act 1979 </a> </li> <li class="lhs-nav__level-4-link"> <a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/privacy-considerations-for-financial-services-entities-receiving-data-from-a-carrier-or-carriage-service-provider-under-the-telecommunications-regulations" class=""> Privacy considerations for financial services entities receiving data from a carrier or carriage service provider </a> </li> </ul> </li> </ul> </div> </div> </div> <div class="middle-wrapper">  <div id="main-content-area" class="page-content"> <div class="toc"> <ul class="toc__list"> <li class="toc__heading"> <h2 class="toc-exclude">On this page</h2> </li> </ul> </div> <section class="banner-grey-newsroom__wrapper"> <div class="banner-grey-newsroom__content"> <h1 class="banner-grey-newsroom__title">Keeping records of disclosures under the Telecommunications Act 1997</h1> </div> </section>  <script> if(document.querySelector('.banner-grey-newsroom__wrapper .banner-grey-newsroom__content')) { document.querySelector('.breadcrumb__wrapper').insertAdjacentElement('afterend',document.querySelector('.banner-grey-newsroom__wrapper .banner-grey-newsroom__content').closest(' .banner-grey-newsroom__wrapper')) } </script> <div class="gov-numbered-paragraphs" id="component_21829"> <div><div><div><div>Publication date: 1 February 2016<br />Last updated: 30 November 2023</div></div></div><div><div id="page-content"><h2>Overview</h2><p>This resource provides an overview for telecommunication service providers of their obligations to maintain records of disclosures under ss 306 and 306A of the <em>Telecommunications Act 1997(Telecommunications Act)</em>.</p><p>Generally, the Telecommunications Act prohibits the disclosure of information obtained during the supply of telecommunications services.<sup><a id="ftnref1" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn1">[1]</a></sup> However, both the Telecommunications Act and the <em>Telecommunications (Interception and Access) Act 1979</em> (TIA Act) contain exceptions to this general prohibition that enables telecommunications service providers to disclose information in limited circumstances.</p><p>If a telecommunications service provider discloses information under <a href="#appendix-a-records-of-disclosure-checklist">certain exceptions</a> contained in the Telecommunications Act or the TIA Act, it must create and keep a record of the disclosure. These records must comply with specific requirements contained in ss 306 and 306A of the Telecommunications Act.</p><p>The Office of the Australian Information Commissioner (OAIC) is responsible for monitoring compliance with the record keeping requirements contained in Part 13, Division 5 of the Telecommunications Act.<sup><a id="ftnref2" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn2">[2]</a></sup></p><h2 id="who-needs-to-comply-with-the-record-keeping-requirements">Who needs to comply with the record-keeping requirements?</h2><p>Generally, the ss 306 and 306A record-keeping requirements in the Telecommunications Act apply to ‘eligible persons’.<sup><a id="ftnref3" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn3">[3]</a></sup> An ‘<strong>eligible person</strong>’ includes a carrier, carriage service provider and their respective employees.<sup><a id="ftnref4" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn4">[4]</a></sup></p><p>The record-keeping requirements also apply to ‘<strong>associates</strong>’, which includes a person who performs services for or on behalf of the carrier or carriage service provider.<sup><a id="ftnref5" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn5">[5]</a></sup></p><p>These entities are collectively referred to as ‘<strong>telecommunications service providers</strong>’ in this resource.</p><p>More information about the terms ‘<strong>carrier</strong>’ and ‘<strong>carriage service provider</strong>’ can be found on the Australia Communications and Media Authority’s website at <a href="https://www.acma.gov.au/">www.acma.gov.au</a>.</p><h2 id="when-do-the-record-keeping-requirements-apply">When do the record-keeping requirements apply?</h2><p>Under ss 306 and 306A of the Telecommunications Act, if a telecommunications service provider discloses information in accordance with certain exceptions, it must create a record of the disclosure.</p><p>The exceptions fall into two broad categories: general disclosure exceptions<sup><a id="ftnref6" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn6">[6]</a></sup> and prospective authorisation exceptions<sup><a id="ftnref7" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn7">[7]</a></sup>.</p><h3>General disclosure exceptions</h3><p>The general disclosure exceptions enable telecommunications service providers to disclose information in certain circumstances, including to prevent or lessen a serious threat to the life or health of a person, or if summoned to give evidence or produce documents.</p><p>Telecommunications service providers must create and keep a record of any disclosure made under the following general disclosure provisions:</p><ul><li>ss 280, 281, 284, 286, 287, 288, 289 and 292 of the Telecommunications Act</li><li>ss 180 and 180A of the TIA Act.</li></ul><p>More information about the above general disclosure exceptions can be found at <a href="#table1">Table 1 in Appendix A</a>.</p><h3>Prospective authorisation exceptions</h3><p>The prospective authorisation provisions in the TIA Act generally enable criminal law-enforcement agencies to authorise telecommunications service providers to disclose information or documents that may come into existence during a particular future period of time.<sup><a id="ftnref8" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn8">[8]</a></sup></p><p>Telecommunications service providers must create and keep a record of disclosures made under ss 180 and 180A of the TIA Act (see <a href="#table2">Table 2 at Appendix A</a> for more information).</p><h2>When does the record need to be created?</h2><h3>General disclosure exceptions</h3><p>For general disclosures, records must be created as soon as practicable after the disclosure and, in any event, within five days of the date of disclosure.<sup><a id="ftnref9" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn9">[9]</a></sup></p><p>If an associate makes a disclosure, they must make a record as soon as practicable after the disclosure and, in any event, within five days of the date of disclosure and give that record to the carrier or carriage service provider within five days of making the record.<sup><a id="ftnref10" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn10">[10]</a></sup></p><h3>Prospective authorisation exceptions</h3><p>For prospective authorisations, the record must be created as soon as practicable after the day on which the authorisation ceases to be in force and, in any event, within five days after that date.<sup><a id="ftnref11" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn11">[11]</a></sup></p><p>If an associate makes a disclosure, they must make a record as soon as practicable after the day on which the authorisation ceases to be in force and, in any event, within five days of the day on which the authorisation ceases to be in force and give a copy of that record to the carrier or carriage service provider within five days of make the record.<sup><a id="ftnref12" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn12">[12]</a></sup></p><h2 id="what-information-needs-to-be-included-in-the-record">What information needs to be included in the record?</h2><p>Section 306 and section 306A of the Telecommunications Act sets out the requirements for records of disclosures made on the grounds of a general disclosure exception or a prospective authorisation exception respectively.</p><p>These records may be made, given or retained in either written or electronic form.<sup><a id="ftnref13" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn13">[13]</a></sup></p><p>The requirements of ss 306 and 306A are outlined separately below.</p><h3 id="key-concepts">Records of disclosure – general disclosure exceptions</h3><h4>Name of the person who disclosed the information or document</h4><p>Section 306(5)(a) provides that records of disclosures made under the general disclosure exceptions must set out the name of the person who disclosed the information or document concerned.</p><p>In most cases, the name of the ‘person’ who disclosed the information will be the name of the telecommunications service provider.<sup><a id="ftnref14" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn14">[14]</a></sup> However, there may be some instances where a service provider will need to record the name of the individual who makes the disclosure. For example, s 281 of the Telecommunications Act authorises disclosure of information by a person summoned to give evidence. As only individuals may give evidence in court, in this instance the record of disclosure should identify the name of the individual who made the disclosure.</p><p>As a matter of best practice, the OAIC recommends that records of disclosure include both the name of the telecommunications service provider and the name (or other unique identifier) of the individual who made or actioned the disclosure/s. Telecommunications service providers should also be mindful of their obligations under Australian Privacy Principle (APP) 11, which requires APP entities to take reasonable steps to protect personal information they hold. A reasonable step that entities could take to protect the personal information they hold is to record the employee name (or other unique identifier) on records of disclosures to help identify instances of unauthorised access or disclosure.</p><h4>Date of disclosure</h4><p>Section 306(5)(b) provides that records of disclosures made under the general disclosure exceptions must set out the date of the disclosure.</p><h4>A statement of the grounds for the disclosure</h4><p>Section 306(5)(c) provides that records of disclosures made under the general disclosure exceptions must set out a statement of the grounds for the disclosure. This statement should identity the relevant provision in either the Telecommunications Act or the TIA Act that authorised the disclosure.</p><h4>If the disclosure is required or authorised under a warrant</h4><p>If the disclosure is required or authorised under a warrant and s 280(1)(a) applies to the disclosure, s 306(5)(ca) provides that the record of disclosure must set out the:</p><ul><li>provision of the law under which the warrant was issued</li><li>name of the person who issued the warrant</li><li>date of the issuing of the warrant.</li></ul><h4>If the disclosure is required or authorised by or under law</h4><p>If the disclosure is required or authorised by or under law and s 280(1)(b) applies to the disclosure, s 306(5)(cb) provides that the record of disclosure must set out the provision of the law which required or authorised the disclosure.</p><p>For example, in the event that a notice to produce power was exercised, it would be expected that the telecommunications service provider records the particulars of the notice to produce powers.</p><p>Section 280(1)(a) does not by itself allow the use or disclosure of the information or document, so should be recorded alongside the underlying authorising provision.</p><h4>If the disclosure is made on the grounds of an authorisation under the TIA Act</h4><p>If the disclosure is made on the grounds of an authorisation under the TIA Act (ss 178, 179, 180(3) or 180A), the record of disclosure must set out the:</p><ul><li>name of the person who made the authorisation</li><li>data of making of the authorisation.<sup><a id="ftnref15" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn15">[15]</a></sup></li></ul><p>Under the authorisation provisions in the TIA Act, only an ‘authorised officer’<sup><a id="ftnref16" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn16">[16]</a></sup> from a requesting entity may authorise a telecommunications service provider to disclose information. Consequently, the ‘name of the person’ who made the authorisation should be the name or other identifier of the individual officer from the requesting entity that authorised the disclosure.</p><h4>If the disclosure is not made on the grounds of an authorisation under the TIA Act</h4><p>If the disclosure is not made under an authorisation in the TIA Act, but the disclosure was at the request of another body or person, the record of disclosure must set out the:</p><ul><li>the requesting party’s name</li><li>date of request.<sup><a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn17" name="ftnref17">[17]</a></sup></li></ul><h4>If the disclosure relates to the contents or substance of a communication carried by a carriage service</h4><p>Section 306(5)(f) provides that if the information or document used or disclosed relates to the contents or substance of a communication carried by a carriage service (e.g. telephone, internet or Voice over Internet Protocol (VoIP) services), the record of disclosure must set out the particulars of that carriage service.</p><h4>If the disclosure includes information of a kind specified</h4><p>If the information or document used or disclosed is or includes information of a kind specified in one or more items of the table in s 187AA(1) of the TIA Act,<sup><a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn18" name="ftnref18" title="">[18]</a></sup> the record of disclosure must set out:</p><ul><li>the number of those items</li><li>a description of the content of those items.<sup><a href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn19" name="ftnref19" title="">[19]</a></sup></li></ul><p>Telecommunications service providers should include the applicable item number/s from the table below and a brief description of the content of those items.</p><p>A description of the content of those items means listing the kind of information, for example, ‘name’ and not the actual information such as ‘John’.</p><p>Section 187AA(1) of the TIA Act is set out below and provides the kinds of information that a telecommunications service provider must keep, or cause to be kept, relating to any communication carried by means of the service.</p><p>Telecommunications service providers are not expected to create an additional copy of this information in the record of disclosure.</p><table id="table18905"><caption> Table – s 187AA(1) of the TIA Act – Kinds of information</caption><thead><tr><th id="table18905r1c1">Item</th><th id="table18905r1c2">Topic</th><th id="table18905r1c3"> Description of information</th></tr></thead><tbody><tr><td headers="table18905 caption-topr1c1"> 1 </td><td headers="table18905 caption-topr1c2"> The subscriber of, and accounts, services, telecommunications devices and other relevant services relating to, the relevant service </td><td headers="table18905 caption-topr1c3"><ul><li>Name or address information and any other information used for identification purposes.</li><li>Information relating to any contract, agreement or arrangement relating to the relevant service, or to any related account, service or device.</li><li>Billing or payment information and contact information.</li><li>Identifiers relating to the relevant service or any related account, service or device, being information used by the service provider in relation to the relevant service or any related account, service or device.</li><li>The status of the relevant service, or any related account, service or device.</li></ul></td></tr><tr><td headers="table18905 caption-topr1c1"> 2 </td><td headers="table18905 caption-topr1c2"> The source of a communication </td><td headers="table18905 caption-topr1c3"> Identifiers of a related account, service or device from which the communication has been sent by means of the relevant service. </td></tr><tr><td headers="table18905 caption-topr1c1"> 3 </td><td headers="table18905 caption-topr1c2"> The destination of a communication </td><td headers="table18905 caption-topr1c3"><p>Identifiers of the account, telecommunications device or relevant service to which the communication:</p><ul><li>has been sent, or</li><li>has been forwarded, routed or transferred, or attempted to be forwarded, routed or transferred.</li></ul></td></tr><tr><td headers="table18905 caption-topr1c1"> 4 </td><td headers="table18905 caption-topr1c2"> The date, time and duration of a communication, or of its connection to a relevant service </td><td headers="table18905 caption-topr1c3"><p>The date and time (including the time zone) of the following relating to the communication (with sufficient accuracy to identify the communication):</p><ul><li>the start of the communication</li><li>the end of the communication</li><li>the connection to the relevant service</li><li>the disconnection from the relevant service.</li></ul></td></tr><tr><td headers="table18905 caption-topr1c1"> 5 </td><td headers="table18905 caption-topr1c2"> The type of communication or of a relevant service used in connection with a communication </td><td headers="table18905 caption-topr1c3"><ul><li>The type of communication (e.g. Voice, SMS, email, chat, forum, social media).</li><li>The type of the relevant service (e.g. ADSL, Wi‑Fi, VoIP, cable, GPRS, VoLTE, LTE).</li><li>The features of the relevant service that were, or would have been, used by or enabled for the communication (e.g. Call waiting, call forwarding, data volume usage).</li></ul></td></tr><tr><td headers="table18905 caption-topr1c1"> 6 </td><td headers="table18905 caption-topr1c2"> The location of equipment, or a line, used in connection with a communication </td><td headers="table18905 caption-topr1c3"><p>In relation to the equipment or line used to send or receive the communication:</p><ul><li>the location of the equipment or line at the start of the communication</li><li>the location of the equipment or line at the end of the communication (e.g. cell towers, Wi‑Fi hotspots).</li></ul></td></tr></tbody></table><h3>Records of disclosure – prospective authorisation exceptions</h3><h4>Name of the person who made the disclosure</h4><p>Section 306A(5)(a) provides that records of disclosures made under the prospective authorisation exceptions must set out the name of the person or persons who made the disclosure or disclosures.</p><h4>Date of the first and last disclosure</h4><p>Section 306A(5)(b) provides that records of disclosures made under the prospective authorisation exceptions must set out:</p><ul><li>if only one disclosure is made because of the authorisation — the date of the disclosure, or</li><li>if more than one disclosure is made because of the authorisation — the date of the first and date of the last disclosures.</li></ul><p>As outlined above, the prospective authorisation provisions in the TIA Act generally enable law enforcement agencies to authorise telecommunications service providers to disclose information or documents that may come into existence during a particular future period of time. The OAIC considers that a disclosure occurs each time specified information or a document comes into existence during the authorisation period and is then released by the service provider to the relevant law enforcement agency.</p><p>The ‘date of the first disclosure’ means the date the first specified document or piece of information is disclosed to the relevant law enforcement agency. Similarly, the ‘date of the last disclosure’ refers to the date the last specified document or piece of information is disclosed to the relevant law enforcement agency. Consequently, the record should identify the dates of the first and last disclosure of information to the law enforcement agency. These dates may not necessarily correspond to the dates of the start and end of the authorisation period.</p><h4>A statement of the grounds for the disclosure</h4><p>Section 306A(5)(c) provides that records of disclosures made under the prospective authorisation exceptions must set out a statement of the grounds for the disclosure. This statement should identify the relevant provision that authorised the disclosure.</p><h4>Name of the person who made the authorisation and the date of the making of the authorisation</h4><p>Section 306A(5)(d) provides that records of disclosures made under the prospective authorisation exceptions must set out the name of the person who made the authorisation and the date of the making of the authorisation.</p><h2 id="how-long-do-providers-need-to-keep-records-of-disclosures">How long do providers need to keep records of disclosures?</h2><p>All records of disclosure must be retained for three years from the date of creation.<sup><a id="ftnref20" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn20">[20]</a></sup> Copies of records of disclosures given to a carrier or carriage service provider by an associate must also be kept by the carrier or carriage service provider for three years.<sup><a id="ftnref21" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn21">[21]</a></sup></p><h2 id="what-is-the-role-of-the-office-of-the-australian-information-commissioner">What is the role of the Office of the Australian Information Commissioner?</h2><p>Under s 309 of the Telecommunications Act, the Information Commissioner has the function of monitoring compliance with the record-keeping requirements of ss 306 and 306A of that Act.</p><p>The OAIC may conduct inspections of telecommunication service providers’ records to ensure they comply with these requirements. There are offences and penalties under the Telecommunications Act for failing to comply with the record-keeping requirements.<sup><a id="ftnref22" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftn22">[22]</a></sup></p><h2 id="appendix-a-records-of-disclosure-checklist">Appendix A: Disclosure exceptions that impose a record-keeping requirement</h2><a id="table1"></a><table border="0" cellspacing="0" cellpadding="5" id="table46299"><caption> Table 1 — General disclosure exceptions</caption><tbody><tr><th width="180" id="table46299r1c1">Legislation</th><th id="table46299r1c2">Section</th><th id="table46299r1c3"> Description of exception</th></tr><tr><th rowspan="8" id="table46299r2c1"> Telecommunications Act</th><td headers="table46299r1c2 table46299r2c1"><p>280</p></td><td valign="top" headers="table46299r1c3 table46299r2c1"><p>Where the use or disclosure is required or authorised by or under law or a use or disclosure that is required or authorised under a warrant in connection with an enforcement agency operation</p></td></tr><tr><td headers="table46299r1c2 table46299r2c1"><p>281</p></td><td valign="top" headers="table46299r1c3 table46299r2c1"><p>If a person makes the disclosure as a witness summonded to give evidence or produce documents</p></td></tr><tr><td headers="table46299r1c2 table46299r2c1"><p>284</p></td><td valign="top" headers="table46299r1c3 table46299r2c1"><p>If the disclosure is made to entities including the Australian Communications and Media Authority, Australian Competition and Consumer Commission, Telecommunications Industry Ombudsman and eSafety Commissioner if the information may assist them to carry out their functions or powers</p></td></tr><tr><td headers="table46299r1c2 table46299r2c1"><p>286</p></td><td valign="top" headers="table46299r1c3 table46299r2c1"><p>If the disclosure consists of emergency services related call information and is made to an emergency service organisation (e.g. police force) or despatch services for the purpose of dealing with the matters raised by that call</p></td></tr><tr><td headers="table46299r1c2 table46299r2c1"><p>287</p></td><td valign="top" headers="table46299r1c3 table46299r2c1"><p>Where the discloser believes on reasonable grounds that the use or disclosure is reasonably necessary to prevent or lessen a serious threat to the life or health of a person and it is unreasonable or impracticable to obtain their consent</p></td></tr><tr><td headers="table46299r1c2 table46299r2c1"><p>288</p></td><td valign="top" headers="table46299r1c3 table46299r2c1"><p>Where the use or disclosure is reasonably necessary for the purpose of the preservation of human life at sea and relates to the location of a vessel and is made for maritime communications purposes</p></td></tr><tr><td headers="table46299r1c2 table46299r2c1"><p>289</p></td><td valign="top" headers="table46299r1c3 table46299r2c1"><p>Where a person consents or is reasonably likely to be aware or made aware that such disclosures usually occur</p></td></tr><tr><td headers="table46299r1c2 table46299r2c1"><p>292</p></td><td valign="top" headers="table46299r1c3 table46299r2c1"><p>Where the use or disclosure is prescribed by regulations (<em>Telecommunications Regulations 2001</em>)</p></td></tr><tr><th rowspan="5" id="table46299r10c1"> TIA Act</th><td headers="table46299r10c1 table46299r1c2"><p>177</p></td><td valign="top" headers="table46299r10c1 table46299r1c3"><p>If the disclosure is voluntarily made to an enforcement agency and is reasonably necessary for the enforcement of criminal law, a law imposing a pecuniary penalty or for the protection of the public revenue</p></td></tr><tr><td headers="table46299r10c1 table46299r1c2"><p>178</p></td><td valign="top" headers="table46299r10c1 table46299r1c3"><p>Authorisations for access to existing information or documents — enforcement of the criminal law</p></td></tr><tr><td headers="table46299r10c1 table46299r1c2"><p>179</p></td><td valign="top" headers="table46299r10c1 table46299r1c3"><p>Authorisations for access to existing information or documents — enforcement of a law imposing a pecuniary penalty or protection of the public revenue</p></td></tr><tr><td headers="table46299r10c1 table46299r1c2"><p>180(3)</p></td><td valign="top" headers="table46299r10c1 table46299r1c3"><p>Authorisations for access to existing information or documents</p></td></tr><tr><td headers="table46299r10c1 table46299r1c2"><p>180A</p></td><td valign="top" headers="table46299r10c1 table46299r1c3"><p>Authorisations for access to existing information or documents — enforcement of the criminal law of a foreign country</p></td></tr></tbody></table><a id="table2"></a><table border="0" cellspacing="0" cellpadding="5" id="table74299"><caption> Table 2 — Prospective authorisation exceptions</caption><tbody><tr><th width="180" valign="top" id="table74299r1c1">Legislation</th><th valign="top" id="table74299r1c2">Section</th><th valign="top" id="table74299r1c3"> Description of exception</th></tr><tr><th rowspan="2" id="table74299r2c1"> TIA Act</th><td headers="table74299r1c2 table74299r2c1"><p>180</p></td><td valign="top" headers="table74299r1c3 table74299r2c1"><p>Authorisations by an authorised officer of a criminal law enforcement agency for access to prospective information or documents</p></td></tr><tr><td headers="table74299r1c2 table74299r2c1"><p>180B</p></td><td valign="top" headers="table74299r1c3 table74299r2c1"><p>Authorisations by an authorised officer of the Australian Federal Police for access to prospective information or documents — enforcement of the criminal law of a foreign country</p></td></tr></tbody></table></div><div class="sidebar col--md-3 last" id="content-sidebar" role="complementary" aria-label="Sidebar"></div></div></div> </div> <div class="footnotes"><h2 id="footnotes">Footnotes</h2><p><a id="ftn1" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref1">[1]</a> Telecommunications Act 1997 (Cth) ss 276, 277 and 278.</p><p><a id="ftn2" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref2">[2]</a> Telecommunications Act 1997 (Cth) s 309.</p><p><a id="ftn3" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref3">[3]</a> The ss 306 and 306A record-keeping requirements also apply to ‘eligible number-database persons’. Under the Telecommunications Act, the Minister may make a determination that an entity is a number-database person. However, there are currently no determinations in force. Consequently, ‘eligible number-database persons’ are not referred to in this resource.</p><p><a id="ftn4" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref4">[4]</a> Telecommunications Act 1997 (Cth) s 271.</p><p><a id="ftn5" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref5">[5]</a> Telecommunications Act 1997 (Cth) s 304.</p><p><a id="ftn6" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref6">[6] </a> Telecommunications Act 1997 (Cth) s 306.</p><p><a id="ftn7" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref7">[7]</a> Telecommunications Act 1997 (Cth) 306A.</p><p><a id="ftn8" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref8">[8]</a> Under ss 180(3) and 180A(2) of the TIA Act, authorised officers may also authorise disclosure of specified information or documents that came into existence before the time the authorisation comes into force.</p><p><a id="ftn9" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref9">[9]</a> Telecommunications Act 1997 (Cth) s 306(2)(a).</p><p><a id="ftn10" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref10">[10]</a> Telecommunications Act 1997 (Cth) s 306(3).</p><p><a id="ftn11" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref11">[11]</a> Telecommunications Act 1997 (Cth) s 306A(2)(a).</p><p><a id="ftn12" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref12">[12]</a> Telecommunications Act 1997 (Cth) s 306A(3).</p><p><a id="ftn13" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref13">[13]</a> Telecommunications Act 1997 (Cth) ss 306(6) and 306A(6).</p><p><a id="ftn14" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref14">[14]</a> Section 2C of the Acts Interpretation Act 1901 states that, in any Act, expressions used to denote ‘persons’ generally includes a body politic or corporate as well as an individual.</p><p><a id="ftn15" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref15">[15]</a> Telecommunications Act 1997 (Cth) s 306(5)(d).</p><p><a id="ftn16" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref16">[16]</a> Telecommunications (Interception and Access) Act 1979 s 5.</p><p><a id="ftn17" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref17">[17]</a> Telecommunications Act 1997 (Cth) s 306(5)(e).</p><p><a id="ftn18" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref18">[18]</a> Under s 306(5A), if the Minister for Communications has made a determination under s 306(5B) setting out a table that specifies kinds of information, the table set out in that determination will apply in place of the table set out in s 187AA(1) of the TIA Act. However, there is currently no determination in force.</p><p><a id="ftn19" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref19">[19]</a> Telecommunications Act 1997 (Cth) s 306(5)(g).</p><p><a id="ftn20" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref20">[20]</a> Telecommunications Act 1997 (Cth) ss 306(2)(b) and 306A(2)(b).</p><p><a id="ftn21" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref21">[21]</a> Telecommunications Act 1997 (Cth) ss 306(4) and 306A(4).</p><p><a id="ftn22" href="https://www.oaic.gov.au/privacy/privacy-guidance-for-organisations-and-government-agencies/more-guidance/keeping-records-of-disclosures-under-the-telecommunications-act-1997#ftnref22">[22]</a> Telecommunications Act 1997 (Cth) ss 306(7) and 306A(7).</p></div> </div>  </div> </div> </main>   <div class="footer"> <div class="footer__upper"> <div class="footer__upper--wrapper"> <div class="back-to-top__wrapper"> <button class="back-to-top" aria-label="Back to top"> <svg class="back-to-top__icon" aria-hidden="true" focusable="false" width="28" height="47" viewBox="0 0 28 47" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M6 8.82715L14 1.00106" stroke="white" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/><path d="M22 8.82715L14 1.00106" stroke="white" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/><path d="M14 21L14 1" stroke="white" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/><path d="M2.94 41V33.41H0.36V31.25H8.1V33.41H5.52V41H2.94ZM13.2027 41.18C12.5227 41.18 11.9027 41.065 11.3427 40.835C10.7927 40.605 10.3177 40.275 9.9177 39.845C9.5277 39.405 9.2227 38.87 9.0027 38.24C8.7827 37.6 8.6727 36.88 8.6727 36.08C8.6727 35.28 8.7827 34.57 9.0027 33.95C9.2227 33.32 9.5277 32.795 9.9177 32.375C10.3177 31.945 10.7927 31.62 11.3427 31.4C11.9027 31.18 12.5227 31.07 13.2027 31.07C13.8727 31.07 14.4877 31.18 15.0477 31.4C15.6077 31.62 16.0827 31.945 16.4727 32.375C16.8727 32.805 17.1827 33.33 17.4027 33.95C17.6227 34.57 17.7327 35.28 17.7327 36.08C17.7327 36.88 17.6227 37.6 17.4027 38.24C17.1827 38.87 16.8727 39.405 16.4727 39.845C16.0827 40.275 15.6077 40.605 15.0477 40.835C14.4877 41.065 13.8727 41.18 13.2027 41.18ZM13.2027 38.96C13.7927 38.96 14.2527 38.705 14.5827 38.195C14.9227 37.675 15.0927 36.97 15.0927 36.08C15.0927 35.19 14.9227 34.505 14.5827 34.025C14.2527 33.535 13.7927 33.29 13.2027 33.29C12.6127 33.29 12.1477 33.535 11.8077 34.025C11.4777 34.505 11.3127 35.19 11.3127 36.08C11.3127 36.97 11.4777 37.675 11.8077 38.195C12.1477 38.705 12.6127 38.96 13.2027 38.96ZM19.4784 41V31.25H23.0484C23.5784 31.25 24.0834 31.305 24.5634 31.415C25.0434 31.515 25.4634 31.695 25.8234 31.955C26.1834 32.205 26.4684 32.54 26.6784 32.96C26.8984 33.37 27.0084 33.88 27.0084 34.49C27.0084 35.09 26.8984 35.605 26.6784 36.035C26.4684 36.465 26.1834 36.82 25.8234 37.1C25.4634 37.37 25.0484 37.575 24.5784 37.715C24.1084 37.845 23.6184 37.91 23.1084 37.91H22.0584V41H19.4784ZM22.0584 35.87H22.9884C23.4984 35.87 23.8734 35.75 24.1134 35.51C24.3634 35.27 24.4884 34.93 24.4884 34.49C24.4884 34.05 24.3534 33.74 24.0834 33.56C23.8134 33.38 23.4284 33.29 22.9284 33.29H22.0584V35.87Z" fill="white"/></svg> </button> </div> <div class="footer__logo-group"> <img src="https://www.oaic.gov.au/__data/assets/file/0020/12962/logo.svg" class="logo--main" alt="OAIC logo"> <a href="https://www.oaic.gov.au/about-the-OAIC/access-our-information/freedom-of-information-requests-to-the-oaic" class="footer-logo" aria-label="OAIC sub-logo"> <img src="https://www.oaic.gov.au/__data/assets/file/0021/12963/logo2.svg" class="logo--sub" alt="OAIC sub logo"> </a> <a href="https://www.oaic.gov.au/about-the-OAIC/access-our-information/our-information-publication-scheme" class="footer-logo" aria-label="OAIC Information Publication Scheme"> <img src="https://www.oaic.gov.au/__data/assets/image/0026/91385/ips_white_text.png" class="logo--sub" width="120px" alt="Information Publication Scheme"> </a> </div><div class="footer__link-group"> <ul class="link-list"> <li><a href="https://www.oaic.gov.au/sitemap" class="footer-link" aria-label="Site map">Site map</a></li><li><a href="https://www.oaic.gov.au/about-the-OAIC/copyright" class="footer-link" aria-label="Copyright">Copyright</a></li><li><a href="https://www.oaic.gov.au/about-the-OAIC/terms-and-conditions" class="footer-link" aria-label="Terms and conditions">Terms and conditions</a></li><li><a href="https://www.oaic.gov.au/about-the-OAIC/our-corporate-information/plans-policies-and-procedures/privacy-policy" class="footer-link" aria-label="Privacy policy">Privacy policy</a></li><li><a href="https://www.oaic.gov.au/about-the-OAIC/accessibility" class="footer-link" aria-label="Accessibility">Accessibility</a></li> </ul> </div> </div> </div> <div class="footer__lower"> <div class="footer__util-group"> <div class="footer__contact"> <a href="https://www.oaic.gov.au/contact-us" class="contact--link" aria-label="Contact us">Contact us</a> <a href="tel:1300 363 992" class="contact--phone" aria-label="Call 1300 363 992">1300 363 992</a> <p class="contact--hours">Monday to Thursday 10 am to 4 pm (AEST/AEDT)</p> </div> <div id="footer_language_listing_13517"> <div class="footer__language-list"> <label for="languages">Translations</label> <select name="languages" id="languages" onChange="if (this.value.startsWith('https://www.oaic.gov.au')) window.location = this.value;"> <option value="">Please select…</option> <option lang="ar" value="https://www.oaic.gov.au/engage-with-us/translations/arabic">العربية</option><option lang="zh" value="https://www.oaic.gov.au/engage-with-us/translations/chinese">中文</option><option lang="el" value="https://www.oaic.gov.au/engage-with-us/translations/greek">ελληνικός</option><option lang="it" value="https://www.oaic.gov.au/engage-with-us/translations/italian">Italiano</option><option lang="es" value="https://www.oaic.gov.au/engage-with-us/translations/spanish">Español</option><option lang="th" value="https://www.oaic.gov.au/engage-with-us/translations/thai">ไทย</option><option lang="vi" value="https://www.oaic.gov.au/engage-with-us/translations/vietnamese">Tiếng Việt</option><option lang="EN" value="https://www.oaic.gov.au/engage-with-us/translations/easy-english">Easy English</option> </select> </div> </div> <div class="footer__social"> <p class="social--header">Follow us</p> <ul class="social-list"> <li> <a href="https://www.facebook.com/OAICgov" class="social-link social-link--facebook" aria-label="OAIC on Facebook"> <img class="social-icon" src="https://www.oaic.gov.au/__data/assets/file/0025/12958/facebook.svg" alt="OAIC on Facebook"> </a> </li> <li> <a href="https://twitter.com/OAICgov" class="social-link social-link--twitter" aria-label="OAIC on Twitter" > <img class="social-icon" src="https://www.oaic.gov.au/__data/assets/file/0026/12959/x-logo.svg" alt="OAIC on Twitter"> </a> </li> <li> <a href="https://www.youtube.com/user/oaicgov" class="social-link social-link--youtube" aria-label="OAIC on Youtube" > <img class="social-icon" src="https://www.oaic.gov.au/__data/assets/file/0018/12960/youtube.svg" alt="OAIC on Youtube"> </a> </li> <li> <a href="https://au.linkedin.com/company/office-of-the-australian-information-commissioner" class="social-link social-link--linkedin" aria-label="OAIC on Linkedin"> <img class="social-icon" src="https://www.oaic.gov.au/__data/assets/file/0019/12961/linkedin.svg" alt="OAIC on Linkedin"> </a> </li> <li> <a href="https://www.instagram.com/oaicgov/" class="social-link social-link--Instagram" aria-label="OAIC on Instagram" > <img class="social-icon" src="https://www.oaic.gov.au/__data/assets/file/0023/91364/Instagram_Glyph_White.svg" alt="OAIC on Instagram"> </a> </li> </ul> </div> </div> <div class="footer__content-group"> <p class="footer__content-header">Acknowledgement of Country</p> <p class="footer__content-text">The OAIC acknowledges Traditional Custodians of Country across Australia and their continuing connection to land, waters and communities. We pay our respect to First Nations people, cultures and Elders past and present.</p> <p class="footer__content-copyright">© Commonwealth of Australia</p> </div> </div> </div>   </div>   <div id="footer_js" style="display: none !important;"> <script src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/js/runtime.js?h=06ed308"></script> <script src="https://www.oaic.gov.au/__data/assets/git_bridge/0012/12063/js/main.js?h=06ed308"></script> <script src="https://www.oaic.gov.au/__data/assets/js_file/0025/242791/custom.js"></script> <script> var lhsWrapper = document.querySelector('.lhs-wrapper'); if(lhsWrapper) { lhsWrapper.innerHTML.trim() === '' ? lhsWrapper.style.display='none' : ''; } //Readpeaker function readSpeaker() { var readButtonContent = ` <div id="readspeaker_button1" class="rs_skip rsbtn rs_preserve"> <a rel="nofollow" class="rsbtn_play" accesskey="L" title="Listen to this page using ReadSpeaker webReader" href="//app-oc.readspeaker.com/cgi-bin/rsent?customerid=9755&lang=en_au&readclass=page-content&url=https%3A%2F%2Fwww.oaic.gov.au%2Fprivacy%2Fprivacy-guidance-for-organisations-and-government-agencies%2Fmore-guidance%2Fkeeping-records-of-disclosures-under-the-telecommunications-act-1997"> <span class="rsbtn_left rsimg rspart"><span class="rsbtn_text"><span>Listen</span></span></span> <span class="rsbtn_right rsimg rsplay rspart"></span> </a> </div>`; var readButtonSearch = ` <div id="readspeaker_button2" class="rs_skip rsbtn rs_preserve"> <a rel="nofollow" class="rsbtn_play" accesskey="L" title="Listen to this page using ReadSpeaker webReader" href="//app-oc.readspeaker.com/cgi-bin/rsent?customerid=9755&lang=en_au&readclass=search-content&url=https%3A%2F%2Fwww.oaic.gov.au%2Fprivacy%2Fprivacy-guidance-for-organisations-and-government-agencies%2Fmore-guidance%2Fkeeping-records-of-disclosures-under-the-telecommunications-act-1997"> <span class="rsbtn_left rsimg rspart"><span class="rsbtn_text"><span>Listen</span></span></span> <span class="rsbtn_right rsimg rsplay rspart"></span> </a> </div>`; //for content pages var pageContent = document.querySelector('.page-content'); //for search pages var pageSearch = document.querySelector('.search-content'); if(pageContent) pageContent.insertAdjacentHTML('afterbegin', readButtonContent); if(pageSearch) pageSearch.insertAdjacentHTML('afterbegin', readButtonSearch); } readSpeaker(); </script> <script> function feedbackGrepCallback(response) { if (response.length > 0) { document.querySelector(".feedback__submit input").disabled = false } } function feedbackGrepExpiredCallback(response) { if (!response) { document.querySelector(".feedback__submit input").disabled = true } } </script> </div> <style> .page-content section.banner-grey-newsroom__wrapper, .page-content section.landing-page { display: none; } </style>   </body> </html>

CINXE.COM

Keeping records of disclosures under the Telecommunications Act 1997 | OAIC