Personal tools
austel_1992_privacy_report.txt
Australian Telephone (AUSTEL) 1992 Privacy Report
To Order a Copy, Contact:
Austel
P.O. Box 7443
St. Kilda Rd
Melbourne VIC 3004
Australia
Ph +61-3-828-7300
Fax +61-3-820-3021
toll-free number in Australia: 008 335 526
chapter 1
EXECUTIVE SUMMARY AND RECOMMENDATIONS
Executive summary{tc "Executive summary"}
1.1 This report focuses on two telecommunications privacy issues which
have the potential to be real problems if not addressed -
o freedom from intrusion
o control of personal data.
1.2 Consumer interests may be protected and promoted by -
o applying a principle of informed consent to
- consumers' exposure to new technologies
- the use or re-use of personal data
o a committee of consumers, industry and government agencies
developing a voluntary framework for dealing with the issues
o funding being made available to AUSTEL to service that
committee
o industry developing codes of conduct dealing with specific
aspects of the issues (eg telemarketing) for approval by the
committee.
1.3 Measures to control the capture and use of personal data in a
telecommunications context should have regard to, and be consistent
with general principles or laws governing privacy issues.
1.4 Divergences from or additions to such general principles or laws
should occur only where the telecommunications industry is
demonstrated to be unique or at least so special as to require
telecommunications specific treatment.
Summary of recommendations{tc "Summary of recommendations"}
General framework{tc "General framework"}
1.5 AUSTEL recommends that -
(1) the level of data protection in the telecommunications industry be
set by reference to relevant international standards, such as those
established by the Council of Europe (paragraph 3.53)
(2) the framework to regulate telecommunications privacy issues focus on
general principles that apply to services that might be supplied, rather
than on the technologies that deliver those services (paragraph 3.56)
(3) measures to control the capture and use of personal data by means of
telecommunications networks or services should have regard to, and be
consistent with, general principles or laws governing those matters
(paragraph 3.58)
(4) divergences from, or additions to, general principles or laws
governing privacy issues should occur only where the telecommunications
industry is demonstrated to be unique or at least so special as to require
telecommunications specific treatment (paragraph 3.58)
(5) consideration be given to extending the scope of the Privacy Act 1988
beyond its current focus on government bodies to enable the Privacy
Commissioner to oversee the collection, storage and use of data by private
companies (paragraph 4.25)
(6) industry and government agencies adopt a voluntary co-regulatory
approach based on a Telecommunications Privacy Committee representing the
interests of consumers, users, the industry and relevant government
agencies (paragraph 4.28)
(7) subject to additional funding being made available for the purpose,
the Telecommunications Privacy Committee be with but not of AUSTEL and
that AUSTEL service the committee (paragraph 4.29)
(8) the Telecommunications Privacy Committee be responsible for -
- the identification of general privacy principles applicable to the
telecommunications industry
- the development of specific guidelines where necessary
- encouraging relevant industry and community groups to develop codes
of conduct which reflect the general privacy principles and specific
guidelines
- the approval of codes of conduct which meet appropriate standards,
including effective monitoring and enforcement measures (paragraph
4.31)
(9) the effectiveness of the voluntary co-regulatory approach and of the
Telecommunications Privacy Committee be reviewed in three years against
pre-determined performance indicators (paragraph 4.53)
Calling Line Identification (CLI) based services, in particular Calling
Number Display (CND){tc "Calling Line Identification (CLI) based services,
in particular Calling Number Display (CND)"}
1.6 AUSTEL recommends that -
(10) the principle of informed choice should govern the introduction of
Calling Line Identification based services, particularly Calling Number
Display (paragraph 5.68)
(11) the Telecommunications Privacy Committee should supervise the
development by the carriers and other interested parties of a code of
conduct that will ensure that customers have the opportunity to make an
informed choice (paragraph 5.71)
(12) the code should make provision for -
o a public awareness program
o the default option where a customer does not make a choice
(paragraph 5.71)
(13) any proposal for a default option should be supported by valid
contemporary evidence of its public acceptability, such as independent
market research acceptable to AUSTEL and the Telecommunications Privacy
Committee. In considering the default option the Telecommunications
Privacy Committee should have regard to the potential social or other
benefits of CND along with the public interest in leaving consumers'
existing arrangements undisturbed unless they choose positively to alter
them (paragraph 5.75)
(14) AOTC proceed with a trial of Calling Line Identification based
services including Calling Number Display during 1993 - the conditions of
such a trial being agreed with the Telecommunications Privacy Committee
(paragraph 5.79)
(15) those responsible for the development of the code of conduct to
ensure customers have the opportunity to make an informed choice have
regard to the outcomes of the trial and other relevant research results or
information available at the time (paragraph 5.79)
(16) prior to the introduction of Calling Number Display and other such
services, the carriers should undertake a public awareness campaign to
inform the community about the implications of both sending and receiving
Calling Number Display (paragraph 5.86)
(17) the Telecommunications Act 1991 be amended to remove any doubt
whether AUSTEL may vary its Service Providers Class Licence to require a
service provider receiving Calling Line Identification information to
develop for approval by the proposed Telecommunications Privacy Committee
a code of conduct for dealing with such information (paragraph 5.101)
(18) service providers be required to observe such a code (paragraph
5.101)
(19) the code be subject to the jurisdiction of the Telecommunications
Industry Ombudsman so that the Ombudsman may receive and resolve
complaints alleging breaches of the code and, where appropriate, recommend
to AUSTEL whether it should take action under the class licence for a
breach of the service provider's obligation to observe the code
(paragraph 5.101)
Unsolicited telecommunications{tc "Unsolicited telecommunications"}
1.7 AUSTEL recommends that -
(20) appropriate codes of conduct be developed by relevant industry and
community groups for approval by the Telecommunications Privacy Committee
to deal with intrusion , control of personal data and fair trading issues
in relation to unsolicited telecommunications (paragraph 6.32)
(21) separate codes of conduct be developed in respect of the different
categories of unsolicited telecommunications (paragraph 6.32)
(22) subject to the agreement of the carriers which will fund the proposed
Telecommunications Industry Ombudsman scheme, the Telecommunications
Industry Ombudsman should take responsibility for the initial collection
and collation of complaints relating to unsolicited telecommunications,
referring them to other agencies as appropriate (paragraph 6.43)
(23) the Telecommunications Privacy Committee should oversee the
development of a cost-effective process by which consumers who prefer not
to receive unsolicited telecommunications may, as far as possible,
exercise that preference (paragraph 6.64)
Equipment issues{tc "Equipment issues"}
1.8 AUSTEL recommends that -
(24) individuals affected should be informed by appropriate means whenever
data resulting from the use of a Telephone Information Management System
(TIMS) is being collected and processed (paragraph 7.16)
(25) in the case of the use of TIMS by hotels and motels, the owners and
operators of motels and hotels using TIMS to charge guests for telephone
calls be encouraged to develop a code of conduct with regard to the use
and re-use of the data so collected (paragraph 7.16)
(26) at this stage, the development of a code of conduct under the
auspices of the Telecommunications Privacy Committee, rather than
legislative amendment, is the most appropriate way of resolving issues
relating to the use of Automatic Calling Equipment (paragraph 7.27)
(27) at this stage, the development of a code of conduct under the
auspices of the Telecommunications Privacy Committee, rather than
legislative amendment, is the most appropriate way of resolving issues
relating to the use of unsolicited facsimiles (paragraph 7.29)
Customer information issues{tc "Customer information issues"}
1.9 AUSTEL recommends that -
(28) compilers and purchasers of reverse directories develop a code of
conduct that recognises the sensitivity of a reverse telephone directory
compared to one that can only be accessed when the name of the subscriber
is known (paragraph 7.35)
(29) Carriers develop a code of conduct that relates to their handling of
customer information, including -
- the exchange of customer information between them, service providers
and within the divisions of their own organisation.
- the provision of options with regard to itemised billing (paragraph
7.41)
CHAPTER 2
THE INQUIRY: REASONS AND SUPPORT FOR, THE CONSULTATIVE PROCESS AND
DEVELOPMENTS DURING
Reasons for the inquiry 2.1
Support for the inquiry 2.2
Consultation 2.5
Developments in the course of the inquiry 2.11
{tc ""}Reasons for the inquiry
2.1 AUSTEL decided (in October 1991) to hold a public inquiry into the
privacy implications of telecommunications services because a number of
issues were emerging in Australia which overseas experience indicated
could become problems if they were not resolved at an early stage, eg -
o Telecom (which has since merged with OTC to form AOTC) approached
AUSTEL in September 1991 to discuss its plans to introduce a range of
services based on Calling Line Identification including some services
which had given rise to privacy concerns in North America. (As a
result of debate engendered by AUSTEL's inquiry, AOTC has postponed
the introduction of such services until related privacy issues have
been resolved.)
o Suppliers were seeking from AUSTEL permits for Automatic Calling
Equipment, the unrestricted use of which had produced a consumer
backlash in North America, to the detriment of its telemarketing
industry and carriers. AUSTEL has no power to impose conditions of
use on such equipment or to withhold a permit on public interest
grounds.
o The proposed merger of Telecom with OTC would have the effect of
limiting the application (to the handling of tax file numbers and
credit reporting) of the Privacy Act 1988 to the merged entity and
that Act would likewise have limited application only to the then
proposed new carrier (Optus).
o There were unresolved privacy issues with respect to Telephone
Information Management Systems. As observed above, AUSTEL has no
power to impose a condition of use on such equipment or to withhold a
permit for it on public interest grounds. Nor is it able to impose
conditions relating to the masking of the last two digits of
numbers recorded on TIMS equipment such as those imposed by Telecom
(at the behest of the NSW Privacy Committee) when it had
responsibility for issuing permits prior to the establishment of
AUSTEL. This was not well understood within the industry and
produced regular complaints to AUSTEL.
AUSTEL also considered it important that the community and industry should
be consulted on how such privacy issues might be resolved.
Support for the inquiry{tc "Support for the inquiry"}
2.2 A number of submitters supported the need for, and timeliness of, the
inquiry. The Privacy Commissioner welcomed the inquiry, saying that -
...new technologies are now entering the Australian market which if left
unconstrained in their use could radically alter traditional levels of
privacy protection.
2.3 The submissions of the Consumers' Telecommunications Network and the
Communications Law Centre made similar points, with the latter saying -
AUSTEL's Inquiry into the Privacy Implications of Telecommunications
Services is welcome both for the issues being covered and because it is
being conducted before many of the worst abuses of privacy experienced in
overseas telecommunications systems have been introduced into Australia.
However, the Centre does not believe this inquiry will be able to solve
all the privacy issues that may arise in the future.
2.4 On the other hand, a small number of submitters argued that
telecommunications privacy issues are not as difficult or pressing as
suggested by other submitters. In particular, submissions from members of
the market research industry argued that their industry has an adequate
self-regulated code of conduct and that further intervention would be
unwarranted.
Consultation{tc "Consultation"}
2.5 AUSTEL is firmly committed to the view that if it is to lay firm
foundations for the Australian telecommunications industry it must do that
in consultation with interested parties. Accordingly it has undertaken
extensive consultation in the course of this inquiry. It has been
AUSTEL's experience with a number of inquiries and investigations that the
processes of consultation and discussion promote an understanding of other
viewpoints among participants and enhance the likelihood of creative and
cooperative approaches to the issues. That has been particularly the case
with this inquiry and there have been a number of changes in its course
which are outlined in the next section of this chapter.
2.6 A discussion paper was issued to focus debate and a series of public
seminars were held in all capital cities and a major regional centre. The
seminars were followed by a draft report and further seminars. The
emphasis was to seek constructive input and to engender positive
discussion.
2.7 If the consultative approach is to work, AUSTEL must be able to tap
into the views of the widest possible cross-section of the general
community as well as those of industry participants and organised groups.
There are, however, difficulties in doing that. Notwithstanding that the
inquiry was widely advertised and generally received considerable media
coverage, the inquiry gathered momentum slowly. Submissions were more
likely to come from industry participants and those who were informed on
these issues than from members of the general public. Private individuals
were more likely to comment on unsolicited telecommunications, rather than
network matters or issues to do with the implementation of a privacy
framework.
2.8 Accordingly, AUSTEL drew on the resources of peak industry bodies and
peak bodies representing the interests of consumers and users. Those
bodies provided valuable input and AUSTEL is most grateful to the
organisations representing community interests that made submissions.
2.9 On other topics AUSTEL has gauged the views of the general community
by undertaking qualitative (focus group) and quantitative (survey
research). Such research was not appropriate in this instance because
those who might have participated in focus groups or a survey would have
had no real familiarity with the technologies in issues such as Calling
Line Identification and Calling Number Display.
2.10 Notwithstanding the difficulties of reaching the general community on
issues such as these, AUSTEL is satisfied that it has a good feel for the
general community's attitudes to telecommunications privacy issues, not
only through the peak bodies representing individual consumers but also
through the media generally, particularly as AUSTEL staff participated in
some 40 talkback radio interviews broadcast throughout Australia.
Developments in the course of the inquiry{tc "Developments in the course
of the inquiry"}
2.11 Debate engendered by the inquiry has moved AOTC to delay its
introduction of Calling Line Identification (CLI) based services until
there is a framework in place to resolve issues surrounding the
introduction of such services. An important consequence of this decision
is that it gives time for the proposed Telecommunications Privacy
Committee to gather extra information about such services.
2.12 The debate engendered by the inquiry also led AOTC and Alcatel to
propose a trial of CLI based services during 1993. The proposed
Telecommunications Privacy Committee should be able to use this trial to
make informed decisions about the introduction of CLI based services.
2.13 During the course of the inquiry, an amendment to section 88 of the
Telecommunications Act 1991 was made to address an issue recognised at an
early stage of the inquiry, namely, the absence of any limitation on the
use a service provider may make of Calling Line Identification information
it might acquire from a carrier.
2.14 While the inquiry has been in train there have been decisions and
developments on the international front that confirm AUSTEL's view that
telecommunications privacy issues are significant. For example, the
Canadian Radio-television and Telecommunications Commission (CRTC)
reversed a previous decision and ordered Bell Canada to make free blocking
options available in its offering of its equivalent of Calling Number
Display. The Canadian Department of Communications has called for public
comment on a proposed set of telecommunications privacy principles. The
New Zealand Department of Commerce commissioned a major report on privacy
and interception telecommunications issues. There has also been
international interest in AUSTEL's inquiry.
2.15 The consultation process that has been a feature of this inquiry has
laid a firm foundation for the work of the proposed Telecommunications
Privacy Committee.
CHAPTER 3
c.TELECOMMUNICATIONS PRIVACY IN CONTEXT
The meaning of privacy for the purposes of the inquiry 3.3
The nature of telecommunications privacy issues 3.12
The impact of competition on telecommunications privacy
issues 3.26
Overseas perspectives and developments 3.33
Europe 3.37
Japan 3.45
Canada 3.46
New York 3.47
Do telecommunications privacy issues require a special approach? 3.48
3.1 Unless telecommunications privacy issues are addressed, they have the
potential to become controversial and divisive and are likely to decrease
significantly the level of trust consumers have in the telecommunications
system. It is important that AUSTEL be proactive rather than reactive in
this area.
3.2 This chapter -
o canvasses what privacy means in a telecommunications context -
paragraph 3.3
o outlines the specific issues discussed in this report - paragraph
3.12
o considers the impact of competition on telecommunications privacy
issues - paragraphs 3.26-3.24
o outlines international approaches to telecommunications privacy
issues paragraphs 3. 33-3.47
o looks at the characteristics of the telecommunications industry that
bear on the telecommunications privacy issues - paragraph 3.48-3.57
The meaning of privacy for the purposes of the inquiry{tc "The meaning
of privacy for the purposes of the inquiry"}
3.3 For the purposes of this inquiry AUSTEL focused on two aspects of
privacy, namely -
o privacy in the sense of freedom from intrusion
o privacy in terms of the control of personal data.
Freedom from intrusion
This aspect of privacy is sometimes expressed as the right to quiet
enjoyment of one's home. Although it has been argued that intrusive
activities are not in themselves breaches of privacy, many people equate
privacy with freedom from intrusion and regard unwanted telecommunications
as extremely intrusive.
This aspect of privacy is further considered in paragraphs 6.11 - 14.
Control of personal data
Privacy is also regarded as a right to control the use of personal data
about oneself. This is the sense in which the Australian Privacy
Commissioner and his equivalents in many other countries use the term.
In this sense, privacy is about information privacy, and is encompassed by
principles such as
o openness about data collection
o limitations on methods of collection
o specification of the purpose for which the data is being collected
o limitations on re-using data for purposes not specified
o expectations about the accuracy and currency of the data.
These are some of the principles upon which the Australian Privacy Act
1988 is founded.
3.4 There are strong views in the community on privacy issues, especially
the intrusion aspects. For some people privacy operates as a kind of
shorthand for deeply held convictions about their autonomy and right to be
free of interference. To them privacy is a basic human right which
underpins other human rights. Some people also see the concept of privacy
in absolute terms, so that suggestions that turn on balancing a loss of
privacy with the achievement of other benefits are totally unacceptable.
3.5 The depth of feeling about unsolicited telecommunications and the
anger and frustration they generate is shown in the following quotations
from submissions received by AUSTEL in response to its initial discussion
paper -
o They [unsolicited telephone calls] are an unwelcome, unwarranted
invasion of privacy. They can and do delay other urgent calls. They
are a complete waste of my time which is valuable. They interrupt
thought, activity or leisure. They are not a raison d'etre for
having a phone line. They are simply a pain in the bum. (Brian
Garth)
o _would like to register my strongest disapproval of the practice of
making unsolicited phone calls_I got so sick of this that I changed
my number to an unlisted one_I do resent the fact that I have to have
an unlisted number as protection. (Mandy Swaney)
o I wish to declare my objection to any form of telemarketing that
involves phone calls to private homes_I consider such calls a
nuisance and an intrusion on privacy. (Patricia Prendergast)
o Many people feel angry about telemarketing. This is partly due to
the fact that it cannot be escaped, and that it could happen at any
time. It is also due to the fact that it degrades certain functions
of the telephone system - and certain aspects of human relations -
which are far removed from the actual telemarketing call itself.
This degradation is widespread and constitutes a degradation of good
things which our society values but has taken for granted because
they have never been under threat before. (Robin Whittle)
3.6 In his response to AUSTEL's draft report, Myles Ruggles, a researcher
with CIRCIT (the Melbourne based Centre for International Research on
Communication and Information Technologies), explored what privacy means
in communication, drawing upon the fields of social and behavioural
psychology -
"Privacy may _ be defined as an index of the degree of consent to and
control of their relationships with others which individuals experience."
3.7 Based on that definition, Mr Ruggles concludes that privacy should
provide an individual with the following abilities -
1. the ability to enter into only those relationships which individuals
have mutually chosen, and to terminate relationships;
2. the ability to control relationships on the basis of mutually
accepted interaction rules (regarding e.g. frequency of interactions,
permissible interruptions...)
3. the ability to participate in the selection of topics of interaction
...
4. the ability, within a given relationship, to limit disclosure of the
existence, characteristics or contents of other relationships.
3.8 This social, even subjective, approach to privacy helps to explain
the mixed reactions different people have to services such as Calling
Number Display. People set their own expectations of privacy and are
unconvinced when people with different expectations of privacy tell them
theirs is too high or too low.
3.9 Such an approach also brings together both aspects of privacy
(freedom from intrusion and control over personal data) outlined above.
This report takes up both aspects and recognises the connection between
them. There are, however, points in the analysis at which it is important
to distinguish between them. Where this report talks of
telecommunications privacy issues, the intent is to include both freedom
from intrusion and control over personal data issues that arise in a
telecommunications context.
3.10 The right to privacy is not, however, absolute. It needs to be
balanced against other public interests such as effective law enforcement
and national security. Thus section 47 of the Telecommunications Act 1991
requires AUSTEL, the carriers and eligible service providers to co-operate
with and assist Commonwealth, State, and Territory law enforcement
agencies and section 88 of the Act recognises that information carriers
should otherwise treat as confidential may be disclosed for law
enforcement and national security purposes.
3.11 To that
end AUSTEL's Law Enforcement Advisory Committee (which consists of
representatives of the carriers, law enforcement and national security
agencies together with relevant government departments) has prepared draft
guidelines for the disclosure of call charge recording information by
carriers. A copy of the draft guidelines appears at Appendix 9.
The nature of telecommunications privacy issues{tc "The nature of
telecommunications privacy issues"}
3.12 The following telecommunications privacy issues were canvassed in the
course of the inquiry -
o intrusion issues
- unsolicited telephone calls
- unsolicited or junk faxes
- Automatic Calling Equipment
o personal data issues
- carriers' customer information
- Calling Line Identification
- Calling Number Display
- reverse directories
- Telephone Information Management Systems
- itemised billing
- emergency services.
Unsolicited telephone calls
3.13 Unsolicited telephone calls, discussed in Chapter 6 of this report,
generated a good deal of critical comment from people receiving them,
while telemarketers, market researchers and charities making such calls
defended their actions.
Unsolicited or junk faxes
3.14 The issue of unsolicited or junk faxes, canvassed in Chapter 7, did
not generate the widespread emotional responses that unsolicited telephone
calls did, nor anything like the submissions in support that such calls
received. This is consistent with the result of AUSTEL's 1989 and 1991
research to the effect that while junk faxes have the potential to be a
problem, they are not yet a problem.
Automatic Calling Equipment
3.15 The issue of Automatic Calling Equipment is closely related to
unsolicited telephone calls. From one point of view, such equipment has
the potential to exacerbate the problems attached to receiving such calls,
while from another, the equipment has real cost benefits. It involves
considering how equipment issues may be handled and is covered in Chapter
7.
Carriers' customer information
3.16 There are a range of privacy issues that arise in relation to the
information held about customers by carriers and service providers. Some
of this information - that which is generated in the network and provides
a record of the customers' calls (that is, the information provided by
Calling Line Identification) - is telecommunications specific, and is
dealt with in Chapter 7.
Carriers' customer data bases
3.17 While customer data (name, address, telephone number and credit
records) held by a carrier is essentially similar to that held by any
other commercial organisation, some submissions treated it as a
telecommunications specific issue It is discussed in Chapters 3 and 7.
Calling Line Identification
3.18 Calling Line Identification (CLI) is the major source of information
that is generated in the network. It is described in Chapter 5. As
more transactions are conducted electronically across the
telecommunications network, the body of information about individuals
captured by CLI will become larger and, perhaps, more sensitive. An
important issue related to CLI is privacy implications of providing it to
service providers. This is also discussed in Chapter 5. The
telecommunications specific issues related to personal data are all
related to CLI and the services it makes possible, like Calling Number
Display, which is also canvassed in Chapter 5.
Calling Number Display
3.19 Calling Number Display (a product or service derived from a network's
capability to provide Calling Line Identification) entails a subscriber to
the service having the number of a person calling the subscriber shown on
a liquid crystal display on the subscriber's phone. The implications of
this for both the calling party and the caller, the ways the service could
be structured, the use which might be made of numbers so displayed, and
the commercial implications are the major topics of Chapter 5.
Reverse directories
3.20 Reverse directories, discussed in Chapter 7, enable a person's name
and address to be ascertained by reference to a person's telephone number.
Such directories enhance the use a subscriber to a Calling Number Display
service, say, an inbound telemarketer, might make of the calling party's
number displayed on the subscriber's phone.
Telephone Information Management Systems
3.21 Telephone Information Management Systems (or TIMS equipment) enable,
say, a hotel to record details of the numbers called from particular
extensions so that it may bill its guests. Likewise an employer may keep
records of and analyse the numbers called by its employees. The
implications of this are canvassed in Chapter 7.
Itemised billing
3.22 Itemised billing which has been a feature of some overseas
telecommunications systems for some years is currently being phased into
the Australian network for timed calls (long distance, international and
0055 calls). Full itemisation or disclosure of all numbers called to
services charged on a timed basis may give rise to privacy issues where,
for example, there is a joint use of a telephone service or an employee is
required to submit a telephone bill to an employer for reimbursement.
Those issues are briefly considered in Chapter 7.
Emergency and Assistance Services
3.23 A number of submissions raised issues relating to the terms and
conditions upon which emergency services (other than Telecom's 000
service) and community assistance lines (eg - LifeLine) might be given
access to Calling Line Identification.
3.24 AUSTEL is undertaking a separate detailed examination of emergency
services having regard to -
o the recent proliferation of emergency service numbers beyond
Telecom's 000 reference service (for ambulance, fire and police) to
a wide variety of numbers (eg - 11441, 11444 and 114400 for the
Victorian Fire Brigade, Police and Ambulance, respectively)
o the adequacy of section 88 of the Telecommunications Act 1991 in its
coverage of the use such a service might make of the information
displayed to it
o the evolution of different patterns of emergency services in
particular States and within States
o the implications of having some emergency service numbers providing
anonymity and others not
o general concerns expressed to AUSTEL outside this inquiry about the
adequacy of Telecom's 000 service.
3.25 Concerns raised by some submitters to the effect that allowing a
caller to block Calling Number Display might limit information available
to an emergency service are without foundation - blocking of Calling
Number Display by a customer would not block Calling Line Identification
within the network. Nor would it stop the tracing of hoax calls to
emergency services or the tracing of malicious or obscene calls.
The impact of competition on telecommunications privacy issues{tc "The
impact of competition on telecommunications privacy issues"}
3.26 The introduction of competition in telecommunications raises
additional issues with respect to the confidentiality and control of
personal information held by companies providing telecommunications
services. In a monopoly situation the handling of an individual's
personal data is a matter to be resolved between the individual and the
monopoly carrier. In a competitive situation not only is personal data
about customers available to more organisations, but the sharing of such
data between organisations involved in providing telecommunications
services is, in certain circumstances, necessary and obligatory. In other
circumstances there may be pressure exerted by new entrants to the
industry to force the incumbent to disclose information gathered in a
monopoly setting.
3.27 An example of mandatory information sharing in the competitive
setting is the condition of the General Carrier Licences, under which AOTC
and Optus operate, that they must supply information about callers and
called parties to each other across the points where their networks
interconnect. The exchange of such information is essential to allow each
carrier to bill their respective customers and to charge each other for
the use made of their network. Likewise, a service provider offering
switched services also requires access to CLI information.
3.28 Some submitters commented on the issues that arise from the need to
have information available on a competitive basis. A recommendation in
the Privacy Commissioner's submission called for review of the condition
in the General Carrier Licence relating to the sharing of information to
ensure that it is restricted to what is strictly necessary. The
Communications Law Centre also expressed disquiet at the need to make
information about individuals available in a competitive industry.
3.29 There may be tensions between promoting competition and protecting
consumer privacy. It is clearly important that competitive and effective
businesses be permitted to take advantage of the new opportunities
afforded by the introduction of competition. At the same time it is
important to remember that use of personal information about individuals
should be limited to that for which it was originally collected, unless
the owner of the information (the data subject) has given express and
informed consent.
3.30 These issues have arisen in the United States of America and, at
least at a federal level, have been largely resolved in favour of the
pro-competitive position. For example, the Federal Communications
Commission's inquiry into Open Network Architecture concluded that in
order to facilitate competition, certain information held by telephone
companies should be made available to other service providers. As a
result service providers have demanded information about the parties to a
call that was carried across their facilities, including information about
the caller that is contained in the carrier's customer data base, eg -
billing information and, in some cases, credit information. Several State
regulatory agencies in the USA are now examining this issue from both the
competition and the consumer protection perspectives.
3.31 Clearly there are competitive, consumer protection and privacy
considerations related to how information about individuals held by
carriers and service providers should be handled and disseminated in a
competitive environment. AUSTEL believes that better solutions will be
found if all sets of considerations are taken into account. A code of
conduct relating to customer information developed by the carriers and
submitted for approval to a committee representing a range of industry
interests, in line with the approach to telecommunications privacy
recommended in Chapter 4, is the preferred approach.
3.32 Issues related to the use and dissemination of information about a
customer may also arise within a single company and are not restricted to
passing information between companies. For example, it may be argued that
it is a breach of privacy for a carrier's billing division to pass to its
customer equipment division the information that a customer's telephone
bills have just increased markedly and that it may be possible to sell the
customer some new equipment or service. Issues related to the handling of
customer information within the organisation are discussed in Chapter
7,including itemised billing, where an appropriate recommendation is made.
Overseas perspectives and developments{tc "Overseas perspectives and
developments"}
3.33 Recent developments in Europe and North America suggest that both the
intrusion and the personal data aspects of telecommunications privacy are
becoming increasingly prominent and controversial. International
developments specific to particular issues are discussed elsewhere in this
report: paragraphs 3.33 - 3.37 give some information on uses of guidelines
and codes of conduct, paragraphs 5.10 - 5.19 discuss CLI based services in
other parts of the world, while paragraphs 6.5 - 6.8 briefly cover
responses to unsolicited telecommunications elsewhere.
3.34 The components of privacy concerns vary from place to place, but
include such developments as -
o competition leading to wider access to, and less accountability for,
information
o technological developments that support the collection and
transmission of information
o commercial developments that utilise telecommunications in systematic
ways for marketing and canvassing.
3.35 Overseas experience also suggests that developments in areas related
to telecommunications have expanded the ability to collect, store and
re-format information to a point where information previously freely
volunteered may now be regarded by some as private and jealously guarded.
For example, the development of software for reverse directories that
enable a name and address to be established by reference to a telephone
number may mean individuals are now less likely to volunteer their phone
numbers.
3.36 There has also been a spread in telecommunications services canvassed
in this report. The Calling Line Identification-based services such as
Calling Number Display described in paragraph 5.7 have been introduced by
a substantial number of telephone companies, especially in North America.
There is considerable work being done overseas on the regulation of
telecommunications privacy issues at an international level.
Europe{tc "Europe"}
3.37 In Europe four instruments are being prepared which will have a
significant impact on telecommunications privacy issues.
ISDN data protection directive
3.38 The first is a proposed directive by the European Commission relating
to ISDN and privacy. An objective of this proposal is to harmonise the
regulations concerning the protection of personal information in the
telecommunications industry throughout the twelve EC countries. If this
is not done, divergent regimes for the protection of privacy issues may
develop and this could endanger the free use of telecommunication services
and terminal equipment between, at least, the EC countries. This may, in
turn, inhibit the free flow of information. For example, divergent
approaches to the issue of blocking CND and the precise mechanism used for
achieving this may lead to difficulty with international
telecommunications usage.
3.39 It was reported at the 14th Annual Conference of International Data
Protection and Privacy Commissioners held in Sydney at the end of October
1992 that progress on this directive has been slow. While during the
course of this inquiry there were amendments to the draft, it will not be
advanced until the general directive referred to below has proceeded.
General data protection directive
3.40 In its present form this general proposal provides a detailed data
protection blueprint to be followed by the EC member countries. The
relationship of these two directives is that the ISDN one applies the
general data protection principles to the new telecommunications networks.
As the Privacy Commissioner pointed out in his original submission the
proposed ISDN directive is based on the premise that -
effective protection of personal data and privacy is becoming ¾an
essential pre-condition for social acceptance of the new digital
networks®.
The Council of Europe's initiative
3.41 The third legal instrument is from the Council of Europe, a human
rights body established after World War II which formulates conventions on
human rights for ratification by its member countries. Its Committee of
Experts on Data Protection has developed "A Draft Recommendation on the
Protection of Personal Data in the Area of Telecommunications Services,
with Particular Reference to Telephone Services". The preamble to the
recommendation includes the following -
...technological developments in the area of telecommunications, in
particular telephone services, may entail possible risks to the privacy of
the user, as well as possible inhibitions on his freedom of
communications...
3.42 This recommendation sets out detailed guidelines for the use of
telecommunication networks and services. It recommends to member countries
that data protection in telecommunications be taken into account in
domestic law, and that the provisions of the recommendation are brought to
the attention of network operators and providers of telecommunications
services and equipment. The specifics of the recommendation cover both
intrusion and personal data protection issues. For example, the
recommendations include that -
o there should be no disincentives for refusing to be included in a
directory
o direct telephone marketing to a subscriber who has expressed the wish
not to receive such marketing should not be permitted
o the introduction of calling number display should be accompanied by
the ready and free availability of a blocking mechanism.
Member countries of the Council of Europe will be encouraged to adopt
these recommendations. They are expected to be finalised in the near
future.
OECD guidelines
3.43 The fourth instrument is a proposal from the Organisation for
Economic Co-operation and Development concerning guidelines for network
security. These voluntary guidelines are designed to apply across all
sectors so that they will have application in the telecommunications
industry. These are expected to be published before the end of 1992.
(See: Kirby J . Information Security - O.E.C.D. Initiatives Journal of
Law and Information Science, (1992) 25.)
Trans-border data flow issues
3.44 A particular aspect of privacy concerns the movement of personal data
from one country to another, for example, by multi-national companies.
Trans-border data flows, as such transfers of data are called, have been
of particular concern in Europe, particularly where the country to which
the data is being sent has lower standards of data protection than that in
which it was collected. These concerns have led to considerable efforts
to draw up a European-wide charter for dealing with trans-border data
flows, focussed by Europe's move towards a single market. Internationally
, this has caused concerns because it may make it more difficult for
non-European companies based in countries with lower standards of data
protection to do business with Europe. A desirable outcome of this
inquiry would be that the Australian levels of data protection in the
telecommunications sector meet European standards.
Japan{tc "Japan"}
3.45 The Ministry of Posts and Telecommunications in Japan has issued
Guidelines on the Protection of Personal Data in Telecommunications
Business. Based closely on the OECD Guidelines, the commentary on the
guidelines highlights some of the specific privacy concerns in the area of
telecommunications such as that the data subject may not be aware that
data has been collected and the retention of data in systems. Such
concerns are not unique to telecommunications. Although referred to as
guidelines, the document appears to be binding on carriers, while
providing guidance to other participants in the industry. The document
specifies the data which might need to be collected in order to provide
services and therefore the data to which the guidelines apply -
o information collected for the subscriber's contract
- subscriber's name and address
- place and type of terminal equipment and other customer
telecommunications facilities
- name and address to be billed
- account number of financial institution concerned.
o during the use of services
- type of services
- ID of calling subscriber
- ID of called subscriber
- date and time calls initiated and terminated
- duration of the calls or the data volume transmitted
- accounting period or units to be charged
o other data
- amount billed
- payment status.
Canada{tc "Canada"}
3.46 Canada has also moved to address the issues of telecommunications
privacy. The Department of Communications issued a set of five Privacy
Principles for public comment on 29 June 1992. The principles can be
summarised as covering recognition of privacy considerations, public
awareness, the maintenance of privacy at no extra costs to consumers, the
control of personal information and review mechanisms. The context of
this move includes concern about the implications of CLI based services
and recognition of the need to have stringent privacy safeguards to avoid
being disadvantaged in telecommunications trade partnerships with European
countries.
New York {tc "New York "}
3.47 In developing principles relating to the protection of
telecommunications data, the State of New York's Public Service Commission
took as its starting point the U.S. Federal Communications Commission's
open network architecture rulings. As a result the NYPSC has issued a set
of telecommunications specific principles which do not appear to draw upon
the OECD or other international guidelines. It acknowledges -
o the privacy implications of open network arrangements
o technical options for protecting privacy, for example, through
blocking which leave the control in the hands of the customer
o that individuals have different privacy expectations and should be
offered choices, both with regard to incoming and outgoing
transactions. Where a service compromises privacy levels a telephone
company should provide a means of restoring the lost privacy on a
cost-free basis, but customers seeking premium privacy protection
should cover or contribute to the cost of that.
.c.Do telecommunications privacy issues require a special approach?{tc
".c.Do telecommunications privacy issues require a special approach?"}
3.48 The telecommunications industry has a number of characteristics which
make it special and which need to be taken into account in designing a
approach to the resolution of telecommunications privacy issues, eg -
o its global nature
o high infrastructure costs
o rapidly developing technologies
o a range of participants.
3.49 These characteristics are not unique to telecommunications. In
differing degree they are shared by other industries and enterprises. The
broadcasting and public communications industry shares many of these
characteristics and there is in fact a convergence of technologies which
will accelerate as broadcasting technologies become interactive.
Multi-national companies involved in expensive research may allocate
different parts of a large project to its subsidiaries in different parts
of the world sharing the characteristics outlined above. Where some
confusion may arise is that other industries which share some of all of
these characteristics may be using the telecommunications networks for
their data flows and transfers of personal information. Using
telecommunications means for conveying personal information does not by
itself comprise an issue of telecommunications privacy. In such cases the
telecommunications network may be being used as the conduit for the
information, but equally the same issues would have come up if the mail or
a private courier service had been used. Even if a fax machine is used to
transmit sensitive medical information, that is essentially an issue for
the medical companies concerned; it is not a telecommunications issue.
3.50 While the telecommunications industry has the above special
characteristics, they are not unique and do not necessarily call for
telecommunications specific privacy regulation. Certainly the capture and
use or misuse of personal information is by no means unique to the
telecommunications industry - all that is special is that technological
developments in the telecommunications industry mean that such information
may be captured and used more quickly than in some other industries.
AUSTEL's concern in exploring the issues and recommending an approach is
largely related to timing. These issues are becoming more urgent, and
industry-specific solutions are better than a long delay while an overall
solution is put into place. These issues are also canvassed in Chapter 4.
The global nature of the telecommunications industry.
3.51 The development of trans-national digital networks and associated
value added services enable vast amounts of information to be collected,
stored and accessed electronically across national boundaries.
3.52 If individual countries develop disparate laws, regulations and
administrative regimes to deal with privacy issues, the growth of
telecommunications services and other industries may be impeded, either
because a country with high levels of data protection places obstacles in
the way of transfer of information to a country with low levels, or
because the lack of consistent levels of data protection produces
substantial administrative difficulties. But this danger is not unique to
telecommunications personal data - it applies equally to data that might
be collected about an individual's health or finances. These
considerations relate to trans-border data flows discussed above.
3.53 The approach that is developed in this country needs to take account
of the levels of privacy protection being implemented in other countries,
especially those with which we have significant telecommunications
traffic. In order to enhance Australia's international competitiveness -
AUSTEL recommends that the level of data protection in the
telecommunications industry be set by reference to relevant international
standards, such as those established by the Council of Europe.
High infrastructure costs
3.54 Any regulation of telecommunications privacy issues must recognise
the high costs associated with the development and installation of
telecommunications networks. If it does not, there is a danger that the
introduction of new services may be stifled or that the unpredictability
produced by regulatory delays or shifts may act as a disincentive to
investment. This is not to say that underlying principles and policies
should be set aside: arguments of infrastructure and investment costs are
often based on speculative assumptions and need careful examination.
Rapidly developing technologies
3.55 In an industry as dynamic as the telecommunication industry, a
regulatory framework that focuses on technologies is likely to become
redundant very rapidly.
3.56 Accordingly, any framework to regulate telecommunications privacy
issues should focus on general principles that apply to services that
might be supplied rather than on the technologies that deliver those
services.
AUSTEL recommends that the framework to regulate telecommunications
privacy issues focus on general principles that apply to services that
might be supplied, rather than on the technologies that deliver those
services.
A wide range of participants
3.57 The telecommunications industry touches everybody in the community to
a greater or lesser degree. Participants in the industry include -
o manufacturers and other equipment suppliers
o carriers
o service providers
o users, including both large commercial organisations and individual
consumers
The degree to which these participants can be reached, or ought to be
reached, by regulation varies considerably. What is appropriate for a
carrier, operating under a licence, and what is appropriate for a small
business operating in a technological niche are quite different. This
factor makes the design of an approach to telecommunications privacy more
complex.
3.58 While the telecommunications industry has the above special
characteristics, they are not unique and do not necessarily call for
telecommunications specific regulation. Certainly the capture and use or
misuse of personal information are not unique to the telecommunications
industry - all that is special is that technological development in the
telecommunications industry means that such information may be captured
and used more quickly than in some other industries.
AUSTEL recommends that -
o measures to control the capture and use of personal data by means of
telecommunications networks or services should have regard to, and be
consistent with, general principles or laws governing those matters
o divergences from, or additions to, general principles or laws
governing privacy issues should occur only where the
telecommunications industry is demonstrated to be unique or at least
so special as to require telecommunications specific treatment.
3.59 Such a case might be made in respect of things only a
telecommunications network or service may deliver, eg -
o unsolicited telephone calls
o telemarketing
o unsolicited or junk faxes
o some aspects of Calling Number Display
CHAPTER 4
AN AUSTRALIAN APPROACH TO TELECOMMUNICATIONS PRIVACY ISSUES
The existing privacy framework 4.2
Possible alternative approaches 4.11
Why not leave the existing framework alone? 4.12
Amendment to the existing framework 4.14
Should section 88 of the Telecommunications Act 1991 be
amended? 4.15
Should the Privacy Act 1988 be amended? 4.20
A new approach 4.26
A voluntary co-regulatory model 4.28
Status of the proposed Telecommunications Privacy Committee 4.29
Terms of Reference for the Telecommunications Privacy
Committee 4.31
Committee Membership 4.37
Sub-committees of the Telecommunications Privacy
Committee 4.48
Funding of the Telecommunications Privacy Committee 4.51
Review of the Committee's Activities 4.53
Guidelines and codes of practice 4.54
4.1 This chapter covers -
o the nature of the existing Australian approach to privacy issues
o possible avenues for addressing the issues of telecommunications
privacy
o a description of the voluntary co-regulatory approach that AUSTEL is
recommending. Voluntary co-regulation means an approach that brings
together industry participants such as the carriers and service
providers, consumer bodies and relevant government agencies in an
environment that fosters proactive cooperation as an alternative to
formal regulation.
The existing privacy framework{tc "The existing privacy framework"}
4.2 The existing privacy framework is provided by the Privacy Act 1988.
This Commonwealth legislation establishes the position of a Privacy
Commissioner and gives to that office some powers to audit and require
Commonwealth government bodies to observe the Information Privacy
Principles (detailed in Appendix 7) which are derived from the Privacy
Guidelines of the Organisation for Economic Co-operation and Development
(OECD).
4.3 While the major part of the act applies only to government bodies,
parts of the Privacy Act do apply to the private sector. The Privacy
Amendment Act 1990 established requirements which apply to private sector
organisations relating to the handling of data on the credit records of
individuals. The Privacy Commissioner is authorised to encourage
compliance with the Information Privacy Principles guidelines through the
private sector, as well as overseeing the compliance of federal government
bodies with these guidelines. While Telecom was once regarded as a
government body, since its merger with OTC to form AOTC it is only subject
to the Act to the extent that any private company is. The same applies to
Optus. The Privacy Act 1988 is general legislation without specific
application to telecommunications.
4.4 Avenues for individuals or organisations which believe their privacy
has been breached under the common law can be expensive to use and at best
offer redress rather than protection. Breaches of privacy in the area of
telecommunications may be relatively small ones, like the unauthorised
release of a phone number to a third party, and not the kind of grievance
that should be taken to court.
4.5 Specific legislation relating to telecommunications in terms of the
disclosure, information handling and privacy is laid down by section 88 of
the Telecommunications Act 1991. It reflects similar provisions in
earlier legislation that imposed duties on the employees of Telecom, OTC
and AUSSAT not to disclose the contents of communications that came to
their knowledge because they were such employees.
4.6 Section 88, set out in full in Appendix 8, creates a criminal offence
if an employee, or former employee, of a carrier discloses or uses any
fact or document that relates to -
o the contents of a communication carried by the carrier or in the
course of such carriage
o telecommunications services supplied to another person by the carrier
o the affairs or personal particulars (including an unlisted phone
number or address) of another person
and that came to the employee's, or former employee's, knowledge or
possession because he or she is, or was, an employee of a carrier. The
penalty for breach of the provisions is imprisonment for two years.
4.7 The Explanatory Memorandum for the Telecommunications Bill 1991
states in relation to section 88 that -
The application of the offence to the 'use' of a fact or document is a
considerable extension of the prohibition and is included to give effect
to Information Privacy Principle 10 in section 14 of the Privacy Act
1988.
[The Information Privacy Principles are set out in Appendix 7].
4.8 The section also creates a number of exemptions to the disclosure
prohibitions, eg -
o disclosure made in the performance of a person's duties as an
employee of a carrier
o disclosure made as a witness summonsed to give evidence or to produce
documents
o disclosure to the police, fire brigade or ambulance where there has
been an emergency call
o disclosure of information relating to the affairs or personal
particulars of a person in circumstances which the Explanatory
Memorandum states -
... are consistent with those in paragraph 3(c) of Information
Privacy Principle (IPP) 11 in section 14 of the Privacy Act
o disclosure authorised or required under a Commonwealth, State or
Territory law or the common law, which the Explanatory Memorandum
states -
... is consistent with paragraph 1(d) of IPP 11 in section 14 of the
Privacy Act
o disclosure reasonably necessary for the enforcement of the common law
or a law imposing a pecuniary penalty or for the protection of the
public revenue, which the Explanatory Memorandum states -
... is consistent with paragraph 1(e) of IPP 11 in section 14 of the
Privacy Act.
4.9 The exemption provisions in the earlier legislation that applied to
Telecom, OTC and AUSSAT are extended by section 88 of the
Telecommunications Act 1991 to include a new exemption for disclosure to -
o another carrier
o a supplier of eligible services
The extension is necessary because the carriers (AOTC and Optus) and
suppliers of eligible services interconnect their networks and facilities
and supply services over one another's networks. The exemption allows a
carrier, say AOTC, to give information to a service provider about the
calling customer's number. While the service provider legitimately
requires such information for an immediate purpose associated with
providing a telecommunications service, namely, billing its customers,
there are considerable privacy implications related to this, which are
discussed in Chapter 5.
4.10 As well as the Privacy Act 1988, section 88 of the Telecommunications
Act 1991 and common law avenues, there is some State legislation relating
to privacy and some international conventions by which Australia is bound
which include privacy considerations. These do not directly affect the
area of telecommunications privacy.
Possible alternative approaches {tc "Possible alternative approaches "}
4.11 In broad terms, there are three possible approaches to the issues of
telecommunications privacy which were canvassed in the draft report -
o do nothing, on the grounds that the available evidence suggests that
there are not serious breaches of privacy or levels of intrusion
o amend some part of the existing legislative framework to give better
coverage of the area. This could involve either section 88 of the
Telecommunications Act 1991 or the Privacy Act 1988
o develop a new approach, and provide a framework outside either
section 88 or the Privacy Act.
Why not leave the existing framework alone?{tc "Why not leave the existing
framework alone?"}
4.12 It is true that current levels of abuse appear to be low. The
evidence of breaches of privacy relate to unauthorised access to, and
trade in, information and to interceptions rather than the kinds of
breaches that could occur in the provision of services, such as
telemarketing or Calling Number Display. For example, the report of the
Independent Commission Against Corruption in New South Wales pointed to
some examples of trade in silent telephone numbers. Nevertheless no
commentator or submitter to AUSTEL's inquiry recommended leaving the area
entirely alone and many were specifically supportive of the suggestion
that pre-emptive action would make a more limited intervention effective.
4.13 The current relative low level of abuse of telecommunications privacy
in Australia compared with some other countries means that measures to
address the issues may be less draconian than they might otherwise be - a
less costly educative voluntary regime may succeed where it would not if
Australia were faced with individuals having entrenched interests in
maintaining what others perceive as an abuse of their privacy.
Amendment to the existing framework{tc "Amendment to the existing
framework"}
4.14 The draft report sought comment on whether section 88 of the
Telecommunications Act 1991 should be amended, either to incorporate all
of the Information Privacy Principles or to extend the limitations on
disclosure from their present reference to the employees of carriers to
the employees of service providers, service providers themselves and
carriers. As well, some respondents raised the suggestion of amendments
to the Privacy Act 1988.
Should section 88 of the Telecommunications Act 1991 be amended?{tc
"Should section 88 of the Telecommunications Act 1991 be amended?"}
4.15 A number of the respondents to the draft report including the Privacy
Commissioner were opposed to the suggestion that section 88 be amended to
reflect all the Information Privacy Principles. The Privacy Commissioner
wrote -
...I have grave doubts as to whether the Information Privacy Principles
should be incorporated into the body of Commonwealth criminal law in the
way that s. 88 currently seeks to do. These Principles were drafted on a
different set of assumptions about how they would be applied...
My view is that s. 88 represents a misconceived approach to the issue of
giving individuals a reasonable means of protecting their privacy in the
new telecommunications environment. To develop s. 88 in the way
contemplated in the draft report would, in my view, compound the error.
4.16 The Attorney-General's Department's response to the draft report
largely concurred with the Privacy Commissioner's views. It stated that -
...section 88 of the Telecommunications Act as it currently stands is not
in itself an adequate privacy protection mechanism because it protects
only against inappropriate use and disclosure of personal information and
because it does not provide a suitable complaints mechanism for
individuals. We are also of the view that section 88 should not be
amended to reflect all the IPPs. It is inappropriate that the protections
supplied by the principles embodied in the IPPs be enforced by means of a
penal provision in a statute.
4.17 The Australian Direct Marketing Association also expressed
reservations about incorporating the Information Privacy Principles into
section 88.
Section 88 of the Telecommunications Act is precise... The Privacy
Information Principles are not precise. Including them in the
Telecommunications Act would lead to unnecessary imprecision and dilute
the power of section 88...
4.18 AUSTEL agrees with the Privacy Commissioner, the Attorney-General's
Department and the Association that amendment to section 88 to incorporate
the Information Privacy Principles would not be an effective way to
provide privacy protection to individuals.
4.19 Another option canvassed in the draft report was to expand the
coverage of section 88 from the employees of carriers, to service
providers, their employees and to carriers. As observed in Chapter 2, an
amendment to extend section 88 to service providers has been introduced.
Should the Privacy Act 1988 be amended?{tc "Should the Privacy Act 1988 be
amended?"}
4.20 The option of an amendment to the Privacy Act 1988 was not canvassed
in the draft report, but arose out of the comments made by some
respondents. One reason for not canvassing it was that AUSTEL is only in
a position to suggest that an amendment to the Privacy Act 1988 should be
considered by those responsible for the Act. Another reason was awareness
of some of the problems of using the Act as a vehicle to address concerns
with telecommunications privacy -
o generally, the Privacy Commissioner has jurisdiction over
Commonwealth government bodies only. Neither AOTC nor Optus is such
a body. The Commissioner's role is therefore limited to that of
encouraging the carriers to observe the Information Privacy
Principles.
o the role of the Privacy Commissioner in dealing with other
participants in the telecommunications industry, eg - companies
providing telecommunications services or those using the network as a
marketing tool or to provide other services is limited to encouraging
conformity with the Information Privacy Principles.
o except to the extent that it may deal with the use of data captured
through intrusive means by Commonwealth Government bodies, the
Privacy Act 1988 does not encompass intrusion issues which are seen
by many people as at the heart of telecommunications privacy.
o the Information Privacy Principles, while based on the OECD
Guidelines which were designed to be applicable to both public and
private sectors practices, are not particularly easy to translate
into practical guidelines for those involved in the
telecommunications industry.
4.21 As mentioned, AUSTEL has given more thought to the issue of amendment
of the Privacy Act 1988 because of the comments of respondents and
submitters . For example, the Privacy Commissioner said -
Short of creating an entirely new agency, it seems to me that an enhanced
Privacy Commissioner's jurisdiction represents a logical way of addressing
[a system of oversight of privacy concerns]... It may well be that an
acceptable approach could be found in that regard by allowing AUSTEL a
more substantial or steering role in that area, the details of which could
be worked out.
4.22 AOTC also raised the idea, suggesting that either section 88 or the
Privacy Act could be a vehicle for some basic controls on re-use of
personal information, such as might occur if a retailer were to make use
of Caller Number Display and reverse directories to follow-up inquiries
made of it or to compile a mailing list.-
Either s. 88 of the Telecommunications Act 1991 or the Privacy Act 1988
should be amended to cater for the privacy concerns arising from possible
re-use of personal information passed to end users of the
telecommunications network.
4.23 AUSTEL sees problems in the suggestion of achieving this effect
through the amendment of section 88 of the Telecommunications Act 1991 :to
incorporate Information Privacy Principle 10 relating to limits on the use
of personal information into the Act. Such an amendment could turn
everybody in Australia into a potential offender subject to penal
provisions. The alternative suggestion of amending the Privacy Act 1988
to a similar effect may be a more appropriate approach. That would avoid
the difficulty of section 88 currently carrying penalties that are
inappropriate to the offence of re-use of personal data by end-users and
builds on the precedent of the recent extension of the Commissioner's
jurisdiction to the private sector in respect of credit reporting
requirements. An appropriate amendment to the Privacy Act 1988 applying
to re-use of information by end-users could give clear guidelines to the
industry and consumers and would allay many of the fears people have
expressed about what might happen with more widespread access to
telecommunications generated personal data.
4.24 Such a restriction would also address what has been identified as one
of the major privacy shifts underlying the introduction of services based
on the marketing of data generated by telecommunications transactions. As
William Dutton, professor in the Annenberg School for Communication at the
University of Southern California recently (1992) wrote -
Telephone services have never been completely private. The telephone
operator knew who called them, if not what was said. But it is different
now. One difference is that there is less accountability. The telephone
company was responsible for maintaining the confidentiality of a call.
Now, responsibility will be diffused to any individual or company
involved.
4.25 Given that the telecommunications industry is special but not unique
and that similar factors such as ease of transmission of information and a
range of industry participants arise in the credit reporting industry, it
may be argued that there is a case for widening the scope of the Privacy
Act 1988 to enable the Privacy Commissioner to have a role in overseeing
the collection, storage and use of data , whether it be done by a
Government body or by a private enterprise. If the scope of the Privacy
Act 1988 were to be so extended, AUSTEL would endeavour to ensure that any
telecommunications privacy framework was consistent with it.
AUSTEL recommends that consideration be given to extending the scope of
the Privacy Act 1988 beyond its current focus on government agencies to
enable the Privacy Commissioner to oversee the collection, storage and use
of data by private companies generally.
A new approach{tc "A new approach"}
4.26 The proposed amendments to the Privacy Act 1988 to extend its scope
to the collection, storage and use of data by private companies generally
may, however, not be implemented quickly enough to avoid
telecommunications specific intrusion and data privacy issues that have
been identified as giving rise to concerns overseas becoming problems in
Australia. Also, such amendments would more likely than not provide only
general guidance as to the principles that would have to be applied by way
of industry specific codes to the collection, storage and data use
practices within particular industries.
4.27 Accordingly, whatever the timing and nature of the outcome of the
recommendation to amend the Privacy Act 1988 , some form of industry
specific approach would appear to be required to address
telecommunications intrusion and personal data privacy issues.
A voluntary co-regulatory model{tc "A voluntary co-regulatory model"}
4.28 This proposed model is based on -
o overseas trends
o the characteristics of the telecommunications industry (as set out in
Chapter 3)
o the premise that resolution of specific intrusion or personal data
privacy issues peculiar to one sector of the industry may require
more than general principles or broad guidelines
o Australia being in a position to address telecommunications intrusion
and personal data privacy issues before they cause problems as have
occurred overseas and before interested parties in Australia develop
entrenched attitudes on how the issues might be addressed
o experience since the inception of this inquiry that the various
parties have reached a level of understanding of each other's views
such that there is a willingness across the industry to give
resources and commitment to a voluntary approach
o general acceptance of the concept of a Telecommunications Privacy
Committee as suggested in the draft report.
AUSTEL recommends a voluntary industry/government co-regulatory approach
based on a Telecommunications Privacy Committee representing the interests
of consumers, users, the industry and relevant government agencies.
Status of the proposed Telecommunications Privacy Committee{tc "Status of
the proposed Telecommunications Privacy Committee"}
4.29 As the proposed Telecommunications Privacy Committee -
o may deal with matters beyond AUSTEL's legislative mandate (eg -
general fair trading issues such as the "cooling off" period that
should be included in a telemarketing code of practice)
o outputs may require implementation action by persons other than
AUSTEL (eg - the Privacy Commissioner)
o is intended as a service to the telecommunications industry generally
and its consumers, in particular, rather than just advising AUSTEL in
the performance of its functions,
it is proposed that the Committee be "with but not of AUSTEL. That is,
subject to AUSTEL securing the necessary financial and human resources for
the purpose, AUSTEL would service the Committee but because the
Committee's proposed charter would be broader than an advisory committee
established under section 53 of the Telecommunications Act 1991, the
Committee would have an independent chairperson.
AUSTEL recommends that subject to additional funding being made available
for the purpose, the Telecommunications Privacy Committee be with but
not of AUSTEL and that AUSTEL service the Committee.
4.30 The establishment of such a committee would not preclude the use of
legislation, or other means, to control specific abuses which may be
identified. For example, the Committee may advise AUSTEL that a specific
service or piece of equipment is causing concern and recommend that its
use be limited in some ways. This advice may, in turn, form the basis of
a recommendation by AUSTEL to the government that legislation be enacted
to deal with the specific situation. The co-regulatory model does not
exclude other solutions. Ultimately, failure by industry participants to
operate within the proposed co-operative system may lead to more rigid
forms of regulation.
Terms of Reference for the Telecommunications Privacy Committee {tc "Terms
of Reference for the Telecommunications Privacy Committee "}
4.31 The following proposed terms of reference for the Telecommunications
Privacy Committee are based on responses to AUSTEL's draft report which
specifically sought comment on the issue.
Having regard to -
o the OECD guidelines
o the Information Privacy Principles contained in the Privacy Act 1988
o the provisions of the Telecommunications Act 1991
o the need to balance the free flow of information in the use of
telecommunications networks, services and equipment and the public
interest in the protection of personal data, privacy issues,
the Telecommunication Privacy Committee shall -
o within three months of establishment provide a general set of privacy
guidelines and policy for the telecommunications industry, which
takes account of carriers, service providers and users generally
o provide appropriate guidelines within three months of issues arising
in relation to a new product or service
o advise relevant government agencies on any implications its proposals
may have in relation to legislation administered by those agencies
o recommend to relevant government agencies that they take appropriate
action
o encourage the development of effective codes of practice with
appropriate monitoring and enforcement mechanisms within the
telecommunications industry, preferably within six months of the
Committee first raising the need for a code with the relevant
industry sector
o either approve or provide comments and advice on draft codes of
practice submitted to it within two months of receipt
o form sub-committees, as appropriate, to consider specific issues and
to report back promptly These sub-committees may include persons who
are not members of the committee
o monitor the implementation of and the adherence to codes of conduct
o liaise , as appropriate, with the Telecommunications Industry
Ombudsman concerning the operation of codes of conduct and any
complaints received by the Ombudsman in relation to matters the
subject of the codes
o provide to AUSTEL by the end of each calendar year a written report
on the operation of the Committee and such other reports as the
committee deems necessary;
AUSTEL recommends -
o the Telecommunications Privacy Committee be responsible for -
- the identification of general privacy principles applicable to the
telecommunications industry
- the development of specific guidelines where necessary
- encouraging relevant industry and community groups to develop codes
of conduct which reflect the general privacy principles and specific
guidelines
- the approval of codes of conduct which meet appropriate standards,
including effective monitoring and enforcement measures.
4.32 The proposed terms of reference cover most of the suggestions made by
respondents to the draft report. AUSTEL is grateful to those respondents
who made detailed suggestions about the terms of reference. A common
theme in the suggestions was the need for effective enforcement mechanism
for the proposed codes of conduct. For example, AAP lists as a key term
recommend sanctions and manner of enforcement, ATUG refers to giving
advice on perceived breaches of the guidelines, and the Australian
Telemarketing Association mentions how to address issues of breach as
important. As can be seen from the above description, the approach to
enforcement being taken here is that a code of conduct must provide a
realistic mechanism for monitoring and enforcement.
4.33 Another point made in a few of the responses is that the privacy
guidelines must cover the area of a carrier's use of information. For
example, the suggestions from the Seymour Shire Council make specific
reference to developing specific controls and licensing of TTGI
[Telecommunications Transaction Generated Information] and the Privacy
Commissioner's recommendations include the Committee having reference to
the personal information practices of carriers and service providers as
they affect customers. This point is implied in the above terms of
reference rather than being specifically mentioned. The issue of a
carrier's handling of information and the recommendation with regard to
the development of an appropriate code of conduct are discussed at
paragraphs 3.26 - 3.32 and 7.34 - 7.39.
4.34 Adherence to international standards and principles of privacy
protection was also important to a number of respondents, particularly the
Privacy Commissioner, who suggests a preamble to the terms of reference -
containing a direction to the committee that it is to develop standards
which are generally consistent with the OECD Guidelines and to take into
account in its work international approaches to privacy and
telecommunications issues of the kind outlined in the Draft Report.
International guidelines and developments have been included in the terms
of reference.
4.35 A number of respondents referred to public awareness campaigns and
consumer information as forming an important part of the Committee's work.
This was mentioned by the Federal Bureau of Consumer Affairs, the
Australian Telemarketing Association and AOTC. This point has been
covered by making public information part of the checklist of codes of
conduct. Subject to funding, there also may be opportunities for the
Committee to be more directly involved in public awareness campaigns. The
Privacy Commissioner referred to a precedent -
"In the Credit Reporting area, good public education material has been
generated within the industry at its cost, in liaison with my office.
(One major credit provider provided a substantial contribution to the
publication of the last credit reporting brochure in return for a brief
acknowledgment.)"
4.36 AOTC raised a particular task it wants the Committee to carry out:
advising AUSTEL on the planned trials of CND. This clearly falls within
the scope of advising on new services and products, and it seems likely
that the Committee would give time and resources to that. The planned
trials of CND are further discussed in Chapter 5.
Committee Membership{tc "Committee Membership"}
4.37 Most respondents to the draft report supported the membership of the
Committee as proposed in that report, namely -
o consumer groups
o network operators
o telecommunications-based industries, such as telemarketers and market
researchers
o manufacturers/suppliers of customer equipment
o relevant government bodies
4.38 The Privacy Commissioner spelt out two possible approaches to the
formation of a committee -
The committee could comprise representatives of all the major players, in
which case it would be a large committee. This may lead to the need to
form sub committees to examine particular issues. A problem with this
approach is that some members of the committee would have no
interest/expertise in some of the issues being addressed by the sub
committees. A second approach would be for the committee to comprise a
small number of representatives from the three groups (business, consumers
and government) who are likely to have both expertise and an interest in
all the committee's deliberations. If the latter approach was adopted the
committee would need to have a strong commitment to consultation with all
the players relevant to each issue being addressed by the committee or be
in danger of producing a code which does not have wide acceptance.
4.39 AUSTEL agrees with the second approach suggested by the Privacy
Commissioner. In the interests of having a manageable and effective
advisory body it is proposed to have a committee with relatively small
numbers rather than a committee with a large number of representatives
from the various interest groups across the telecommunications sector. A
large committee may produce a cumbersome decision-making vehicle unable to
reach prompt decisions and provide timely advice. The proposed membership
of the committee is set out in paragraph 4.46.
4.40 The draft report also invited comment on who should chair or convene
the Committee. There was wide support in the submissions on the draft
report for AUSTEL to convene the Committee, with some respondents
expressing surprise that the question had been raised. Respondents
specifically supporting AUSTEL's convening of the Committee included the
Australian Direct Marketing Association, the Federal Bureau of Consumer
Affairs, AAP, the Australian Telecommunications Users Group, Seymour Shire
Council, the Consumers' Telecommunications Network, the Australian
Telemarketing Association, AOTC and Optus.
4.41 A number of groups also suggested that AUSTEL should chair the
Committee as well as convening it. However, as stated in paragraph 4.29
above, it is AUSTEL's view that the Committee should be "with but not of"
AUSTEL and that an independent chairperson acceptable to consumer and
industry groups be appointed.
4.42 Comments received in response to AUSTEL's draft report pointed to a
need to provide balance between industry and consumer representation on
the Committee. While there are many consumer organisations which have an
interest in the area, the Australian Federation of Consumer Organisations
(AFCO) represents consumers over a wide range of interests and may serve
as a peak body for consumer views on the Committee. Representatives of
the carriers, the major users of telecommunications and the equipment
manufacturers are clearly necessary to represent the industry.
4.43 Respondents to the draft report also pointed to a need to give
careful consideration to the role of government bodies on the Committee.
On the one hand, if the Committee is to have credibility as an independent
agency, government representation should not be allowed to dilute the
industry and consumer representation. On the other hand, there are a
number of agencies which, it could be argued, have functions and powers
that make their participation desirable.
4.44 Responses to AUSTEL's draft report did suggest that the
Telecommunications Industry Ombudsman be a member of the Committee and
that the Ombudsman may be a suitable independent chairperson. It is,
however, inappropriate for the Ombudsman to fulfil either role. It is not
appropriate for the Ombudsman to be on the Committee when he or she may be
called upon to judge the Committee's work when investigating a complaint
raising privacy issue. Several commentators on the draft report said that
they regarded it as inappropriate for the Ombudsman to have a policy role.
Were he or she to be the chairperson of the Committee, it is inevitable
that in giving press releases or in announcing the work of the Committee,
the chairperson of the Committee would be caught up in policy issues.
These comments do not stop the Ombudsman playing a significant role in the
work of the Telecommunications Privacy Committee. To the extent that
there needs to be input from the Ombudsman to the Committee's
deliberations, that can be arranged by way of submissions or the
Ombudsman's attendance at the Committee as required. The terms of
reference of the Committee call upon it to liaise as necessary with the
Ombudsman (paragraph 4.31).
4.45 It is intended that neither commercial nor consumer interests should
dominate the decision-making process in the Committee. Rather the members
will forge solutions to the issues that confront them, taking into account
the various viewpoints. Should this structure not provide an effective
regulatory mechanism then a less flexible regulatory structure may be
required. Each member of the Committee will have one vote where the
chairperson calls for a vote and the Chairperson should have a
deliberative and casting vote.
4.46 Having regard to the comments received in response to the draft
report it is proposed that an initial committee of 10 (including an
independent chairperson) be established as follows -
o an independent chairperson
o two representatives nominated by the Australian Federation of
Consumer Organisations (AFCO)
o a user representative nominated by the Australian Telecommunications
Users Group
o two carrier representatives, one from each of AOTC and Optus
o a representative nominated by the Australian Electrical and
Electronic Manufacturers Association
o a representative nominated by the head of the Federal Bureau of
Consumer Affairs
o the Privacy Commissioner or his representative
o a representative nominated by AUSTEL
The third mobile licensee should also be represented on the Committee when
the licensee begins its operations.
4.47 The smallness of the Committee precludes the participation of some
industry interest groups, such as telemarketers or service organisations
with a high volume of incoming calls. The intended arrangements will give
such interested parties the opportunity to participate through a sub
committee structure described below. In fact, the sub committee structure
will allow these groups to focus their participation on those issues which
have a direct impact upon them.
Sub-committees of the Telecommunications Privacy Committee{tc
"Sub-committees of the Telecommunications Privacy Committee"}
4.48 The Telecommunications Privacy Committee will have the power to
establish sub-committees for consideration of specific issues. As part of
this sub-committee structure it will be able to invite people from groups
not represented on the Telecommunications Privacy Committee to participate
in the sub-committee process. For example, if a sub-committee was formed
to consider the provision of telemarketing services then the Committee may
invite a representative or representatives of the telemarketing industry
to be part of the relevant sub-committee. Given that such groups have a
selective interest in the range of privacy-related issues, this is a more
flexible way of managing their involvement than representation on the
committee itself.
4.49 The deliberations of sub-committees will be presented to the
committee for its consideration and, as appropriate, adoption.
4.50 This structure will enable accommodation of those groups which, in
their responses to the draft report, expressed interest in being involved
in the work of the committee, such as the Association of Market Research
Organisations. Another related mechanism for involvement in the
Committee's work is outlined in the section relating to the formulation
of codes of conduct for specific industry segments.
Funding of the Telecommunications Privacy Committee{tc "Funding of the
Telecommunications Privacy Committee"}
4.51 If it is to operate effectively, the proposed Telecommunications
Privacy Committee will need financial and administrative support. AUSTEL
proposes to seek additional funding and, if agreed, support the
Telecommunications Privacy Committee for an initial period of three years,
after which it will be reviewed and evaluated as described in paragraph
4.53. Some of the activities that it is proposed that the Committee
should undertake are beyond the scope of AUSTEL's functions as set out in
the Telecommunications Act 1991, (eg - fair trading issues that might
arise in a contract between a telemarketer and a consumer). Accordingly,
it is necessary to ensure that there is government support for the
Committee and that AUSTEL is seen to be using its funds in a way that is
in the public interest.
4.52 The costs of servicing AUSTEL's advisory committees plus additional
costs related to the nature of this Committee suggest an annual budget of
$100,000 for three years (when it is proposed to review the Committee's
activities). Such funding would provide a fee to the independent
chairperson and for costs associated with convening the committee
meetings. It would also cover the costs of administrative and staff
support, which are estimated to be one person full time in the first year
to act as the secretary, reducing to part time commitment during the
second and third years of operation.
Review of the Committees Activities{tc "Review of the Committees
Activities"}
4.53 It is proposed that the Committee operate for an initial term of
three years, and that its effectiveness be reviewed at that point. AUSTEL
is concerned that the Committee make speedy and significant progress in
facilitating, approving and monitoring the establishment of a range of
industry codes. The proposed terms of reference include periods in which
the Committee should complete particular stages. A key criterion of
effectiveness will be whether a co-regulatory approach is in fact in place
at the end of the Committee's initial three year term. To that end an
independent review of the operation of the Committee should commence two
and a half years from its establishment, the findings to be presented to
AUSTEL three months before the end of the third and final year of its
operation. This review should include the following matters -
o number of industry codes, speed of creation and implementation and
their coverage of the industry
o an evaluation of the operation of the industry guidelines and the
codes of practice
o analysis of the complaints received
o a review of the operations of the committee including the impact of
the lack of a general enforcement and audit mechanism
o a review of overseas developments which may have an impact any future
structure in Australia
o level of knowledge among consumers of mechanisms for privacy
protection in telecommunications
o estimate of the costs of running of the committee and some indication
of the costs of the system borne by the industry
o recommendations as to the future regulation of the area in Australia.
AUSTEL recommends that the effectiveness of the voluntary co-regulatory
approach and of the Telecommunications Privacy Committee be reviewed in
three years against pre-determined performance indicators.
Guidelines and codes of practice{tc "Guidelines and codes of practice"}
4.54 The objective of the Committee is to set up a voluntary,
co-regulatory framework which provides detailed guidance on the various
privacy issues raised in the sector. This will be achieved, in the first
instance, by providing general industry guidelines for the protection of
privacy issues. The Committee will then invite participants in the
telecommunications sector to submit codes of practice to it. Ideally,
these codes will be developed by industry associations which represent a
particular segment of the market in consultation with consumer and user
groups.
4.55 The codes should not only reflect the privacy guidelines set down by
the Telecommunications Privacy Committee but also provide detailed
guidance on the particular issues under consideration. These codes of
practice will be submitted to the Committee for its comments and, if
appropriate, approval. While the Committee's approval of a code of
practice could not give it the force of law, the Committee's imprimatur
should provide it with significant persuasive power. Also, relevant
government agencies may use a code as a basis for determining whether to
take action in relation to a complaint about a matter covered by the code.
That is, if the conduct complained of is in breach of the code, the agency
may regard it as grounds for moving against the conduct.
4.56 Once a code of practice is approved, its implementation will be
monitored by the Telecommunications Privacy Committee. This process will
ensure that the code is properly advertised by the relevant organisation
and that the organisation has set aside sufficient resources to give
effect to it. The monitoring process must take into account any
complaints which are received about the organisation or its members. The
outcome of this process will be included in the periodic reports by the
Committee to AUSTEL.
4.57 A number of commentators on the draft report queried how a code might
apply to a maverick or company operating in a particular area of the
industry which is not a member of the relevant association and which does
not observe the code. It will be up to the relevant industry association
or organisation putting forward the code of conduct to bring the
mavericks into the ambit of their code as far as possible. That
suggests that the education campaign that will be part of the
implementation of the code will need to be directed to the wider industry
as well as to consumers. At the same time, the existence of the Committee
and the prominence it should give privacy related issues will make this
task somewhat easier for the industry association. It will also be open
to that organisation to bring specific problems relating to the code to
the Committee to see if there is some way in which assistance can be
given. The bottom line is that if there are too many complaints about a
particular segment of the industry, the conclusion to be drawn is that the
voluntary co-regulatory approach has not worked.
4.58 It is important that voluntary codes are not mere window dressing or
a device to deflect more formal regulations. The codes of practice must
provide a detailed and effective means of self-regulation of the areas
they cover. To this end, the following checklist, based on a recent OECD
report (Tucker, G. "Privacy and Data Protection - Issues and Challenges"
), may serve as a useful point of reference -
1. Form
-
the code should make positive statements which indicate a commitment to
the adoption of proper privacy protection principles. Mere descriptive
language is not sufficient.
2. Substance
-
the code should be tailored to the sector/company concerned and not merely
recite general
principles of privacy protection.
3. Level of Detail
-
the code should deal with the privacy
protection issues confronting the relevant sector/company and other
interested parties.
4. Transparency
-
the code should be written in simple language
readily comprehensible to participants
(including consumers) in the relevant sector.
5. Implementation
-
the code should provide for an implementation procedure within the
sector/company so that there is no doubt as to the style and manner
of protection offered. Part of this process is the nomination and
declaration of an officer or officers to take responsibility for this
domain who would have the duty to report regularly to the appropriate
management body. Management should be careful to ensure that the
establishment of this internal position does not lead to the
isolation of the relevant officer from the files and procedures of
the firm. This would have a reverse impact to that which is
intended.
6. Review
-
the code should provide for a means of review of its terms from time
to time in order to make an assessment of their relevance and, where,
necessary, to make appropriate changes. This is a recognition that
market conditions, like technological change, may warrant a
reconsideration of the terms of the code. It may include soliciting
public comment and these comments might be taken into account when
the review process is undertaken.
7.Control/Enforcement
-
the code should be underpinned with some means of control or
enforcement of its terms. This may be legislative, contractual or
administrative and it should provide consumers or other interested
parties with some means of redress for a breach of the terms of the
code.
8. Consumer awareness
-
the code must receive publicity by the sector/company so that
consumers are aware of their position.
4.59 The danger that a code may not represent a genuine attempt to
undertake reform and is just window dressing is also addressed by having
the Telecommunications Privacy Committee play an overseeing role in
relation to the development and implementation of the codes applying the
checklist.
4.60 Industry segments and companies wanting to have an approved code of
conduct might also negotiate a suitable complaints handling mechanism with
the Telecommunications Industry Ombudsman. The position of the carriers
who fund the Ombudsman's office will need to be clarified, but neither
carrier has objected in principle to the Ombudsman playing such a role.
The mechanism may be that the industry has its internal complaints
handling process and that if that does not succeed in a particular
instance, the complaint is forwarded to the Ombudsman, or it may work in
reverse, so that complaints go to the Ombudsman in the first instance and
that office refers them to the relevant industry body and monitors the
process of resolution. In this context it is relevant to note that the
Market Research Society of Australia, which has a long-standing code of
conduct, adherence to which is written into the contracts its members
enter into with clients, has offered to receive complaints referred by the
Ombudsman. Whatever the complaints handling mechanism might be, it will
be important that the level and severity of complaints can be
independently audited.
4.61 It would also be appropriate for the codes to be discussed with the
Trade Practices Commission which may authorise a code of conduct that is
not anti-competitive in its effect.
4.62 There are a number of Australian examples of the use of codes of
practice or conduct at industry level. Since 1986 there has been an
industry code of practice in relation to electronic banking and consumers.
This model set up a series of guidelines which the issuers of credit and
debit cards used as a minimum standard when developing their own set of
conditions of use. These conditions of use which form the basis of the
contracts for electronic banking services between the card issuers and
consumers were submitted to a supervisory body which provided comments as
to their acceptability and conformity with the industry code. An
interesting means of enforcement has been used in this situation whereby
the conditions of use adopted by the issuers of the electronic banking
services warrant that they reflect the provisions of the general
guidelines. Accordingly, should the conditions of use not reflect the
terms of the guidelines, this may constitute misleading deceptive conduct
under to section 52 of the Trade Practices Act 1974. In this way the
consumer is reassured that protection complies with the terms of the code.
4.63 The Council of Europe has also recognised that codes of practice may
be drawn up by industry representatives and provision has been made in the
recent draft recommendations on the protection of personal data in the
area of telecommunication services, with particular reference to telephone
services (Strasbourg, 19 March 1992). It is further recommended that
codes of practice receive the approval of the relevant authorities. (See
draft explanatory memorandum to the draft recommendation, p. 4). The
European Commission also recognises that codes have a role to play in the
protection of data as it included a provision in the draft general data
protection directive encouraging their use (See Proposed directive for the
protection of personal data, article 20). Both of these provisions are
set in the context of a formal data protection structure.
4.64 AUSTEL's approach also bears some similarity to the Dutch experience.
In that system, prior to the enactment of its data protection legislation,
industry codes of practice were encouraged and actively developed. Once
the legislation was developed, the existing codes of practice were
required to receive the formal approval of the data protection authority.
If this was not done then the authority had the power to recommend
regulations to apply to that sector. In this way, the detail and
relevance of the codes of practice are assured.
4.65 AUSTEL is not placing the codes into a legal framework as in the
Dutch model, but it is setting up a process, through the operation of the
Telecommunications Privacy Committee, that will ensure the production of
workable, effective codes of practice.
4.66 This approach to the codes of conduct should allay reservations
expressed by some respondents to the draft report. The ultimate answer to
these reservations is that the voluntary co-regulatory approach is being
given a chance to work and a specific time in which to do so. Mechanisms
for evaluating its effectiveness and the willingness to use formal
regulation if unsuccessful are an integral part of the framework that is
recommended.
CHAPTER 5
CALLING LINE IDENTIFICATION/CALLING NUMBER DISPLAY
The issues 5.1
Deferral of the introduction of CLI based services 5.2
What is Calling Line Identification? 5.4
CLI based services 5.6
CLI and ISDN 5.9
Overseas experience of CLI based services 5.10
United States of America 5.11
Canada 5.14
Europe 5.17
Japan 5.18
Overview of overseas perspectives 5.19
CLI, emergency services and blocking CND 5.20
Options for the provision of Calling Number Display 5.22
The Case for Opt Out (Per Line Transmission with Per
Call Blocking ) 5.31
The Case for Opt In (Per Line Blocking with Per
Call Transmission) 5.35
Nuisance and harassing calls 5.39
Opt In v Opt Out and the commercial viability of CND 5.44
The principle of informed choice 5.65
Trialing CND services 5.77
Public awareness campaign 5.80
Service provider issues 5.87
The issues{tc "The issues"}
5.1 Issues central to the inquiry are -
o whether Calling Line Identification (CLI) or CLI based services pose
a threat to an individual customer's privacy
o if there is such a threat, how it might be handled without depriving
other customers of the benefits of CLI and CLI based services
o what is the best way for customers to make an informed choice.
Deferral of the introduction of CLI based services{tc "Deferral of the
introduction of CLI based services"}
5.2 A major factor in holding the inquiry was AOTC's intention, expressed
in an internal discussion paper which it made available to AUSTEL in
September 1991, of introducing CLI based services progressively from
around March 1993 for its AXE exchanges and from around September 1992 for
its System 12 exchanges.
5.3 AOTC has now indicated that it will not introduce CLI based services
that raise privacy issues, until those issues have been resolved. Its
response to the draft report states -
AOTC recognises that there are a number of potential privacy concerns
arising from the introduction of Calling Number Display (CND). Based on
emerging information, AOTC considers that at least some of these concerns
may arise regardless of the mode of deployment of CND ...
For this reason, AOTC does not propose to proceed with the introduction of
CND at this time.
AOTC does, however, consider that the privacy concerns associated with the
introduction of technology can be adequately addressed, or will diminish
over time, permitting successful introduction of CND....
As outlined in AOTC's original submission to this Inquiry, AOTC has a
strong commitment to ensuring the highest standards of privacy, consistent
with the Corporation's excellent record on privacy related issues.
In line with its commitment to taking account of privacy concerns, AOTC
has carefully considered the privacy aspects of the implementation of CND
and related products to its customers (ie., beyond the carrier network
boundary ...) This assessment process, including the instigation of
general and market research, and discussions with consumer and community
representatives, has indicated a range of consumer concerns associated
with CND and related products. AOTC's analysis and conclusions in this
regard are broadly in line with those of AUSTEL, and have resulted in AOTC
recognising that it would not be appropriate to introduce CND on a
universal basis at this time.
What is Calling Line Identification?{tc "What is Calling Line
Identification?"}
5.4 Calling Line Identification is data that is generated at the time a
call is established. In general, when a telephone call is made through
parts of the network with the technical capacity information is passed
within the network about -
o the called party's phone number
o the calling party's phone number
o the time of day
o the duration of the call
o the routing of the call.
5.5 CLI is integral to the operation of telecommunications networks and
the provision of a range of services. It facilitates efficient traffic
management, route selection and billing and enables more effective
information management systems to be established. The sharing of CLI
between carriers is mandatory under the General Carrier Licences held by
AOTC and Optus because it is essential to the introduction of long
distance service competition. In a competitive long distance environment
a particular call may be carried on networks operated by different
carriers and service providers. For example, where a company in Adelaide
chooses Optus as its long distance carrier and makes a call to Sydney,
AOTC carries the call to the nearest point of interconnection with Optus,
Optus carries the call from that point to the point of interconnection in
Sydney nearest to the called party and then hands the call back to AOTC
for delivery through the AOTC's Sydney local loop to the called party.
Without the passage of CLI, Optus would be unable to identify and bill the
Adelaide company. Service providers may also likewise require CLI to bill
their customers.
CLI based services{tc "CLI based services"}
5.6 CLI also makes possible a range of new products or services some of
which provide certain network information to customers. Because network
information includes personal data about calling and called parties,
services based on making that information commercially available raise
privacy issues.
5.7 Services which utilise CLI information include -
o Calling Number Display (CND, known in the United States of America as
Caller ID). Subscribers to this service receive the phone number of
the calling party on a liquid crystal display on their phones while
the phone is ringing (provided the calling party has not blocked it
and there is no technical impediment to sending it). CND has been a
central issue in this inquiry.
o Calling Number Display Mask or Block. This allows the calling party
to block the CND from delivery to the called party but it is not a
service in the sense of something that people have to pay for. AOTC
intends to offer CND with both per call and per line blocking
available at no charge. In this AOTC's approach has been different
from that of some American telephone companies which have resisted
offering line blocks or have sought to charge for blocking. Blocking
is explained in paragraphs 5.24 - 5. 26.
o Call Return, which allows a customer to instruct the network to dial
the number of the last person who called the customer. This service
would not however be available where the caller blocked his or her
CND. Although AOTC's submission says "the person returning the call
is not informed of the number which is being redialled", the
capacity to store and retrieve numbers varies with different customer
equipment and Call Return may give rise to issues similar to Calling
Number Display. This service also raises some privacy issues.
o Selective Call Diversion. Allows calls from numbers chosen by the
subscriber to the service to be diverted to another number specified
by the subscriber. Non-selective call diversion has been available
for some time.
o Selective Call Rejection. Allows calls from particular numbers to be
rejected and diverted to a recorded voice announcement.
o Ad Hoc Call Trace allows a customer to instruct the network to trace
the last call and forward the information to AOTC. It should be
noted that the information about the caller is not given to the
called party, and that Ad Hoc Call Trace may be available even where
the caller has blocked the CND. This last point distinguishes it
from Call Return.
5.8 CLI based services can offer real benefits to consumers and
efficiencies for businesses. The services provide the called party with
more information and there are clear benefits in that increased flow of
information. Residential and business users can use that information to
make choices about the calls they wish to accept, reject or forward. Some
CLI based services offer better answers to harassing and malicious phone
calls than have been hitherto available. By providing mechanisms to
retrieve incoming calls made when the customer was unavailable, there is a
service to that customer, plus increased revenue opportunities for the
telephone companies.
CLI and ISDN{tc "CLI and ISDN"}
5.9 CLI information is currently available in Australia to those
subscribing to the Integrated Services Digital Network (ISDN). By its
very nature, ISDN provides its users with information about the calling
party simultaneously with voice. In Australia ISDN usage has been largely
confined to corporate users and to smaller high-tech businesses with a
particular need for its more advanced features and its information
capacities have been an explicitly recognised feature. Because the
sharing of information (similar to that provided by CND on the analogue
network) has been within a closed user group, on a mutual consent basis,
AUSTEL has not examined the privacy implications of ISDN as a separate
issue and would expect that the general principles and framework that
emerge from this report to apply to ISDN services, as appropriate, having
regard to the closed user group nature of the service.
Overseas experience of CLI based services{tc "Overseas experience of CLI
based services"}
5.10 Different terms are used for the Australian terms Calling Number
Display and CLI based services. In the United States of America, the most
common equivalent terms are Caller ID and CLASS (Custom Local Area
Signalling System) services, while in Canada, the terms normally used are
Call Display and Call Management Services (CMS).
United States of America
5.11 North America has had the longest experience of CLI based products
and services. In 1988 the United States of America's Federal
Communications Commission (which has jurisdiction where telecommunication
services cross State borders) approved the delivery of callers' numbers to
companies subscribing to toll-free number services. (Telecom provides
only part of the number in its itemised bills to subscribers to its toll
free 008 services.) Intra-State Caller ID services have been offered
since 1988 in areas of New Jersey and other districts served by Bell
Atlantic. By September 1991, 26 of 52 United States of America regulatory
agencies had made a determination on the offering of these services.
(Survey cited in Rohan Samarajiva, 'The Intelligent Network:
Implications for Expression, Privacy and Competition' in The Intelligent
Network: Privacy and Policy Implications of Calling Line Identification
and Emerging Information Services [CIRCIT] 1992). All of them had
allowed Caller ID (except Pennsylvania where it was decided that the
service would be in breach of that State's laws against wire tapping) but
with different combinations of blocking options -
o five with no blocking at all. These tend to be in the areas where the
service was first introduced when the provision of blocking options
was more difficult than is currently the case.
o three with blocking allowed for crisis centres and agencies providing
confidential services,
o seven with per-call blocking available to all customers
o three with per-call blocking available to all customers and per-line
blocking in certain circumstances
o eight with per-call and per-line blocking available to all customers.
5.12 There are also some incomplete hearings and some jurisdictions which
have not yet considered the question. The trend appears to be in the
direction of requiring more blocking options. For example, the California
Public Utilities Commission has recently ordered that the service can be
offered only if per-line blocking is made available to holders of silent
lines, and the telephone companies (GTE and Pacific Bell) have withdrawn
the proposed service on the grounds that because such a high percentage
(around 40%) of Californians have silent lines, the service would not be
commercially viable.
5.13 A 1990 USA survey into the public trust in which organisations were
held showed that telephone companies have suffered the sharpest decline in
levels of public trust of any organisation surveyed, from being the most
trusted public organisations to the fifth most trusted in a period of nine
years, (Louis Harris & Associates and A.F. Westin, The Equifax Report on
Consumers in the Information Age (Atlanta, Equifax 1990). Rohan
Samarajiva has suggested that changes in the telecommunications industry,
including the growth of competition and the aggressive marketing of CLI
based services, are rapidly frittering away the inheritance of public
trust that telephone companies had after decades of being regulated common
carriers. (The Intelligent Network: Implications for Expression, Privacy
and Competition' cited in paragraph 5.11, page 53.)
Canada
5.14 Canada also has some experience of CLI based services. Some
information provided to AUSTEL by NorTel suggests that customer
penetration rates have exceeded forecasts after one year -
Forecast Result
Alberta Govt Tel 2.2% 7.2%
New Brunswick Tel 8.0% 14.0%
Bell Canada 2.5% 10.3%
In assessing these results, it should be noted that free trials and free
supply of telephone equipment to some customers were involved.
5.15 Other figures given in the interrogatories of the Call Management
Services Inquiry in Manitoba show that the highest penetration was 15.7%
for Call Display in Quebec, with New Brunswick at 15%. Other Call
Management Services had attracted fewer customers. For example, the
highest penetration rate for a service other than Call Display was 6.5%
for Call Return in New Brunswick, with other services having penetration
rates less than that. Nonetheless, these services are of considerable
commercial value to the telephone companies. A discussion paper on Call
Management Services issued by the Information and Privacy Commissioner in
Ontario in April 1991 states -
Bell [Canada] has estimated that, with an expected third of all customers
using it, the service will generate $260 million in revenue over the next
15 years, not including the revenue from rentals of the specialised
telephones...
That is based on a rental of $4.75 per month for a private subscriber to
have one of the CMS services.
5.16 Initially the services were introduced without much controversy or
opposition, even though only limited blocking options were available. As
consumer awareness of the services has increased, there has been a more
polarised reaction. Some individuals and groups have seen real benefit in
the services. In other cases consumer groups have brought legal actions
against telephone companies and as a result the telephone companies have
been required at considerable cost to restructure the service so that
there are blocking options. There has also been cost in terms of their
relations with customers and the public. On May 4 1992 the Canadian
Radio-television and Telecommunications Commission ordered a number of
Canadian telephone companies to remove charges for blocking Caller ID.
In the decision, the CRTC acknowledged the many social benefits of CMS
since its introduction in 1990, but stated that it initiated the current
review in response to growing consumer concern over privacy. (Regulatory
Activities, Bell, May 1992 Highlights)
Europe
5.17 While French Telecom is introducing CLI based services on its
analogue network from September 1992, European countries have been
generally slower than the USA and Canada to introduce CLI based services,
except in the area of business-to-business communications. In general,
the Europeans appear to have taken the approach that to introduce the
service on analogue networks which will be replaced in the foreseeable
future is hardly worthwhile.
Japan
5.18 Japan is another country with the technological capacity to offer
these services which is deferring them. It is not certain what part
privacy-related considerations are playing in this deferment.
Overview of Overseas Perspectives
5.19 The overseas experience with CLI based services suggest that
Australia should adopt a cautious approach to the introduction of such
services in Australia. Although there are instances in which the service
has been introduced in a trouble-free way and with consumer and business
benefits, the overseas trends are in the direction of giving greater
weight to the consumer-based privacy concerns and towards telephone
companies and regulators being in conflict where companies want to
introduce the service in ways that maximise short terms commercial gains,
that is in ways which impose an expectation that CND information would be
sent.
CLI, emergency services and blocking CND{tc "CLI, emergency services and
blocking CND"}
5.20 Another CLI related issue, which attracted a significant number of
submissions, was its availability to emergency services. These submissions
raised issues with respect to the terms and technical conditions on which
CLI was to be made available to emergency services, the implications of a
spread of emergency numbers, the interests of different kinds of emergency
services, the implications of the provision of alternative numbers which
provided anonymity, the evolution of different patterns of emergency
services in particular States, the adequacy of section 88 of the
Telecommunications Act 1991 and other issues. The issues clearly warrant
more detailed investigation than is possible as sub-issues for this
inquiry. AUSTEL has therefore undertaken a separate investigation into
issues relating to emergency services - see also paragraphs 3.23 - 3.25.
5.21 Some submitters were concerned that the blocking of CND by callers
may limit the information available to emergency services through the use
of CLI. This concern can be allayed. The blocking of CND does not block
CLI. In fact, some submitters have raised the opposite concern, that is,
that callers to 000 may assume that they can report an emergency or a
crime anonymously when this may not be the case.
Options for the provision of Calling Number Display{tc "Options for the
provision of Calling Number Display"}
5.22 The privacy issues surrounding CND relate to the sending of CND, not
to its receipt. People receiving CND will have made a positive choice to
receive it, agreeing to pay a regular service charge to receive it and, in
most cases, to buy new customer equipment to enable them to receive it.
5.23 The sending of CND information does, however, raise privacy concerns,
eg -
o will people understand that information about their number is being
sent to the party they are calling?
o how will people with special needs for privacy (eg - doctors, judges,
victims of domestic violence, members of the police force) be
affected?
5.24 In the course of this inquiry, opinion has clustered around two ways
of dealing with the issue of how the sending of CND should be managed.
Both approaches give the maker of phone calls the opportunity to decide
whether or not to send their CND on any particular occasion. That is,
there is no question of forcing people to provide CND information. There
will always be a means of choosing whether to send it. This choice arises
because of the possibility of blocking CND.
5.25 There are two ways of blocking CND, per call and per line.
o Per call blocking means that the maker of the phone call would choose
not to send CND for a particular call and would activate that choice
by dialling a particular code.
o Per line blocking means that CND does not appear when calls are made
from a particular phone line because it has been configured at the
exchange not to send CND.
5.26 Blocking CND prevents the number appearing on the phone of the called
party. It does not prevent the information being collected and stored in
the network, that is, blocking of CND does not block CLI.
o Tracing threatening, obscene or malicious calls will be possible even
if the caller has blocked his or her CND.
o Information will be available to 000 emergency services about the
origin of a call even when the caller has blocked the CND (provided
that this enhancement to 000 is operating in the particular area).
5.27 The two approaches to managing the sending of CND are -
o per line transmission with per call blocking, also referred to as
"opt out" (because in the ordinary course of events the customer's
number will be displayed unless the customer makes a conscious
decision to "opt out", or not have his or her number displayed)
o per line blocking with per call transmission, also referred to as
"opt in" (because in the ordinary course of events, the customer's
number will not be displayed unless the customer makes a conscious
decision to "opt in" and have his or her number displayed).
5.28 Per line transmission/per call blocking (opt out) means that the
customer's line would be configured in such a way that CND would normally
be sent whenever technically feasible. Only if the caller made a specific
choice not to send it on a particular occasion and took appropriate
action, would it not be sent. That is, opt out refers to a situation in
which the caller's telephone number is forwarded to the called party
unless the caller opts out and blocks the number.
5.29 Per line blocking/per call transmission (opt in) means that the
customer's line would be configured in such a way that CND would normally
not be sent. Only if the caller made a specific choice to send it on a
particular occasion and took appropriate action would it be sent. That
is, opt in refers to a situation in which the caller®s number is not
delivered unless the caller opts in.
5.30 The options are not mutually exclusive. If per line transmission
with per call blocking (opt out) became the norm or default approach,
customers could still explicitly choose to have their own line configured
for the per line blocking with per call transmission (opt in) option.
Similarly, if per line blocking with per call transmission (opt in) became
the norm or default, customers could have their line configured for per
line transmission with per call blocking (opt out) by specifically
requesting this option.
The Case for Opt Out (Per Line Transmission with Per Call Blocking ){tc
"The Case for Opt Out (Per Line Transmission with Per Call Blocking )"}
5.31 The draft report gave examples of the arguments and advocacy of those
individuals and organisations supporting per line transmission. These
arguments can be summarised as follows -
o the blocking options give ample opportunity to callers to block their
CND when they specifically require that, without allowing for
frivolous or automatic denial of identifying information to the
called party. Opt out is the best balance between the privacy needs
of the called and calling parties.
o Opt out preserves the commercial viability of the service for the
carriers and thereby makes available to consumers the advantages of a
value-enhanced telephone network.
o Opt out creates business opportunities, for example, for equipment
manufacturers, businesses which receive a high volume of incoming
calls and entrepreneurs who can develop different kinds of devices
for storing, manipulating and using the information provided by CND.
5.32 Although AOTC has recognised the privacy concerns of CND to the point
where it has decided to delay introduction of the service, it remains
hopeful that delay will enable the privacy concerns to be resolved so that
CND might be introduced on an opt out basis. In its response to the draft
report, it has sought the identification of indicators or conditions which
would need to be satisfied in order for CND to be introduced on an opt out
basis.
5.33 Optus, while pointing out that it is dependent on AOTC's provision of
CND, also maintains its strong preference for the opt out approach.
Optus rejects the narrow, single dimensioned view which many submitters
have taken of CND services as constituting a threat to privacy. Optus is
concerned that the debate about the introduction of CND services has
centred on an analysis that opt out is ¾anti-privacy® whilst opt in is
¾pro-privacy®...
Optus considers that insufficient recognition has been given to the
significant enhancement of the privacy of called parties which CND
services provide...
Optus remains of the view that if the ¾opt in® approach is adopted, CND
services will not be introduced in Australia. As a result, Australia's
telephone system will have less added value than systems in other major
markets overseas and customers will be denied the ability to know who is
calling before answering their telephone. Such a result is not synonymous
with the public interest.
5.34 Other responses to the draft report emphasise commercial and economic
advantages to the opt out approach. Equipment suppliers, Alcatel and
NorTel, both made submissions to that effect. Alcatel's response pointed
out the opportunities for Australian industry that may exist if a strong
domestic base is fostered by opt out CND, while NorTel believes that
AUSTEL should avoid any regulatory disincentives to CND services in order
to speed the advancement of this underlying infrastructure [that is,
Common Channel Signalling]. Some responses put forward the view that the
opt in approach gives a kind of veto power to those who are too lazy or
uninterested to make a choice (AAP, ATUG and Michael Doyle), while the
Department of Transport and Communications makes the point that Optus have
made above, that it is opt out that respects the privacy needs of the
called party.
The Case for Opt In (Per Line Blocking with Per Call Transmission){tc "The
Case for Opt In (Per Line Blocking with Per Call Transmission)"}
5.35 The draft report also summarised the arguments in favour of the opt
in approach -
o individuals have a right to control the giving out of personal
information about themselves and it is the opt in approach which more
certainly preserves that
o the people who are least likely to be able to make use of the
blocking options in an opt out approach are those who are
disadvantaged, for example, by lack of knowledge of English, social
isolation or age etc
o opt in protects the privacy needs of some groups and organisations,
such as holders of silent numbers, callers to confidential
counselling agencies, professional or law enforcement workers who may
be put at risk by people knowing their home phone number or address,
and victims of domestic violence.
5.36 A number of organisations and individuals reiterated their support
for per line blocking with per call transmission in the responses to the
draft report and there were some submissions from organisations which had
not submitted previously. Some organisations concerned with women's
vulnerability to violence supported opt in. For example, the Women's
Information Switchboard expressed a preference for the opt in position in
order to -
protect women and children in shelters who have been victims of domestic
violence from compromising the anonymity and security of the shelter...
5.37 A few submitters were concerned about a future in which opt out meant
that an expectation of being provided with CND information had become
established. Myles Ruggles of CIRCIT argued -
The per-line transmission with per-call blocking configuration is ...
inadequate. Per-call blocking creates the potential that automatic number
release (and perhaps further personal information in the future) may
become the social norm, because the default status of number release would
give rise to a suspicion of harmful intent if withheld.
5.38 Other points made in support of the opt in position in the responses
to the draft report were that there had been insufficient attention given
to the implications of storage, manipulation and transmission of data
gained through opt out CND (Consumers Telecommunications Network) and that
there was an element of pressure in opt out -
There is no reason why AUSTEL should be involved in providing a
guaranteed or ¾captive® market to carriers. (Seymour Shire Council)
and similarly -
Do we really want CND or is it just the carriers telling us we need it?
(Telsol)
Nuisance and harassing calls{tc "Nuisance and harassing calls"}
5.39 An argument in favour of the opt out position is that it
significantly reduces nuisance and harassing calls and is therefore of
great benefit to the many people distressed by such calls. It has been
argued by those supporting this position that the opt in default
establishes a kind of de facto right to make anonymous calls.
5.40 AUSTEL does not discount the serious impact of nuisance and harassing
calls on their recipients. Individuals' desire to have more information
about the people placing calls to their phone is a legitimate reason for
choosing to buy the CND service when it is offered and for choosing to
send that information themselves when making calls. AUSTEL strongly
supports individuals having an opportunity to make such choices and
regards the greatly improved call tracing capabilities of CLI as a
significant advantage. It is also aware that the introduction of Caller
ID in American States has led to a decline in reports of such calls. A
pamphlet from Illinois Bell reports -
In New Jersey, Caller ID has reduced customer complaints about abusive
calls by nearly half.
5.41 Nuisance calls, however, do not justify the imposition of an opt out
system on phone users as a whole - even with the provision of blocking
facilities. CLI technology offers ways of dealing with this problem other
than transferring the responsibility to the recipients of such calls. One
of the CLI based products available is a call trace service. It would
mean that after receiving an objectionable and anonymous call, the
recipient could key in a code which would cause the network to record the
originating phone number. That is done using network CLI, rather than
CND; therefore, the originating number can be recorded even if the caller
blocked it. (In this way it is similar to calls made to enhanced 000.
These will be identified using network CLI and customer data bases rather
than CND and so can be identified even where callers have blocked.) The
recipient of the call, under existing AOTC policy, would not be provided
with that phone number. Rather AOTC could use that information to pursue
prosecution or to send a warning to the offender.
5.42 Some consumer groups in the United States have argued that the use of
Caller ID (CND) as a mechanism for dealing with objectionable and
threatening calls constitutes telephone companies offering less service to
their customers, not more -
Before the advent of new technology, call trace was considered by the
phone companies to be part of the basic service for which there was no
extra charge.
¾It was unwieldy. It took a long time to get it installed. You had to keep
a log of all your calls, But the service was unbilled, part of the phone
company's obligation to monitor the network,® [Mark] Cooper [Consumer
Federation of America Research Director] said. ¾Now that they have a new
and very potent technology, the phone companies are trying to take it out
of basic service and profit from it,® he said. (CFA News March 1991)
5.43 Other points have also been raised against seeing CND or Caller ID as
the answer to obscene calls. Rohan Samarajiva said in his presentation to
CIRCIT's Conference on the Intelligent Network in December 1991 -
Caller ID is not very useful in providing a lawful and effective response
to the real problem of obscene and harassing calls. The called party
cannot identify the obscene or harassing caller®s name and address without
accessing a reverse directory or calling back the deviant caller and
asking for the information...The information that an obscene or harassing
call was made at a particular time can be recorded on the Caller ID
display device, but that information is likely to be of minimal
evidentiary value since the machine was under the control of the aggrieved
party and in any case does not indicate what the call was about.
Opt In v Opt Out and the commercial viability of CND{tc "Opt In v Opt Out
and the commercial viability of CND"}
5.44 The section of the AUSTEL draft report which canvassed the issue of
the commercial viability of the CND service turned out to be a
controversial one with some responses arguing that it was not up to AUSTEL
to take any interest in questions of the profit that carriers may make,
while others argued that it was unreasonable of AUSTEL to put forward an
argument about commercial viability on such slender evidence.
5.45 While the receipt of responses from two manufacturers gave AUSTEL an
additional perspective on the issue of the commercial viability of CND, if
one or other of the blocking options were adopted, the responses generally
did not advance AUSTEL's consideration of the issue. That is, the
responses were of necessity largely speculative in that they did not have
hard information based on Australian experience upon which to advance
their case for or against either option. The absence of such information
should be remedied by AOTC's proposed trial of the service. AUSTEL
reserves its position until such time as further information is available.
In the meantime the views of submitters are summarised below for the
record.
5.46 Two commercial issues were considered in the draft report-
o firstly, whether carriers could afford to offer CND services on an
opt in (per line blocking/per call transmission) basis.
o secondly, whether business that see potential uses for CND in
enhancing the services they offer their customers (ie - by making use
of their customers' displayed numbers) would make the necessary
investment if CND services were offered on an opt in (per line
blocking/per call transmission) basis. It is claimed that such
businesses would need the larger percentage of CND that the opt out
(per line transmission/per call blocking) approach is likely to
deliver before making the necessary investment.
5.47 Responses to the draft report covered both these points. The second
point was extended to the important area of opportunities for manufacture,
supply and export of CLI capable customer equipment for both the
householder and the business markets. Responses were received from two
equipment suppliers, NorTel and Alcatel, both submitting that there were
significant opportunities for Australian business and that ways of
resolving the privacy concerns needed to be addressed if these
opportunities were not to be lost.
5.48 Opinions were divided on whether commercial viability should be
taken into account. There were more responses arguing that commercial
viability of the service for the carriers and other areas of the
telecommunications industry would be in real risk if the service were to
be provided only on an opt in basis.
5.49 The Communications Law Centre, while agreeing with AUSTEL's position
in the draft report that a convincing argument for the commercial benefits
of CND had not been put forward, said -
We do not oppose AUSTEL considering any further submissions about the
economics of CND. However, the simple question of whether consumer CND
will be more or less viable on an opt in or opt out basis is not the
central issue for AUSTEL. Rather, AUSTEL should consider whether the case
has been made for a social or national benefit resulting from CND above
and beyond the commercial benefit to AOTC.
5.50 On the point of whether it would be worthwhile for the carriers to
operate the service in an environment in which consumers were given a
choice as to whether to send their CND, the draft report had mainly
considered the capital costs, that is, the cost of the technology. Some
responses pointed out the significance of marketing and administrative
costs. For example, the submission from NorTel said that the costs of the
technology -
typically represent only some 15% of the cost of any new service being
delivered to customers. Other costs such as maintenance, operations,
sales, marketing, end user support etc contribute the bulk of the
financial burden.
5.51 AOTC made similar points to those made by NorTel. AOTC also
indicated that -
o it would bear the cost, which it estimated at between $4 - $6 to
change a customer's default configuration from opt in to opt out, or
vice versa
o it had concerns about the cost of an open ended public awareness
campaign.
5.52 Optus argued vigorously about the viability of the service for
carriers if customers have to be persuaded of the merits of sending their
CND -
In Optus' view, AUSTEL's assertion that the carriers could drive CND
services towards viability through active promotion amongst customers is
flawed. CND is the type of service whose advantages must be immediate and
apparent to customers who subscribe to it. A partially effective service
is likely to be viewed by customers, and reported to other customers, as a
¾dud®.. The initial subscribers will inevitably find and report the
service as defective, and word-of-mouth from them will undermine the
carriers' promotional campaign.
5.53 Optus provided information from BellSouth on the effect of blocking
options on take up rates in support of their argument. A marketing
research study asked the question, If no numbers could be blocked from
Caller ID, would you be more likely to subscribe, less likely to
subscribe, or would it make no difference?
Business
Residence
Customer Type
Takers (Definite)
Takers (Likely)
Non-Takers
Takers (Definite)
Takers (Likely)
Non-Takers
(number)
28
80
294
59
204
547
More likely
16
18
33
18
53
57
57%
23%
11%
31%
26%
10%
Less likely
3
17
34
9
34
82
11%
21%
12%
15%
17%
15%
No difference
9
41
220
28
106
375
32%
51%
75%
48%
52%
69%
Don't know
4
7
3
7
17
5%
2%
5%
3%
3%
No answer/refused
1
4
16
2%
2%
3%
5.54 This table supports Optus' contention that blocking hurts the take up
rate but it does not answer a point made by Professor Dutton below
(paragraph 5.74), that even if a majority wanted CND, that would not
extinguish the concerns of the minority. Further, these figures do not
support
a contention that a majority want CND. Of the 1212 people covered in the
survey, only 87 or 7% were definite takers of the service. It is clearly
true that it would be easier to sell receipt of CND if it came with a
guarantee that phone numbers of callers would be provided 70% or even 100%
of the time. But marketing ease is largely irrelevant to those such as
the Communications Law Centre who look for benefit above and beyond a
carrier's commercial gain. In any event, AOTC has recognised that consumer
concerns need to be addressed before introducing CND.
5.55 There are also the capital or technological costs to be considered.
AUSTEL understands that the major capital expenses in delivering CLI based
products (including CND) are -
o the data centres at the subscriber stage of local exchanges
o the upgrade of local exchange software
o specific upgrades to ARE exchange software, in order to give blocking
options to customers whose phones are connected to these exchanges.
5.56 On the information presently available to AUSTEL, the cost involved
in these investments is not great compared to the costs that AOTC must
necessarily incur in extending CLI through the system, . The real cost to
the carriers would appear to lie in expanding the penetration of CLI
throughout the network and this expansion would be expected to occur
irrespective of whether CND is offered as a service to customers. That is
because CLI is required for carrier-to-carrier billing and to enable
carriers and service providers to bill their own customers. The
introduction of CLI based services - of which CND is only one - offers the
carriers an opportunity to recoup some of the costs of CLI and, as the
response to the draft report from NorTel points out, a chance to generate
a revenue flow that supports the rapid deployment of network
modernisation.
5.57 Those that argue for the status quo to remain until a customer has
made an informed choice also argue that if the carriers want to maximise
their investment in CLI by offering CLI based services, they should do so
in a manner that would persuade customers of the benefits of those
services so that customers would, of their own volition, choose the
carrier's preferred opt out (per line transmission/per call blocking)
approach. It may mean that -
o the spread of CLI based products (including CND) is slower than it
might otherwise be
o the carriers may take longer than they might otherwise to maximise
their investment in CLI,
but it would be consistent with the principle of informed choice.
5.58 On the second major issue of commercial viability, the business
applications and opportunities offered by CND can be divided into three
groups -
o opportunities for equipment manufacturers and suppliers in fulfilling
the demand for CND capable phones and other equipment making use of
CLI based services
o applications by businesses that make use of the information supplied.
Various examples were suggested in the submissions, some on a
commercial-in-confidence basis. Examples include faster response to
telephone inquiries, lead generation through the use of inbound
telemarketing, and security-based applications.
o business opportunities based on the caller being able to use his or
her CND as authentication.
5.59 Alcatel and NorTel made responses to the draft report that stressed
the potential benefits of the equipment opportunities. Alcatel wrote -
we believe Australian industry can be uniquely positioned to develop and
manufacture telephones which exploit CND ahead of such products appearing
elsewhere in the world.
Alcatel asks that AUSTEL cooperate in a market trial of CND which would
include a trial of the customer equipment. AUSTEL welcomes the concept of
a trial and would cooperate with it until such time as it would be
appropriate to transfer that responsibility to the proposed
Telecommunications Privacy Committee.
5.60 The submissions that dealt with the business opportunities afforded
by using CND information were generally vague about the specific
applications of CND and did not address the question whether these
applications needed a very high level of automatic sending of CND to
operate or be viable. In meetings with some submitters, it transpired
that there were often simpler ways of achieving similar outcomes. For
example, when there were queues of callers to a busy company, interactive
recorded messages might work better than capturing the callers' number and
ringing back. It was often said that the answering machine already
provided most of the benefits promised by CND. Some respondents and
submitters were concerned that the most obvious business application, the
re-processing of CND from in bound telemarketing calls (for example, calls
to 008 or 0055 numbers) for marketing purposes is contrary to the OECD
Guidelines which say information should only be re-used with the express
consent of the data subject.
5.61 VitalCall, a company which runs a medical response scheme, sees great
advantages in the autodiallers that their clients use revealing the CND
since in conjunction with a reverse directory it will confirm the location
of the person needing emergency attention. VitalCall points out that this
requires the CND to be available from the phones their customers may use.
5.62 The business opportunities in the third group are largely in a
conceptual stage. Myles Ruggles of CIRCIT suggested that such
applications are more likely to get off the ground if the service is
configured in a way that maximises individuals' control over the release
of their personal information, ie -
For commercial transaction through networks (or anywhere else) to be
completed, parties do need verifiable information about one another... For
individuals and organisations to freely entrust carriers with the
information needed to perform these services, carriers must enjoy an
unimpeachable status as a trusted third-party 'honest broker'... A
starting point, in the present context, would be to offer a CLI service to
Australians which preserves their control over the personal information
disclosure, while demonstrating the carriers' good-faith intentions with
respect to privacy interests. CLI should therefore be offered with a
default blocking configuration, an ACR (Automatic Call Rejection) option,
and a per-call unblocking option, with per-call charges attached to both
options, and a per-line charge for the CLI service...On the foundation of
a CLI service configured in this way, additional services could be
developed to enable customers to store various types of information in the
network, and to selectively release it on a call-by-call basis.
5.63 Mr Ruggles is building on a Modest proposal to accelerate the
information economy, reduce credit card fraud, break the Caller ID
deadlock, and make almost everyone happy put forward in the presentation
by Dr Rohan Samarajiva cited above. Dr Samarajiva argued for a situation
in which telephone companies would release CLI based information to third
parties when the caller so authorised -
...the proposal is for the telcos to build on their existing and unique
strengths to provide a key infrastructural element of the electronic space
now taking shape over the networks controlled by them. All present and
future inhabitants of electronic space will win because of the reduction
of uncertainty and risk affecting their transactions. Individuals will
win because their privacy rights will not be sacrificed at the altars of
authentication and market research. Firms that do business on the network
will see business boom. The telcos will win by occupying the most pivotal
position in this information economy with enormous growth
potential...because they will be doing what they know how to do best,
providing common carrier services.
5.64 The draft report contained a section on technical issues which
explored the privacy implications of CLI based services being introduced
in a network with a variety of capabilities of sending and receiving CND.
While in view of AOTC's decision to delay the introduction of CLI based
services, these issues do not need to be addressed in detail, it is worth
flagging them for consideration when the decision to introduce CLI based
services is taken -
o how will calls from public payphones be treated? It seems desirable
that such calls be identified as coming from a payphone.
o will it be possible to distinguish between blocked calls and calls
from phones not able to deliver CND? (This question may be
irrelevant, depending on the degree of modernisation achieved by that
time.)
o what will the override codes be? This issue is being addressed in
AUSTEL's Numbering Plan and the proposal is that *31 would allow CND
to be sent, while *32 would block it. Having different codes will
mean that consumers can be clear whether they are sending or
blocking. A single override code which reversed whatever was the
normal configuration of the phone has the disadvantage that people
might not know which option they were choosing if using a phone not
their own.
The principle of informed choice {tc "The principle of informed choice "}
5.65 Much of the debate has centred on whether the phones of customers
whose local exchange supports sending CND should be configured so as to
send or block CND in the normal course of events. This debate appears to
AUSTEL to be wrongly based on the premise that a decision should be made
on behalf of the majority of consumers irrespective of their individual
preferences. A blanket opt out or opt in decision (even where over-rides
are available) removes decision-making power from individuals. AUSTEL is
of the view that -
o customers should be given the opportunity to understand these
services and then to choose how their phone should be configured
o the premise would be wrong whether it is a telephone company or a
government agency that made the decision on behalf of consumers.
5.66 At some stage both carriers, AOTC and Optus, will give their
customers an opportunity to decide whether they choose to buy receiving
the CND product. AUSTEL believes that customers should also be able to
choose whether to send CND, even though the sending of CND is not
something for which there would be a charge.
5.67 That is, AUSTEL believes that the principle of informed choice
should guide the introduction of the Calling Number Display service, and
any other CLI based service that raises privacy concerns. The weight of
informed is that people must be given an adequate opportunity to
understand how the service is going to work, and how it will affect them
given their particular circumstances. The weight of choice is that
there should be an explicit customer choice process: it should not be
assumed that people have chosen to send their CND because they have not
taken steps to stop it.
5.68 The grounds for this belief are -
o informed choice is a basic principle. Where people have participated
in a choice and know that they have exercised a personal influence,
there is less likely to be subsequent adverse reaction
o the corollary to that is that where people do not get a choice, they
may feel they have been coerced or denied a voice and that is likely
to have an adverse effect on their perceptions of the carrier. It is
possible to see a non-participatory opt out decision being perceived
as one group of people being forced to provide information to another
group of people who are well off enough to pay for it. Equally a
non-participatory opt in decision could be seen as a paternalistic
decision to deprive people of the advantages of a new service
o the process of informing people about the new service has intrinsic
benefits regardless of outcome. Telecommunications is a dynamic
industry both in its structure and its technology and keeping
consumers informed about the new choices and complexities is a
significant challenge. In the process of an information campaign,
people would have a chance to reach a better appreciation of the new
technologies and the implications of the competitive structure of the
industry
o people pay for the telephone service, and should therefore be able to
exercise choice about how that service is delivered to them.
AUSTEL recommends that the principle of informed choice should govern the
introduction of Calling Line Identification based services, particularly
Calling Number Display.
5.69 Putting principles into practice is not a straightforward process and
there may be differences among interested parties about what steps would
be involved in ensuring that customers have an adequate opportunity to
inform themselves and to make a choice. The Telecommunications Privacy
Committee will be in a position to clarify this by supervising the
development of a code of conduct which covers these points. This code of
conduct would be developed primarily by the carriers acting as a
sub-committee in the process described in Chapter 4, although other
interested parties would also participate in the formulation of the code.
To be acceptable to the Telecommunications Privacy Committee, the code
would have to meet the standards set out in the checklist in paragraph
4.58.
5.70 In developing this code, a relevant consideration will be what has
been done in other areas in which consumers have been asked to make
choices regarding their telecommunications services. One example is
preselection, that is the nomination of the normal long distance
carrier. There the carriers have agreed that important considerations
that underlie this process include -
o the need for customers to exercise their choice with full knowledge
of the service offered by both carriers
o protecting the proper rights and expectations of customers, including
their rights to privacy and to freedom of choice. (Joint Announcement
of Telecom Australia and Optus Communications, 15 November 1992,
Progress made on Phone Pre-Selection Agreement).
These points establish the need in the preselection process for a public
information campaign to make clear what will be the effects of the various
options people might choose. The points also apply to the introduction of
CND, and the code to be developed under the auspices of the
Telecommunications Privacy Committee should reflect them. Also, the
customer preselection choice mechanism principles agreed between AOTC and
Optus provide, in effect, that a customer who does not exercise a choice
in favour of Optus will be deemed to have preselected AOTC. That is, the
principle in the preselection context is that where a customer does not
exercise a choice, the status quo pertains. That principle might apply
equally to customers who do not choose to have their number displayed to
the persons they call.
5.71 Other relevant considerations include consumer response in a
carefully designed and monitored trial of CND, holding surveys, assessing
people's reactions to and understanding of a 000 emergency service that
delivers calling party information to the operator, as well as working out
what kind of campaign is needed to reach an adequate portion of the
population.
AUSTEL recommends that -
o the Telecommunications Privacy Committee supervise the development by
the carriers and other interested parties of a code of conduct that
will ensure that customers have the opportunity to make an informed
choice
o the code make provision for -
- a public awareness program
- the default option where a customer does not make a choice.
5.72 After there has been an explicit opportunity for people to choose
whether they send CND from their phones, there will be a percentage of
people who have not exercised a choice and a decision will need to be made
about how their phone is to be configured. The decision should relate
only to those people who have not exercised a choice. While AUSTEL is of
the view that the principle of informed choice should govern whether a
customer sends or blocks CND, it hopes that many individuals would in fact
decide to configure their phone lines so that CND would be sent except for
those occasions when they expressly did not want it. Many people deciding
to send their CND by choosing the opt out option will mean a free sharing
of information and will give opportunities to equipment manufacturers and
business people to enhance services and products. If the percentage of
people not choosing is high the decision about how their phone is
configured becomes significant. The code of conduct should make provision
for this decision, that is, it should provide guidance on the default
option.
5.73 In its draft report, AUSTEL supported a default option that people
not making a choice ought to have their phones configured to have a per
line block (opt in). The grounds for this were -
o that the general and natural expectation is that where people have
not made a choice the status quo will continue. On the information
currently available to it, AUSTEL endorses this expectation and
considers that the status quo should be retained in respect of those
customers who do not make a choice, ie - the default option should
be that customers who do not make a positive choice to permit their
numbers to be displayed should not have their numbers displayed.
o AUSTEL agrees with submissions made by some consumer and public
interest groups that the people who may not make a decision are
likely to be those who are disadvantaged and less able to understand
the implications of the new services by reason of language
difficulties, age, intellectual disability, social isolation or some
other reason.
o marketing considerations do not justify putting people under pressure
to provide their personal information. It has been suggested by
carriers and by equipment suppliers that people will not pay to
receive the CND service, or will not maintain their subscription to
the service, unless the calling party's information is disclosed in a
substantial majority of cases. It is further suggested that opt out
will more readily produce that majority. The reasoning on this point
may be logical, but the premise that marketing considerations justify
putting pressure on people to disclose their information is not.
o that the privacy of the called party is not lessened by the
non-provision of CND. This point, which is based on a distinction
between privacy and intrusion, is not intended to minimise or
trivialise the reality of nuisance and harassing phone calls or to
suggest that there is some kind of right to make anonymous phone
calls. Issues related to harassing phone calls are discussed in
paragraphs 5.39 - 5.43 In an exchange of CND, the caller is
providing the called party with personal information (his or her
telephone number) so that the called party can make a more informed
decision about the intrusion represented by that phone call. The
called party's personal information is not affected.
5.74 This last point is one addressed by William Dutton in his article The
Social Impact of Emerging Telephone Services (Telecommunications Policy
July 1992). Commenting on the pro-Caller ID argument that on simple
utilitarian grounds, ...caller-ID comes out on the plus side because it
protects the privacy of the person being called, while it is argued that
the problems it raises are relatively trivial, Professor Dutton cites two
weaknesses -
First, democratic values are as deeply concerned with the protection of
minority rights as they are with majority rights...even if most people
were to want this service, it would not lessen the relevance of privacy
concerns, nor an individual's right to privacy...
Second, the utilitarian calculation often confuses two very different
kinds of privacy... Caller-ID threatens the privacy of the caller by
disseminating personal information; it protects the peace of mind of the
person being called, which is a different dimension of privacy, concerned
with intrusion.
5.75 AUSTEL is aware that there are significant industry members,
including some who will be members of the Telecommunications Privacy
Committee, whose support for an opt out arrangement for non-choosers has
been consistently stated since the inception of this inquiry. The opt out
situation will need to be given serious consideration at the time a
decision is made. AUSTEL believes, as can be seen from the points made in
above paragraphs, that there are serious objections to be answered and
overcome before opt out can be adopted, but notes that since the
publication of its draft report AOTC has indicated a willingness to trial
Calling Line Identification based products, including Calling Number
Display, during 1993 and that such a trial may generate hard information
about the general community's likely reaction to their numbers being
displayed as a matter of course. AUSTEL would want to review its
consideration of the default option in the light of any such hard
information and any other information that might be available to it at the
time a decision has to be made.
AUSTEL recommends that any proposal for a default option should be
supported by valid contemporary evidence of its public acceptability, such
as independent market research acceptable to AUSTEL and the
Telecommunications Privacy Committee. In considering the default option
the Committee should have regard to the potential social or other benefits
of CND along with the public interest in leaving consumers' existing
arrangements undisturbed unless they choose positively to alter them.
5.76 AUSTEL's position, expressed in its draft report, that is, support
for an explicit and informed choice for consumers whether they send and/or
receive CND, with opt in for those who do not make a choice, attracted
considerable comment, in particular on the following aspects -
o the suggestion of a trial of CND services, with a postponement in its
more general introduction
o the recommendation of a public education campaign
o what the default configuration should be, per line block or per
line transmission
o CND's potential to protect from nuisance and harassing calls,
o the implications of the default position for commercial viability of
CLI based services.
These comments are discussed seriatim.
Trialing CND services{tc "Trialing CND services"}
5.77 As indicated above, AOTC has decided to delay the introduction of the
CND service until the privacy concerns related to it have been more
satisfactorily resolved. It intends to undertake a trial of CND services
as a contribution to the resolution of the privacy concerns -
Telecom is committed to the concept of trial of CND and other CLI based
services. Timing of these trials is likely to be the later half of
1993...
5.78 AUSTEL welcomes the idea of such a trial, especially if it provided
information on the acceptability of different ways of offering the
service, and involved consumer advocates in the project team as well as
industry and market research people. As stated above, the information
generated by a trial could be a significant source of information for the
Telecommunications Privacy Committee in reaching a decision about the
terms on which CLI based services should be introduced. Given that AOTC
hopes that the trial will provide evidence and information supportive of
an opt out position for people who do not make an explicit choice when
given the opportunity to do so, it will be important that the trial be
designed in a way that means the information derived from it is helpful
and unambiguous. Therefore, the conditions of the trial should be agreed
between the Telecommunications Privacy Committee and AOTC and its partners
in the trial.
5.79 AOTC would be joined in the holding of such a trial by an equipment
company, which would be responsible for the switches and their software
and also for the customer equipment so that consumers could choose what
combination of service or services they wanted. Another advantage of such
a trial is that it will give both AOTC and the equipment company an
opportunity to assess the commercial viability of the service in a limited
context with contained costs.
AUSTEL recommends that -
o AOTC proceed with a trial of Calling Line Identification based
services, including Calling Number Display during 1993 - the
conditions of such a trial being agreed with the Telecommunications
Privacy Committee
o those responsible for the development of the code of conduct to
ensure customers have the opportunity to make an informed choice have
regard to the outcomes of the trial and other relevant research
results or information available at the time.
Public awareness campaign{tc "Public awareness campaign"}
5.80 As argued in the draft report, giving consumers a chance to choose
whether or not they wish to send their CND means that they must also have
a chance to understand what it means. A substantial public awareness and
education campaign, especially about the implications of sending CND,
would be a prerequisite to this approach. The draft report asked for
comment about whether carriers should be required to fund and conduct
independently supervised campaigns so that consumers will be in a position
to make an informed choice about their CND options.
5.81 Nearly all the respondents who commented on this point supported the
idea of such a campaign, including AOTC. It said -
AOTC endorses AUSTEL's conclusion on the need for a public awareness
campaign... It is considered that such a campaign is required regardless
of how CND is eventually introduced...supervision of the type implied in
AUSTEL's draft Report is unnecessary at this time, as no particular change
is proposed...
5.82 The Federal Bureau of Consumer Affairs also supported the idea,
writing that it -
recommends that the carriers be responsible for conducting and financing
a community education campaign into Caller ID and its options.
The Privacy Commissioner supports -
AUSTEL's views on the need for consumer education to ensure informed
choice. I feel that organisations such as carriers and marketers should
be encouraged to explain to consumers why they should allow their
information to be transmitted to third parties.
5.83 Other respondents supporting the awareness campaign included the
Women's Electoral Lobby, Seymour Shire Council and Consumer Affairs NSW.
This last response pointed out -
An extensive education/information campaign is clearly essential and
would appear to be in the interests of the carrier.
5.84 Some respondents thought such a campaign was a good idea, but doubted
that it would be successful. Michael Doyle, an individual respondent,
characterised it as a near impossible task but one which ought to be
attempted. Mr Doyle believes that AUSTEL is optimistic in thinking that
many customers would make a choice. Some respondents had more severe
doubts about the concept. For example, the Department of Transport and
Communications suggests a reassessment of AUSTEL's proposals regarding
CND, including the recommendation that the carriers fund a public
information program, as the cost of this program will directly influence
the commercial viability of the service. The Australian
Telecommunications Users Group is more basically opposed -
The question about possibly requiring carriers to fund education
campaigns on consumers' choices regarding CND smacks of the nanny
approach to public administration... it needs to be remembered that every
cost imposed on carriers has to be recovered from users of their services.
On this basis ATUG would be opposed to compelling carriers to conduct
independently supervised education campaigns.
5.85 The best outcome of such a campaign and choice process would be for
the highest possible percentage of customers to exercise an informed
choice and respond to the ballot. The privacy concerns primarily arise
where people do not exercise their choice or where, as has been the case
in North America, people are not given a choice and the matter is settled
by the telephone company and the regulatory authorities. It is difficult
to estimate how many consumers would in fact respond to the opportunity to
make a choice. To some extent the answer depends upon the quality and
reach of the public awareness campaign. AOTC has said that it would
expect only a low response rate, but a contrary indication is the response
rate achieved by some preselection ballots (for long distance carriers) in
the United States of America. The response rates for some areas in
Minnesota and Iowa ranged between 62% and 88% except for one response rate
of 54%. (Telephony, July 15 1985, p. 44). But no matter how good the
campaign, there would be a group of consumers for whom a decision would
have to be made, ie - those customers who did not respond to the ballot,
and these are the customers who will have to be considered in reaching a
decision on the default option.
5.86 Notwithstanding comments to the contrary and the anticipated
difficulties, generally the idea of an awareness campaign received
support.
AUSTEL recommends that prior to the introduction of Calling Number Display
and other such services the carriers should undertake a public awareness
campaign to inform the community about the implications of both sending
and receiving Calling Number Display.
Service provider issues{tc "Service provider issues"}
5.87 Although the emphasis in this inquiry has been on the provision of
CLI based services to and from individuals, there is also the issue of the
provision of CLI to service providers and businesses. In considering this
issue, it is important to be clear on the relationship between CLI and CLI
based services. CLI is the network signalling capacity, CLI based
services are a set of products developed using that capacity but packaging
the information in different ways in order to sell it to consumers. CLI
is passed around the network, but CLI based services are taken past the
network into the customer access network or local loop, using software
installed in the exchanges. From the privacy perspective, a central
difference between CLI and the consumer products based on CLI is that CLI
is passed without any action on the part of the consumer to transmit it or
block it. The consumer products, however, may be controlled by a
customer, either when the customer takes no action to stop the information
being sent or when the customer actively allows the information to be
sent.
5.88 As observed above, the exchange of CLI between carriers is a
necessary condition for long distance service competition in Australia.
Whenever a long distance call is carried on more than one network, the CLI
for that call will be passed from the originating network operator to the
subsequent one. The customer placing the call will not have the ability
to stop that happening and that exchange is necessary so that both
operators may bill their customers and manage their traffic. Issues
related to the further use that may be made of that information, (eg - for
marketing purposes) may be addressed in a code of conduct developed by
carriers to determine their information handling practices.
5.89 Similar issues arise in relation to the supply of CLI information to
service providers who may need it for billing and other management
purposes.
5.90 AUSTEL's draft report canvassed some options for dealing with the
issue of the provision of CLI to service providers. Since the publication
of the draft report AOTC has filed a National Connect service tariff
providing for service provider interconnection with it. That tariff
provides, amongst other things, that -
"CLI will be provided as part of the National Connect service ...
(Subject to AUSTEL authorisation)."
5.91 AUSTEL has authorised the provision of CLI as part of the National
Connect service on one occasion subject to the service provider -
o informing its customers that it has access to CLI information
o that neither the service provider nor its employees or agents will
reuse data provided to it by a customer for the purposes other than
those for which it was given without the customer's express consent
o CLI information gathered from callers who are not customers of the
service provider will be deleted as soon as possible and not used for
purposes the caller might be unaware, particularly, marketing or
advertising campaigns.
5.92 In authorising the service provider's access to CLI, AUSTEL noted
that the service provider agreed to be subject to a voluntary code of
conduct and to the AUSTEL's Service Providers Class Licence being amended
to include basic privacy principles.
5.93 The two main privacy aspects of a service providers' access to CLI
information are -
o ensuring that the service provider's customers understand that CLI
information about their telephone transactions is being delivered to
the service provider and that they agree to this
o the subsequent use that a service provider may make of CLI
information.
5.94 The question arises, how best can the principle of informed consent
(developed later in this Chapter) be applied to service providers' use of
CLI information? Where a service provider is dealing with customers who
have a contract with it, the answer is relatively straightforward: the
contracts should clearly explain the terms and conditions of the service,
including the use of CLI information. The contract should make it clear
that the delivery of the CLI is for the purposes of providing the service
and billing for it, not for marketing or selling information to third
parties. This limitation is in keeping with the OECD and Information
Privacy Principles related to the specification of uses and the limitation
of subsequent uses to those specified, unless there is explicit consent.
5.95 There may be instances in which a service provider receives CLI in
respect of people with whom it does not have a contract. For example, a
person who has no contract with a service provider might dial a service
provider's access code to place a long distance call. It will be up to
the service provider, not the carrier, to have in place a mechanism (eg -
a recorded voice) that informs the person that the service is not
available to a person who has not entered into a contract with it. But the
service provider will have that person's phone number as a potential
customer. In that case the CLI information should be deleted as soon as
possible (which may be after the carrier has billed the service provider
for the relevant period). Although it may be acceptable for a caller, who
has shown interest in a service, to be switched to a recorded message or
operator explaining the terms on which the service is available, it would
be unacceptable for CLI information to be used as the basis of a
subsequent marketing campaign without the caller having any chance to
consent to that use.
5.96 Amendments to the Telecommunications Act 1991 to bring service
providers and their employees within the ambit of the provisions of
section 88 relating to the handling and disclosure of information have
been introduced, and, if passed, would ensure that service providers have
the same limitations and freedoms in dealing with information as do
carriers. This is something that AOTC asked for in its original
submission to the inquiry -
...resellers and service providers should not be in a better or different
position than carriers in respect of their ability to re-use or disclose
customer information for commercial or other reasons.... In the interests
of customer understanding and confidence, it is important that to the
greatest extent possible the obligations of carriers and resellers are
identical in this context.
5.97 But extending the scope of section 88 in that way may not produce a
complete answer and there are a number of options for the provision of
more adequate privacy protection. They include -
o encouraging service providers who wish to receive CLI to formulate a
code of practice to be submitted to the proposed Telecommunications
Privacy Committee
o varying AUSTEL's Service Providers Class Licence by including a
condition requiring service providers to observe a code of practice
relating to privacy
o ensuring that the proposed Telecommunications Industry Ombudsman has
jurisdiction over service providers and may apply a sanction in the
case of a breach of privacy.
o legislative amendment to the Privacy Act 1988 so that it applies to
both carriers and service providers.
5.98 The option of encouraging service providers who wish to receive CLI
to develop a code of conduct to submit to the Telecommunications Privacy
Committee for approval has a number of advantages -
o consistency with the approach put forward in Chapter 4
o resolution of a breach at the place where it occurs
o minimal intervention consistent with achieving the desired
objectives.
o harnessing the goodwill demonstrated by service providers'
participation in the inquiry
Given the level of concern expressed by some consumer groups about the
need for privacy protection where CLI is involved, this option may be
perceived as a weak solution.
5.99 The option of varying AUSTEL's Service Providers Class Licence has
certain advantages. It does not involve another agency (either the
Ombudsman or the carriers) as an indirect means of achieving the effect
sought, but rather directly targets the groups whose compliance is wanted.
This option may, however, require amendment to section 203 of the
Telecommunications Act 1991 to make clear that privacy protection is
within the objectives of the class licence system.
5.100 The option of referring complaints about breaches of privacy to
the Telecommunications Industry Ombudsman is compatible with a voluntary
code and could also be part of a provision in the Service Providers Class
Licence. Some respondents to the draft report, however, were opposed to
the Telecommunications Industry Ombudsman playing any role in this area
because the office may lack formal jurisdiction over service providers.
It seems that service providers may participate in the scheme if they
choose, but are under no obligation. The Communications Law Centre has
said on this point -
Our earlier submissions suggested a significant role for the Industry
Ombudsman in privacy protection. Since then, the role and structure of
that body has been clarified and will mean it may not be an appropriate
place for privacy issues to be dealt with.
The Minister has proposed that membership of the Industry Ombudsman should
be voluntary for service providers. Many service providers will therefore
not be covered, let alone telemarketers. Secondly, the carriers, who must
fund the Industry Ombudsman, are unlikely to want to see it devote
resources to issues and complaints which they are unable to do anything
about.
It may be that the Communications Law Centre is taking too limited a view
of the role the carrier-funded Ombudsman could play. The AOTC response to
the draft report certainly envisages a wider privacy protection role for
the Ombudsman, and raises no objection to the provision of resources that
would be required.
5.101 The option of amendment to the Privacy Act 1988 could be a
useful way of bringing congruence into the privacy framework in Australia
and moving towards a non-sectoral approach. Such an amendment would have
a wider reach than merely controlling what service providers do with the
information they have gained from the passage of CLI, although that would
be a consequence of such an amendment. As stated earlier, AUSTEL is not
in a position to pursue this outcome, but can see merit in such an
amendment to the Privacy Act 1988.
AUSTEL recommends that -
o the Telecommunications Act 1991 be amended to remove any doubt
whether AUSTEL may vary its Service Providers Class Licence to
require a service provider receiving Calling Line information to
develop for approval by the proposed Telecommunications Privacy
Committee a code of conduct for dealing with such information
o service providers be required to observe such a code
o the code be subject to the jurisdiction of the Telecommunications
Industry Ombudsman so that the Ombudsman may receive and resolve
complaints alleging breaches of the code and, where appropriate,
recommend to AUSTEL whether it should take action under the class
licence for a breach of the service provider's obligation to observe
the code.
CHAPTER 6
UNSOLICITED TELECOMMUNICATIONS{tc "UNSOLICITED TELECOMMUNICATIONS"}
What do we mean by unsolicited telecommunications? 6.2
The nature of unsolicited telecommunications 6.3
Overseas experience 6.5
The United States of America 6.6
Europe 6.8
Off-shore telemarketing 6.9
The issues 6.10
Intrusion 6.11
Personal Data 6.15
Fair Trading 6.20
An effective complaints handling mechanism 6.32
Accommodating preferences not to receive unsolicited telecommunications
6.43
Directory marking 6.49
Preference lists 6.55
Other mechanisms for handling unsolicited telecommunications 6.64
6.1 This chapter canvasses issues related to unsolicited
telecommunications including overseas experience in relation to those
issues and looks at how -
o the voluntary co-regulatory approach proposed in Chapter 4 might
apply to resolve the issues, rather than adopting more stringent
measures that have been applied overseas
o those who prefer not to receive unsolicited telecommunications might
give effect to their preference.
What we mean by unsolicited telecommunications?{tc "What we mean by
unsolicited telecommunications?"}
6.2 This chapter focuses on "unsolicited telecommunications" in the sense
of telecommunications initiated by a business or other organisation to a
residence in circumstances where -
o the resident does not have a continuing relationship with the
business or organisation
o the object of the telecommunications is to persuade the resident to a
course of action such as buying something, making a donation or
participating in a survey.
The nature of unsolicited telecommunications{tc "The nature of unsolicited
telecommunications"}
6.3 Unsolicited telecommunications are many and varied and included
unsolicited faxes. Certainly, not all unsolicited telecommunications
involve telemarketing - market research is one obvious exception. Nor is
all telemarketing based on unsolicited telecommunications - inbound
telemarketing relies on advertising to consumers to call a number. Some
telemarketing may also be in the form of after sales service follow up
with a customer who has had a prior relationship with a business.
6.4 Technological advances in Automatic Calling Equipment such as
predictive diallers, auto diallers and a range of equipment which replace
in whole or in part an operator's involvement in unsolicited
telecommunications have the potential to increase the volume of
unsolicited telecommunications in Australia. Issues relating to the use
of such equipment are canvassed in Chapter 7.
Overseas experience{tc "Overseas experience"}
6.5 Unsolicited telecommunications issues have become much more prominent
in both North America and Europe over the past year with administration in
both continents adopting various legislative and regulatory approaches to
the emerging problems.
The United States of America
6.6 In the United States of America, the Telephone Consumers Protection
Act - a Federal law - was introduced and signed by President Bush on 20
December 1991. The intention of this law is to prohibit cold calling or
unsolicited telecommunications except in specified circumstances.
6.7 The exceptions include soliciting by registered charities, where the
consumer has given express prior consent and where there is a pre-existing
business relationship which has been fairly strictly defined. Limitations
have also been placed on the use of autodiallers. For example, it is
forbidden to ring hospital patients, counselling services and residential
lines without specific consent. The effect of those restrictions is that
autodiallers cannot be used to dial randomly or through sequences, but
will need to be programmed with specific lists. This Federal legislation
follows in the path of a wide range of regulatory actions taken by State
telecommunications agencies to control intra-State unsolicited
telecommunications.
Europe
6.8 The Council of Europe's Committee of Experts on Data Protection has
recently produced a Draft Recommendation on the Protection of Personal
Data in the Area of Telecommunications Services, with Particular Reference
to Telephone Services (see also paragraphs 3.41 - 3.42). The draft
recommendations cover the following points -
o limits on subscriber data being used for direct marketing purposes,
in accordance with the Guidelines and domestic law
o encouragement of codes of practice. In particular, domestic law or
codes of practice should apply to the time when calls may be made,
the nature of the message and the manner in which the message is
communicated. In any case directing advertising material at minors
should be forbidden
o no directing marketing of subscribers who have asked not to be
contacted. For this purpose, appropriate means should be developed
for identifying those subscribers who do not wish to receive any
advertising material over the telephone
o recorded advertising using automatic call devices to be directed only
at consumers who have consented in writing
o application of the above points to marketing messages delivered by
facsimiles.
Off-shore telemarketing{tc "Off-shore telemarketing"}
6.9 Some submitters raised the possibility of telemarketing operations
being established off-shore, ie - in countries which have standards of
data protection lower than Australia's. This is a subset of the wider
issues of trans-border data flows which is addressed in paragraph 3.44.
The issues {tc "The issues "}
6.10 From a consumer's viewpoint, unsolicited communications raise -
o both aspects of telecommunications privacy, namely -
o intrusion
o control of personal data
o fair trading issues.
Each is dealt with seriatim below.
Intrusion{tc "Intrusion"}
6.11 Many submitters perceive unsolicited telecommunications as intrusive.
They expressed views to the effect that -
o such telecommunications should not be permitted unless the called
party has given prior explicit consent
o there should be a mechanism by which consumers can indicate that they
do not wish to receive such calls.
The intrusiveness of unsolicited telecommunications is clearly a
telecommunications-specific issue.
6.12 Opinions differ whether intrusion is a privacy issue. In the
submissions made to this Inquiry, a number of people argued that
unsolicited telecommunications did not involve breaches of privacy because
no data was being collected, used or disclosed. Not surprisingly, this is
the position of The Australian Direct Marketing Association -
An unsolicited communication may have been intrusive but if it makes no
further impact or interference with the peaceful enjoyment of life it
cannot be construed as a breach of privacy."
6.13 The Privacy Commissioner, in his submission, argues in a similar
vein. AUSTEL agrees with the point made by these submissions, ie - that
intrusion is not strictly a privacy issue. While it is important to
make the distinction, and the distinction has been used in this report,
this is not to discount the significance of intrusion, nor to deny that it
is related to privacy concerns. Just as different individuals are
threatened by the disclosure of personal information to very different
degrees, from its being not important through to being life-threatening,
the impact of intrusion varies greatly. A person who lives alone and is
rarely home will experience little inconvenience, a person who works from
home or one who is elderly or infirm may be affected adversely. There is
also a connection between the personal data aspects of privacy and this
intrusion aspect where marketing lists, composed from re-used personal
data, result in an unsolicited telecommunications intrusion.
6.14 The depth of feeling about unsolicited communications and the anger
and frustration they generate are shown in the quotations, at paragraph
3.5, from submissions received by AUSTEL in response to its initial
discussion paper. If the voluntary co-regulatory approach proposed by
AUSTEL is to succeed, it must be seen to focus on the cause of that anger
and frustration. The options by which the voluntary co-regulatory scheme
may do that are listed in paragraph 6.45 and discussed thereafter.
Personal Data{tc "Personal Data"}
6.15 Commercial initiators of unsolicited telecommunications usually work
from lists of potential or likely customers. The quality, accuracy and
integrity of such lists directly influence the success or hit rate and
therefore trade in lists is a significant industry issue. Equally,
consumers are often concerned with questions of how they got onto a
particular list and how they might be able to get off it . This is not a
telecommunications-specific matter but it does have a
telecommunications-specific aspect if Calling Number Display were to get
such widespread acceptance as to enable inbound telemarketers to capture
phone numbers and compile and trade in lists.
6.16 These kinds of concerns are a small part of the wider concerns held
by some people about the collection, storage, manipulation and sale of
such personal information. It is an area that shows the tension between
sectoral and non-sectoral approaches. Only a broad non-sectoral approach
that placed limits on the re-use by both the private and the public
sectors of data gained from whatever source can really address this issue.
AOTC's first recommendation in its response to the draft report takes up
this point -
"AUSTEL should act on issues related to the reuse of personal information
obtained by end users of the telecommunications network."
"The perceived potential for re-use, or mis-use, of information received
via Calling Number Display or CND based products represents a threat which
AOTC urges AUSTEL to overcome. The ability of Australian carriers to
provide CLI based services, and possible future products and technologies,
will be restricted as customers will understandably be reluctant to
participate given the problems which have occurred in some other
countries, notably the United States, due to lack of controls in this
area. While AOTC is specifically concerned with telecommunications
transaction generated information there will be a need to address a
parallel range of issues arising from other transactions and the
on-selling of personal information and lists derived from these
transactions."
6.17 As mentioned in paragraph 4.22, AOTC suggested two possible
mechanisms for dealing with the issue of use/re-use/mis-use of personal
data captured through the telecommunications network or by end users of
the network.
o amendment to section 88 of the Telecommunications Act 1991
o amendment to the Privacy Act 1988.
These suggestions were discussed in Chapter 4.
6.18 While AUSTEL agrees with and endorses AOTC's approach and the
advantages of a broad approach for non-telecommunications specific issues,
non-sectoral action should not be a pre-condition for responding to
privacy concerns on a sectoral basis if there is immediate cause for
concern, eg - if AOTC were not to delay the introduction of Calling Number
Display until mechanisms to address its potential abuse are in place.
6.19 The re-use of information is a questionable practice under both
international and Australian privacy principles, and it may be that
businesses seeking to re-use such data could develop means to alert their
customers to this intention and to give them a chance to withdraw from the
transaction or to participate only if their data is not re-used.
Fair Trading{tc "Fair Trading"}
6.20 Fair trading aspects of telemarketing are concerned with telephone
selling practices. Buyers may be more vulnerable when offers are made to
them without prior warning. State and Territory legislation regulates
door to door sales and this may offer some protection to consumers
purchasing goods or services over the telephone, because of the principle
that the place of sale is where the buyer is located, but the adequacy of
this protection is not clear. The Federal Bureau of Consumer Affairs
advises that this legislation should be reviewed to ensure that the
protection available in door to door sales applies also to telephone
sales. The NSW Department of Consumer Affairs has issued a discussion
paper to consider whether current protection is adequate. The use of
credit cards for transactions conducted over the phone may also pose
special problems. These are neither telecommunications specific nor
privacy issues, but some submitters have raised them in the inquiry.
6.21 The voluntary co-regulatory scheme being recommended by AUSTEL may
enhance consumer protection against unfair selling telemarketing
practices. This is because -
o existing telemarketing codes of conduct already make recommendations
about selling practices. Approval by the Telecommunications Privacy
Committee has the potential to raise the status of codes of conduct
which could have a collateral effect on the parts of the codes
dealing with selling practices even though these are not
telecommunications specific.
o Voluntary co-regulation and statutory consumer protections such as
cooling-off periods or a right to cancellation after inspection are
compatible. The response of Consumer Affairs NSW to the Draft Report
makes this point -
...the provision of such a basic statutory right does not appear to
conflict with AUSTEL's proposals for the establishment of a self
regulatory scheme. In fact introduction of such a provision may
assist the operation of a voluntary code.
6.22 To the extent that the intrusion, control of personal data and unfair
trading issues are telecommunications specific and cannot be dealt with
satisfactorily by the application of general privacy principles or laws,
or by the general law, they might be dealt with under the voluntary
co-regulatory approach proposed in Chapter 4 by -
o firstly, the Telecommunications Privacy Committee developing general
principles that might apply to unsolicited telecommunications
o secondly, an industry sector and consumer sub-committee developing
specific codes for the Committee's approval.
6.23 The starting point for such a code may be an existing industry code
such as -
o the Australian Direct Marketing Association's Standards of Practice
When Telemarketing
o AOTC's document, Direct Marketing: Code of Conduct & Standards of
Practice
o The Australian Institute of Fundraising's Codes of Ethics and
Professional Conduct
o The Market Research Society of Australia's Code of Professional
Behaviour.
6.24 The task of the sub-committee would be to ensure that the code of
conduct abided by the telecommunications privacy principles as well as
meeting the specific needs of that industry and its consumers. The
checklist set out in paragraph 4.58 would be helpful in the
sub-committee's work of ensuring that the code of conduct that went back
to the Telecommunications Privacy Committee was of an acceptable standard
and specificity.
6.25 An advantage of this approach is that it will allow codes to be
tailored to particular branches of the industry, although they must all
fit in with the privacy principles established by the Telecommunications
Privacy Committee. Market researchers in particular were concerned that
they may be covered by the same code as telemarketers and that this would
be a major and unnecessary restraint on their mode of operations.
Similarly, some fundraising organisations put forward a case for exemption
from regulation in their original submission. The separate codes approach
would allow both groups to develop acceptable codes responsive to their
particular activities. The response from Optus sees the prospect of
separate codes as a workable one -
Optus could envisage a series of separate codes; for example, a
code applying to telecommunications services provided by carriers and
service providers, another code dealing with telemarketing and
canvassing, and yet another dealing with CPE [Customer Premises
Equipment]. Not all parties to one code would need to be a party to
another code if not directly involved or impacted by the latter
code...
Optus, therefore, endorses a separate voluntary industry code of
practice relating to telemarketing activities... Optus would be
prepared to work with the telemarketing industries in drawing up a
code.
6.26 Once a code of conduct has received the Committee's approval,
consumers generally must be made aware of its content and its
effectiveness must be monitored - particularly the effectiveness with
which complaints concerning breaches of the code are handled. Where
appropriate, the Telecommunications Industry Ombudsman may have a role in
that regard.
6.27 The industry associations should benefit from the greater moral
authority that comes with being part of a general sectoral approach and
the approval of a high profile Committee which is not subject to the
suspicion of being self-serving. There would also be economies and
efficiencies in the publicising of the codes, because publicity for one
code is likely to have a flow-on effect for other codes.
6.28 All codes should contain a mechanism for review and evaluation, which
should be more stringent and demanding because the Telecommunications
Privacy Committee's approval should be dependent on a hard-nosed
evaluation and because the Committee would have access to appropriate
channels if it wished to recommend a change in approach.
6.29 The responses to AUSTEL's draft report were divided on the issue
whether voluntary codes would provide a sufficient safeguard. Respondents
who answered - with varying degrees of optimism - that it was an
appropriate approach included -
o Consumer Affairs NSW: ...the promotion of a voluntary code appears
to be a reasonable course of action at this stage ... the prevailing
circumstances would suggest the possibility of success is high.
o AOTC: ...there is every reason to ensure that any AUSTEL initiative
is commensurate with the problem as it currently exists. It is for
this reason that AOTC recommends that industry-based Codes of
Practice and Preference Lists should be used to deal with any
problems that arise from unsolicited telecommunications.
o Greg Tucker, an individual submitter who has worked with the OECD in
the area of the development of privacy guidelines, supported the
approach, especially on the grounds of its congruence with European
approaches.
o the Australian Telemarketing Association believes that a combination
of a well defined and publicised code of conduct [and] an education
program for consumers and telemarketing companies should be the
initial step to ensure the benefits are achieved and the privacy of
the consumer is maintained.
6.30 Some respondents were more guarded about a voluntary approach, but
did not rule it entirely out of consideration -
o The Federal Bureau of Consumer Affairs supports the concept of a
voluntary code based around set and immutable principles which
protect the consumer's rights
o The Privacy Commissioner said it was premature to seek to assess
whether a voluntary code would be a sufficient safeguard, and that
its major failing was likely to be that it would not be effective in
helping ordinary citizens to get redress from businesses who breached
telecommunications privacy.
o The Australian Telecommunications Users Group said it is unlikely
that a voluntary code will of itself provide sufficient safeguards
against all forms of unsolicited telecommunications.
o The Communications Law Centre preferred a legislative approach and
submitted that AUSTEL, if not prepared to recommend legislation at
this stage, should at least flag an intention to review compliance
with a code, with a view to recommending legislation if necessary.
6.31 Some respondents expressed the view that a voluntary approach was
unacceptable -
o the Women's Electoral Lobby said the voluntary approach was flawed
and that precedents, such as self-regulated television advertising,
had not worked to the benefit of consumers.
o The Consumers' Telecommunications Network (CTN) is greatly concerned
that the recommendations arising out of the AUSTEL's inquiry might be
weakened by a voluntary code. Enforcement mechanisms must be
considered, it believes.
o The Seymour Shire Council does not regard a voluntary code of
conduct as an adequate way of ensuring high and consistent standards
in the telemarketing industry.
6.32 AUSTEL shares the caution expressed by respondents whether voluntary
codes will provide all the answers. It is true that the voluntary
approach will not protect against mavericks. As the Privacy Commissioner
points out, the codes will need to be well publicised and there must be a
complaints handling mechanism which offers some redress to aggrieved
consumers. AUSTEL agrees with the Communications Law Centre about
flagging an intention to review and being willing to recommend legislation
if that review shows the approach has not worked. The existence of the
Telecommunications Privacy Committee does not exclude the use of
legislation and failure by industry participants to operate within the
system of voluntary co-regulation may lead to more rigid forms of
regulation. The level of current abuse does not, however, justify a
legislative approach and resultant high levels of expenditure on
implementation and enforcement. If the voluntary approach does work,
legislative enforcement will not be necessary. If it does not work, there
should be clear evidence of the need for legislation and a clear
indication of where the enforcement efforts need to be directed.
AUSTEL recommends that -
o appropriate codes of conduct be developed by relevant industry and
community groups for approval by the Telecommunications Privacy
Committee to deal with intrusion , control of personal data and fair
trading issues in relation to unsolicited telecommunications
o separate codes of conduct be developed in respect of the different
categories of unsolicited telecommunications.
An effective complaints handling mechanism{tc "An effective complaints
handling mechanism"}
6.33 It is clear that voluntary co-regulation will not work unless there
is somewhere for consumers to take their complaints about privacy,
intrusion and other aspects of unsolicited telecommunications. The
complaints handling system must be accessible and easy to use.
6.34 While there will be no sanctions with authority from an outside
source, restraints on the behaviour of those making unsolicited
telecommunications will come from their own code of conduct and from peer
pressure. The co-regulatory approach will also strengthen the complaint
mechanism by -
o ensuring that patterns and trends in complaints will be monitored and
will form part of the evaluation of the effectiveness of the scheme.
A high level of complaints not satisfactorily resolved will be a key
indicator of the need for a more stringent non-voluntary approach
o bringing together the agencies with a charter in these areas and
promoting their cooperation. When the relevant agencies are working
together in the Committee and its sub-committees, there will be
benefits in the efficient coordination of complaints handling and the
early identification of trends and difficulties.
6.35 The complaints handling mechanism should provide for a clearly
identified single initial point of contact where consumers may take
matters related to unsolicited telecommunications, even if the initial
contact agency must refer it to another. As long as the initial contact
agency does that promptly, and takes responsibility for following through
on the action, the inter-agency approach should work well. If it does
work well, the involvement of more than one agency should be transparent
to the consumer. With such a system, all three kinds of issues related to
unsolicited telecommunications (ie - intrusion, control of personal data
and fair trading) could be dealt with under one umbrella but by the agency
best equipped to deal with the specific issue.
6.36 AUSTEL sought comment on the proposal that the Telecommunications
Industry Ombudsman should be the focal shop front single point of
contact. The tenor of the responses could be described as an agreement
with the proposal, but with recognition of the practical difficulties
involved. The central difficulty is that the Telecommunications Ombudsman
scheme is intended to deal with complaints against carriers. That is the
justification for the requirement that carriers fund the scheme. The
response from the Australian Telecommunications Users Group puts this
point clearly -
The intention in establishing the Telecommunications Industry
Ombudsman is essentially to give users an avenue for dealing with
unresolved disputes with the carriers. As such it is not considered
an appropriate avenue for dealing with all complaints about breaches
of the privacy code for telecommunications. It is ATUG's view that
consumers should refer all complaints to AUSTEL's Consumer Affairs
Branch which could, in turn, refer them to the Privacy Commissioner
or to the Telecommunications Ombudsman for alleged breaches by the
carriers, as appropriate.
6.37 From the perspective of some of the consumer groups, the problem with
the proposal to use the Telecommunications Industry Ombudsman is not so
much that it is an unreasonable imposition on the carriers, as that the
office will not have jurisdiction over service providers, far less over
users of the telecommunications network who are not service providers.
This point is endorsed by the Department of Transport and Communications
which says it has difficulty with the proposal. The Communications Law
Centre also expressed concern that -
"The Minister has proposed that membership of the Industry Ombudsman
should be voluntary for service providers. Many service providers
will therefore not be covered, let alone the telemarketers.
Secondly, the carriers who must fund the Industry Ombudsman, are
unlikely to want to see it devote resources to issues and complaints
which they are unable to do anything about...
There may, however, be a very limited role for the Industry Ombudsman in
providing a shopfront for consumer complaints raising privacy issues.
Ultimately, responsibility for enforcement of the privacy principles must,
however, rest with AUSTEL and the Privacy Commissioner.
6.38 The response from AOTC was, however, clear that the Ombudsman should
have a role in implementing the voluntary approach to the promotion of
appropriate standards in unsolicited telecommunications, although the
response does not specifically address the point of whether it is
appropriate for the Ombudsman to have the shop front role -
there are many smaller organisations which are not part of the organised
industry and which make unsolicited telephone calls, Consequently, AOTC
considers that if calls from businesses/organisations which are not
members of industry associations which subscribe to the Code of Practice
are found to be a significant source of complaint, then the TIO should
encourage those organisations to develop their own internal Codes of
Practice and Preference Lists of people who do not wish to receive
telemarketing calls.
6.39 Optus was also clear about the Ombudsman being involved in this area
-
Optus suggests that the TIO is the most appropriate body to consider
individual complaints arising under the proposed industry privacy
code.
6.40 The carriers' willingness to support an Ombudsman carrying out
functions involving complaints about unsolicited telecommunications makes
longer term sense. If the voluntary approach fails, the more stringent
solutions include some that involve carriers in high costs and exposure to
public criticism, such as the provision of a free directory marking scheme
(which is supported by some submitters and respondents).
6.41 Other respondents also saw the proposed Telecommunications Industry
Ombudsman as the appropriate body. Organisations endorsing the proposal
include the Australian Direct Marketing Association, the Association of
Market Research Organisations (which specifically mentioned its
willingness to take up complaints referred by the Ombudsman), the Federal
Bureau of Consumer Affairs (rejecting the alternative proposition that it
might have a role here), the Women's Electoral Lobby, the Consumers'
Telecommunications Network, the Australian Telemarketing Association
(which mentioned the importance of ownership of complaints from beginning
to end) and Consumer Affairs NSW.
6.42 The Privacy Commissioner points out the dangers in splitting
regulatory responsibility for privacy -
There would, I think, be less public confusion if privacy protection
responsibilities were vested in the Privacy Commissioner's office.
There is always a difficult public policy issue about whether to
proliferate privacy oversight through a series of regulatory
agencies. I am inclined to think that investing privacy protection
in a range of agencies will weaken not strengthen the actual level of
privacy protection...
Ideally the Ombudsman/Privacy Commissioner distinction which applied
between 1989 and 1992 should be preserved. The TIO if established would,
under this approach, inherit the work previously done by the Ombudsman (in
relation to billing and charging) with the Privacy Commissioner handling
data protection issues and privacy and telecom privacy matters. There
would need to be liaison to avoid double- handling, but there were no
difficulties in this regard under the old system.
6.43 The issue is whether it is better to have a central place for all the
privacy issues to go, whether or not they involve the carriers or indeed
telecommunications, or whether it is better to have a central place for
all the issues regarding unsolicited telecommunications to go. It may be
easier to work out the best approach when more of the details of the
Telecommunications Industry Ombudsman's office are clarified. It seems
certain that the Telecommunications Industry Ombudsman will play a
significant role in handling complaints about unsolicited
telecommunications, even when these are complaints about service providers
or ordinary businesses.
AUSTEL recommends that subject to the agreement of the carriers which
will fund the proposed Telecommunications Industry Ombudsman scheme, the
Telecommunications Industry Ombudsman should take responsibility for the
initial collection and collation of complaints relating to unsolicited
telecommunications, referring them to other agencies as appropriate.
Accommodating preferences not to receive unsolicited telecommunications{tc
"Accommodating preferences not to receive unsolicited telecommunications"}
6.44 Unless there is some way to limit unsolicited telecommunications made
to people who object strongly to receiving such calls, the voluntary
system will fail, and those people will call for stronger measures. This
will be a challenge for the Telecommunications Privacy Committee and the
developers of the relevant codes.
6.45 A variety of ways of meeting the challenge have been suggested to the
inquiry and/or are in use in other jurisdictions. These include -
o a system of directory marking, such as an asterisk in the printed
White Pages, which serves as a single indication of a simple desire
not to be rung by any maker of unsolicited telecommunications
(whether telemarketer, fund raiser or researcher) or which is a
reference to a more detailed set of preferences in the Electronic
White Pages [EWP]
o the keeping of a separate list. People would apply to be on this
Preference List and then the list is distributed in some way to
makers of unsolicited telecommunications so that they can scrub
their lists and ensure that listed people are not to be called. The
Australian Direct Marketing Association currently keeps such a list.
6.46 These methods both have the difficulty that the more people
participate in the system the harder it will be to operate, and the
greater the costs will be, both to the operators of the method and to the
makers of unsolicited telecommunications. Some submitters regard such
considerations as secondary to the right of the consumer to be protected
against intrusion, but a workable scheme must take these practicalities
into account, as well as the right of makers of unsolicited
telecommunications to go about their business in a legal and competitive
way. There is an issue whether this protection from intrusion is -
o part of the status quo on privacy which, under a set of principles
like the New York ones, would mean consumers were entitled to that
level of protection without charge (State of New York Public Service
Commission, Privacy Principle in Telecommunication., 1991)
o a premium level of protection, in which case it may be reasonable to
expect those seeking such extra privacy to pay the associated costs.
6.47 AUSTEL's draft report posed the question whether charging consumers
administrative costs to be either on the preference list or to have their
directory entry marked might be a way of ensuring that the scheme did not
balloon beyond manageable proportions. The Federal Bureau of Consumer
Affairs responded to the effect that a charge could not be condoned and
that it would be analogous to paying protection money. An individual
respondent, Peter Flanagan, said that while he did not want to be pestered
he did not want to pay extra for the privilege. Consumer Affairs NSW
commented that it is -
...difficult to see how the costs associated with the administration
of a truly effective list could be justified.
6.48 Another possibility is to set up the scheme in such a way that the
consumer must take the initiative. This is what is envisaged in the
British Preference Scheme which has been set up as a company. The list is
advertised and interested consumers write away for a free information kit.
It is recommended that toll-free numbers or freepost services not be used.
(Business Plan for the British Direct Marketing Association Telephone
Preference Scheme, July 1991) This approach may be a better compromise
between accessibility and practicality than charging consumers, although
it still leaves open how the schemes are to be paid for.
6.49 One consequence of not having an effective mechanism to limit
unsolicited telecommunications may be an increasing percentage of people
choosing to have unlisted numbers. Currently the percentage in Australia
is about 12%, while in parts of the United States of America it can be as
high as 40%. The impact of this on the White Pages as a community
resource that is used for a range of purposes would be unfortunate.
c.Directory marking
6.50 Directory marking has to be done by the telephone company or its
subsidiary responsible for publishing the White Pages. Representatives of
AOTC have said it would be reluctant to be involved in a directory marking
scheme. They have expressed opposition to any form of marking which is
coded and which therefore needs decoding. There is also concern that if a
mark was placed against somebody's name and that person continued to
receive unsolicited telecommunications, AOTC would be held responsible and
would be required to deal with the customer complaint.
6.51 There appear to be three funding options -
o the carriers or in essence AOTC which, under its General Carrier
Licence, has the obligation to produce White Pages Directories
o the individuals who wish to be on such a list or have their directory
entry marked
o the makers of unsolicited telecommunications.
6.52 There are difficulties with each of these options. AOTC is reluctant
to incur increased costs, especially ones that do not seem related to its
core business or to bring it benefits. There may be ways in which it could
recoup such costs, either by passing them on through increased charges so
that in effect everybody was paying for the preference list whether or not
they chose to be on it, or by selling products to the makers of
unsolicited telecommunications. In some States in the USA telemarketers
and others making unsolicited telecommunications are obliged to buy the
preference list, and some telephone companies have experimented in
providing the lists as a computer application which can filter through the
list on the basis of various parameters. Another example of such an
approach is the use of directory asterisks to indicate the need to
determine further details of customer preferences from the Electronic
White Pages. If AOTC were able to develop some marketable products which
met particular telemarketers' needs, there might be sufficient incentive
to tackle a directory marking scheme.
6.53 Charging the individuals who wish to have their directory entry
marked would be unacceptable to many consumers. Consumers may well object
to being charged not to be offered goods and services. On the other hand,
it could be argued that directory marking would become increasingly
difficult to manage if there were no inbuilt checks to control its size
and that a charge would encourage people to think carefully about how much
they really did object to receiving telephone solicitations. The
Association of Market Research Organisations (AMRO) has specifically
argued for such charges:
AMRO rejects as complex and unworkable alternate proposals for a
preference list or directory marking...However, if a preference list
process were to be embraced, we would strongly argue for the principle
that people who wish not to take unsolicited calls should pay for the
privilege either by directory exclusion (silent line) or some other
cheaper form of directory marking.
6.54 Charging telemarketers could require that telemarketers be defined
and delineated as a category of telephone users and individually
identified. This is currently impossible. Even a regulatory regime that
required telemarketers to register themselves may involve practical
difficulties.
6.55 Currently it seems that directory marking is not a viable option. In
its response to the Draft Report AOTC gave support to the idea of
industry-based Preference Lists and did not mention directory marking.
Preference lists{tc "Preference lists"}
6.56 The same cost considerations apply to preference lists. Some of the
costs are -
o advertising the availability of such a list
o maintaining a database
o receiving and registering requests
o sending out updates and correcting errors.
6.57 If such lists were maintained by individual industry associations,
the costs may become so high that members may drop out, making the costs
for the remaining members even higher. An effective list might need to
give consumers a chance to specify particular preferences (such as no
sales calls, but market research or charity calls are acceptable). If a
list incorporated such preferences it would become even more unwieldy and
expensive.
6.58 A preference list might be administered by -
o the relevant trade association
o AUSTEL
o the proposed Telecommunications Industry Ombudsman
o Commonwealth, State or Territory consumer affairs agencies
o a private company selling the preference list as a commercial venture
o a combination of the above.
6.59 One difficulty for voluntary associations of maintaining these lists
has already been canvassed. Others include that the association reaches
only its members (and some associations have relatively small memberships
while others have a high percentage of industry participants belonging),
and that there may be problems coordinating separate lists.
6.60 AUSTEL has some experience of maintaining such a list with its Junk
Fax Register, which relates to unsolicited facsimiles. This Register,
which could be expanded to cover unsolicited telephone calls, carries no
force of law. That would require an amendment to the Telecommunications
Act 1991. If the Act were amended and if AUSTEL were to be responsible
for maintaining both a telephone and facsimile preference list, AUSTEL
would clearly require additional funding and resources before it could
undertake the tasks.
6.61 The proposed Telecommunications Industry Ombudsman who will have a
customer complaint focus might be well placed both to receive complaints
about unsolicited phone calls and to administer an effective preference
list by taking over and building upon the list currently with the trade
association and AUSTEL's Junk Fax Register, but it would be taking the
office further away from the role envisaged in the carrier licences.
6.62 The Federal Bureau of Consumer Affairs has said it favours directory
marking over preference lists and has expressed unwillingness to be
involved in complaint handling in this area. The only State consumer
affairs department to respond recommends that the Telecommunications
Industry Ombudsman take up the role.
6.63 It may be possible that a company currently dealing in lists and
databases for direct marketing could turn its expertise to the
construction and maintenance of a list of people not to be directly
marketed. The company would make its profit by selling the list to makers
of unsolicited telecommunications, or by taking the lists used in direct
marketing campaigns and removing the names of people who had asked not to
be approached. While AUSTEL has not investigated this idea, it has had
one discussion with a company dealing in such lists and the initial
reaction was that it might be viable.
6.64 The British Direct Marketing Association has set up a Telephone
Preference Service, the objectives of which are to -
o provide a means for consumers to record their wish not to receive
sales and marketing telephone calls from companies with whom they
have had no active contact
o enable companies and individuals employed by, or working on behalf
of, companies to access this information in an appropriate timely and
cost effective manner
o to be self financing.
While AUSTEL does not have specific information about how effective this
project is, it seems that preference listing may be a practical way of
giving effect to the wish of some consumers not to receive cold calls.
This is an issue that the Telecommunications Privacy Committee will need
to consider, with support from the relevant sub-committees. It should be
recognised that whatever approach is chosen will limit, not eliminate,
cold calling.
AUSTEL recommends that the Telecommunications Privacy Committee should
oversee the development of a cost-effective process by which consumers who
prefer not to receive unsolicited telecommunications may, as far as
possible, exercise that preference.
Other mechanisms for handling unsolicited telecommunications{tc "Other
mechanisms for handling unsolicited telecommunications"}
6.65 Since the recommended approach in this report is the voluntary
co-regulatory one outlined in general in chapter 4 and with specific
application to unsolicited telecommunications in this chapter, discussion
of other mechanisms has been largely excluded. These mechanisms are set
out here so that they are on record.
6.66 One such mechanism was utilising the contract that implicitly exists
between carriers and telemarketers. AOTC and Optus could incorporate in
their contracts (currently largely unwritten) either with particular
groups of users or else with all customers a clause requiring adherence to
privacy principles or a code of conduct. It is a complex idea and some
problems with it are immediately apparent, eg -
o it relies on the carriers agreeing to formulate their contracts in
this way. AUSTEL has been advised that as the law currently stands
it does not have the power to direct the carriers in this area. The
code could be set up in such a way that consumers complained about
breaches of the code to another body, rather than the carriers,
lessening the responsibility that would rest on the carriers if they
chose to adopt this idea.
o the involvement of the carriers is, in some ways, an artificial
device. Any complaint would be by one customer of a carrier about
another customer of a carrier, and in a way the only involvement of
the carrier is that its network enabled the two to make contact.
o existing customers may not be compelled to accept the new contracts.
Even if the carriers decided to alter their contracts in this way as
an act of corporate good citizenship, they may only be able to offer
contracts on these terms, not insist. Where customers did not accept
the contractual condition, service would be offered to them on the
terms published in the carriers' Basic Carriage Services (BCS)
tariffs.
6.67 The idea put forward by the Australian Consumers Association that all
cold calling be banned except where undertaken by companies or individuals
who are members of industry associations with approved codes of conduct
has found favour in some quarters. It is a concept to be considered if
voluntary co-regulation is unsuccessful, when such points as its possible
anti-competitive effects and enforcement mechanisms would need to be more
carefully considered.
CHAPTER 7
EQUIPMENT AND OTHER ISSUES{tc "EQUIPMENT AND OTHER ISSUES"}
Customer equipment issues - the legislative background 7.2
Telephone Information Management Systems 7.10
Automatic Calling Equipment 7.15
Unsolicited facsimiles 7.26
Reverse directories 7.28
Customer Information Issues 7.34
7.1 While most submitters focused on the CLI /CND and unsolicited
telecommunications issues, the following matters also attracted comment -
o use of customer equipment, in particular -
- Telephone Information Management Systems (TIMS)
- Automatic Calling Equipment (ACE)
o unsolicited facsimiles (junk fax)
o reverse directories
o the carriers' respective customer data bases.
Customer equipment issues - the legislative background{tc "Customer
equipment issues - the legislative background"}
7.2 The Telecommunications Act 1991 (section 246) provides that AUSTEL
may only determine a standard relating to customer equipment where it
believes it necessary or desirable in order to -
o protect the integrity of a network and the safety of people working
on it or using services supplied by means of it
o ensure that the customer equipment and the network are interoperable
o ensure compliance with recognised international standards
o maintain or improve end-to-end quality of telecommunications
services.
7.3 The Telecommunications Act 1991 also provides that -
o the Minister may notify AUSTEL of general policies of the
Commonwealth Government that are to apply in relation to AUSTEL
(section 49)
o the Minister may give direction to AUSTEL about how it is to perform
its functions and exercise its powers relating to the issuing,
varying or cancelling of permits (section 250).
7.4 AUSTEL has received one relevant notification of Government policy
under section 49, namely, that in issuing a permit AUSTEL is to have
regard to the Government's industry development arrangements for the
customer equipment manufacturing sector, set out in the booklet entitled
Industry Development Arrangements Customer Equipment issued by the
Department of Industry, Technology and Commerce and dated September 1989
("the booklet") and any amendments to those arrangements set out in any
amended version of the booklet. It is clear that taking the course of
legislative controls requires amendment to the Telecommunications Act
1991.
7.5 AUSTEL has advice from the Attorney General's Department to the
effect that neither AUSTEL's powers under section 246 nor the Minister's
powers under sections 49 or 250 enable AUSTEL to impose a condition of use
in a permit it issues.
7.6 As the law currently stands, privacy issues can not be considered in
assessing whether a permit should be issued. Nor can such issues be
included as a condition in a permit. A permit issued at the point of
manufacture or importation could not, in any case, dictate or influence
the way in which the equipment was used by those who purchase it. Even if
AUSTEL were to be given the power to impose a condition of use, there
would be practical difficulties in enforcing such a condition, eg - why
should a permit holder be disadvantaged for a user's breach of a condition
of use.
7.7 Accordingly, in considering whether there should be changes in the
law, a distinction needs to be drawn between -
o empowering AUSTEL to impose a condition of use, on the one hand,
o empowering AUSTEL to take into account broad general public interest
criteria in issuing a permit, on the other. That is, by extending
the matters set out in section 246 (summarised in paragraph 7.2
above) or by way of Ministerial notification or direction of the kind
set out in paragraph 7.3 above.
7.8 If the matters AUSTEL may take into account in issuing permits were
broadened then it might be a matter for AUSTEL, after appropriate
consultation, to decide to issue permits for, say -
o Telephone Information Management Systems only if the equipment were
configured or programmed in such a manner as to mask the last two
digits of any number called
o Automatic Calling Equipment only if the equipment were configured or
programmed in such a manner as to be incapable of sequential
dialling, capable of operating only during certain hours and on
selected lists of numbers only.
7.9 Whether such a power is necessary or desirable is an issue on which
comment was specifically sought in AUSTEL's draft report. Some
respondents commented on the limitations of legislation to deal with
equipment issues. Technology-specific legislation cannot cope with
technological developments, nor is legislation about equipment a good way
of dealing with the behaviour of users of the equipment, which is the real
source of intrusion. Another point made is that the level of detail
needed is inappropriate for legislation. Some respondents disagreed and
advised AUSTEL to seek enhanced powers in the area of permits. For
example, the Consumers' Telecommunications Network said -
CTN believes AUSTEL should have a role in evaluating public interest
issues with regard to customer equipment. Accordingly, AUSTEL should
be empowered to take into account general public interest criteria
when issuing a technical permit. If this process operated
effectively and in a stable and predictable fashion, CTN believes
this would enhance rather than restrict competition. It is better to
have an effective protection regime in place as early as possible
than to react to a consumer backlash as has occurred in other
countries, especially in the United States.
The voluntary compliance approach has potential to disadvantage
reputable equipment users who may suffer loss of public support for
their business practices due to the unwillingness of more
unscrupulous operators to adhere to the standards agreed upon. An
adequate regulatory regime in this area will provide maximum benefits
for all concerned.
Telephone Information Management Systems{tc "Telephone Information
Management Systems"}
7.10 Telephone Information Management Systems (or TIMS equipment) record
and store information about the calls made to and from PABXs. The
information collected may include the originating extension, the time of
day, the duration of each call, the telephone number called and the cost.
TIMS is not a new technology, but, as noted in paragraph 2.1, the privacy
issues it raises remain unresolved.
7.11 As discussed in the draft report, opinion was divided on whether
there should be a condition of use imposed on the equipment such that the
last digits of the numbers recorded are masked (which was largely the
situation when Telecom had responsibility for issuing permits). The
weight of the argument, however, seemed to be against such a condition.
The following points were made -
o the privacy implications can be better dealt with by applying the
principle of "informed choice", ie - informing individuals using
extensions to a PABX with a TIMS that information about their calls
is being recorded
o other technological developments have overtaken the TIMS issue. For
example, employers get like information from itemised bills provided
by the carriers
o the person paying the bill is entitled to the information
o in the ten year history of TIMS there has not been a significant
level of complaints about breaches of privacy
o there are circumstances in which a full record of the calls is
essential, eg - where a hotel is billing its guests.
7.12 Those considerations do not, however, cover the situation where the
person handling the TIMS record is not responsible for paying the bill.
For example, in a shopping mall individual shopkeepers may pay their bills
according to the allocation provided by a TIMS record. Another example is
hotels and motels. Guests using the phone in their room may well require
a detailed telephone account so that they know their bill is correct. In
some cases, the information may be needed for reimbursement from their
employer for work-related calls. This full information recorded by the
hotel or motel could be regarded as sensitive personal information about
its guests. An added complication with TIMS usage in hotels and motels is
that where guests are using credit cards which require a personal
Identification number (or PIN), the TIMS will record both a number dialled
by a customer as well as the customer's PIN, opening the door to fraud.
British Telecom has recently advised its credit card customers not to use
the cards in connection with hotel phones for this reason. The potential
for fraud has been raised with AUSTEL's Standards Advisory Committee which
is planning to put a non-mandatory note into the relevant technical
standards to inform suppliers and manufacturers of this possibility so
that they may offer a masking option to their customers as a way of
avoiding the problem.
7.13 The TIMS issue does not offer a compelling reason to seek legislative
amendment so as to be able to reinstate the Telecom masking requirement.
It is more appropriate to make it clear that there are no regulations
enforcing the masking of digits although the owner of a TIMS may wish to
configure it in that way for management, industrial relations reasons or
other reasons.
7.14 The development by TIMS users of codes of conduct under the auspices
of the Telecommunications Privacy Committee faces practical difficulties -
TIMS users have in common only the fact that they own a particular piece
of equipment. It could be, however, that some groups of users of TIMS,
especially owners of hotels and motels, would have an interest in
developing a code of conduct under the umbrella of the Telecommunications
Privacy Committee. Likewise suppliers of such equipment might provide a
focus for the development of a relevant code that they might pass on to
their customers when supplying the equipment. It may also be that hotel
and motel operators who provide telephone service to their guests and make
a surcharge for this are providing an eligible service under the terms of
the Telecommunications Act 1991 and may be subject to AUSTEL's Service
Providers Class Licence. If that be so, it would provide another avenue
for developing and implementing a voluntary code such as through relevant
hotel/motel associations.
AUSTEL recommends that -
o individuals affected should be informed by appropriate means whenever
data resulting from the use of a Telephone Information Management
System (TIMS) is being collected and processed
o in the case of the use of TIMS by hotels and motels, the owners and
operators of motels and hotels using TIMS to charge guests for
telephone calls be encouraged to develop a code of conduct with
regard to the use and re-use of the data so collected.
Automatic Calling Equipment{tc "Automatic Calling Equipment"}
7.15 AOTC's submission defined Automatic Calling Equipment as -
... a generic term for a range of telephone management systems which
automatically originate and supervise the establishment of calls over
a variable number of telephone lines.
Some examples are -
o Predictive diallers. These are machines that set up calls, ie - dial
and wait for an answer - and then hand the call over to an operator.
The machines are programmed to call busy and unanswered lines again
at specified time intervals. They are essentially labour saving
devices and it may not even be apparent to the recipient of the call
that a machine is involved. The efficiency of the system depends on
there being an operator available to take the call that has been set
up, and when it happens that there is not, the called party will
generally hear a recorded message requesting that he or she wait.
This can be perceived by the called party as rude, odd or intrusive,
and certainly the caller has to take the risk that the called party
will not wait. It can also be a problem that such calls tie up phone
lines which may be required for other calls, or even emergency calls.
o Auto diallers. These automatically dial a programmed set of numbers
which may comprise a numerical sequence or numbers extracted randomly
or according to a pattern from a phone directory or list. Automatic
dialling equipment that is connected to the network requires a
permit. Another method of setting up an auto dialling system is
using cards or programs in computers which are then connected to the
network. There are also permit requirements for such data terminal
equipment and its associated cards. Existing voluntary codes of
practice for telephone marketing prohibit random or sequential
dialling - it has inherent problems in that it can result in unlisted
numbers, fax machines, businesses, hospitals and counselling services
being called inadvertently. Some potential equipment suppliers, on
the other hand, argue that random or sequential auto dialling is the
most cost effective way for small business to reach out to new
customers. Telemarketers do not necessarily share that view.
o A range of equipment which wholly or partially replaces operators, eg
- machines which deliver recorded messages. In conjunction with an
auto dialling facility, such equipment constitutes the basis of a
simple telephone marketing operation. More sophisticated machines
include interactive voice so that called parties have the opportunity
to respond should they wish to do so. Voice message systems allow
operators to be bypassed and phone calls to be time-shifted. While
the use of recorded voice messages rather than live operators is
considered inappropriate by certain sectors of the telemarketing
industry, some submitters argued that the recorded messages are more
acceptable to consumers than a live operator and give consumers
more control - our research indicates that many people feel less
imposed upon by having to respond to a fully automatic system,
including a recorded voice, than they do when having to say no to a
live caller. (Data View Mapping Pty Ltd.)
7.16 Calls placed by automatic equipment, either wholly or partly, are not
inherently more intrusive than calls made by people. In fact, some
submitters argue that it is easier to hang up on a machine than a person
and that automated telemarketing puts less pressure on consumers. While
automation does not change the essence of the issues surrounding
unsolicited telecommunications it does facilitate a dramatic growth in the
volume of telephone marketing. The Australian Direct Marketing
Association has expressed disquiet about potential consumer resistance if
there is an increase in telephone marketing undertaken by many companies,
not necessarily with trained personnel. Other commentators have remarked
that such concerns could smack of anti-competitive practices.
7.17 While ACE is likely to be used for telemarketing, in particular for
cold calling, it also raises specific issues relating to equipment and the
process by which equipment is approved for connection to the network.
7.18 Just as AOTC used its regulatory power to enforce the masking of
final digits on TIMS equipment, so it permitted the connection of ACE only
subject to the following conditions -
o in-house use
o where there was an identified client group, such as shareholders of a
company
o essential services use
o other uses, eg - permission for connection of ACE systems for other
uses was restricted to circumstances where a written agreement has
been reached between the operator of the service and each customer of
the service.
7.19 Although AOTC uses Automatic Calling Equipment in circumstances which
would not have met its own conditions (eg - contacting customers who have
had a fault repaired or whose phone is about to be disconnected) the
application of such conditions served to control the commercial and
telemarketing applications of this equipment AOTC points out -
Australian experience, where ACE has created no consumer hostility,
contrasts starkly with the United States experience where ACE applications
have created a significant consumer backlash.
7.20 As observed above in relation to TIMS equipment, AUSTEL does not
have the power under the Telecommunications Act 1991 to impose conditions
of use in the permits it issues. Even if it could, it would be difficult
to enforce such conditions. The same options exist, ie - seeking
amendment of the legislation so that controls in the public interest or
for the sake of consumer protection could be applied at the stage of the
granting of permits or seeking other methods, of which codes of conduct
are probably the most viable, to ensure that public interest and consumer
protection are taken into account.
7.21 Most submitters who addressed the question of Automatic Calling
Equipment were uneasy about some aspect of the equipment. Some were
opposed to the widespread use of random and sequential dialling,
especially in conjunction with either a recorded voice message or an
artificial voice. There were a number of suggestions about the kinds of
controls that needed to exist: limiting when calls could be made, how
often, having access to a live operator, giving people a chance to say
no early in the call, using targeted lists rather than working through
the phone book or a sequence of numbers. Most submitters were vague about
how these controls could be achieved.
7.22 Another relevant viewpoint is that of companies and individuals
involved in businesses which manufacture or provide equipment or
facilities to telemarketers. Some were keen to make AUSTEL aware that its
Inquiry was delaying their product development process, their importation
of equipment or some other part of their operations. AUSTEL has been
aware that some planned developments have been put on hold or delayed
during the Inquiry, but considers that this consequence has to be weighed
against the longer term advantages of giving the industry a more certain
framework in which to operate.
7.23 Marketplace uncertainty has also resulted from the move from
Telecom-imposed restrictions to AUSTEL's taking over the regulatory
function without a power to impose such restrictions. Notwithstanding this
move, the marketplace seems to have adjusted and the absence of
restrictions has not led to a flood of complaints.
7.24 AUSTEL's draft report sought comment on the idea of a voluntary code
of conduct relating to Automatic Calling Equipment. Most respondents
supported it, although some commented that AUSTEL should be prepared to
seek legislative amendment if the code did not succeed, a suggestion in
keeping with the approach being recommended in this report.
7.25 While AUSTEL agrees that a voluntary code of conduct may have little
influence on the behaviour of unscrupulous operators, it believes that a
code of conduct should be given a chance to succeed, before seeking
legislative amendments to enable a regulatory regime that would be, as AAP
put it, unwieldy. Further, the level of goodwill that exists in the
industry is an encouragement to believe that a code may well be
successful. Even those business interests which have been impeded by the
Privacy Inquiry have expressed sympathy with the privacy and intrusion
concerns and want to know what the rules are, rather than seeking a
situation in which there will be no rules. It may be that the success of
a code of conduct in this area will depend as much on people using ACE
knowing about it as on their goodwill.
AUSTEL recommends that at this stage, the development of a code of conduct
under the auspices of the Telecommunications Privacy Committee, rather
than legislative amendment, is the most appropriate way of resolving
issues relating to the use of Automatic Calling Equipment.
Unsolicited facsimiles{tc "Unsolicited facsimiles"}
7.26 Unsolicited facsimiles or junk faxes clearly anger some people in a
way similar to unsolicited phone calls. While AUSTEL did not receive any
submissions defending the sending of junk faxes, it did receive a number
calling for their prohibition or control. A range of measures for
regulating/controlling junk faxes were suggested, including -
o banning or legislating
o a licence system
o the maintenance of a preference list
o disclosure of the originating number and other information about the
sender
o length limitations.
7.27 At this stage there would appear to be no grounds for treating junk
fax differently from other intrusion issues such as unsolicited telephone
calls. A code of conduct, to be adopted by those using facsimiles as a
marketing tool, drawing on the general privacy framework to be established
by the Telecommunications Privacy Committee would, on the information
presently available to AUSTEL, be an appropriate approach. The Committee
could give a higher profile to the existing junk fax register, maintained
by AUSTEL as a result of an earlier inquiry into the incidence of junk
fax, by associating it with a telephone preference system and bringing the
various measures that might be taken to address intrusion issues under the
one umbrella.
AUSTEL recommends that at this stage, the development of a code of conduct
under the auspices of the Telecommunications Privacy Committee, rather
than legislative amendment, is the most appropriate way of resolving
issues relating to the use of unsolicited facsimiles.
Reverse directories{tc "Reverse directories"}
7.28 Conventional directories may be searched only if the user knows a
name or a category of business, but computer-based reverse directories
allow the user to ascertain a name and address by reference to a known
phone number or the name and phone number by reference to an address.
Since such directories are essentially a body of information and no means
of telecommunications needs to be used to access them, they do not give
rise to a telecommunications specific issue. Like the re-use of data
gained through CLI, they are something that should be taken into account
in trying to calculate the impact of technological developments which are
within the terms of reference.
7.29 AUSTEL knows of two Australian reverse directories -Australia on Disk
and Desk Top Marketing System . They are compiled through a process of
re-keying the entries in the conventional directories. Accordingly they
do not include silent numbers and become outdated as quickly as the
conventional directory upon which they are based. Australia on Disk
costs approximately $1500 while a single user licence for the Desk Top
Marketing System, depending on the nature of the user, is about $1500 or
$2000. Such amounts may be relatively small for many businesses but would
appear of sufficient magnitude to deter many individuals from using such
directories. AOTC's access to its directory database allows searching by
number or address within its own organisation. That is a prerequisite for
the provision of address and number details for calls to the 000 emergency
service.
7.30 While currently people may feel they can give their phone number as a
single piece of information without disclosing other personal information,
if reverse directories become generally available, a phone number would
also result in the disclosure of name and address. There is clearly
potential for such information to be used in contravention of the
Information Privacy Principles for purposes other than those for which it
was given.
7.31 Address information is highly sensitive for some people and
vulnerability to reverse directory listings may become a reason for
choosing a silent number and avoiding being listed in the White Pages.
Likewise, it may become a reason for consumer resistance to allowing their
numbers to be used to be used in a Caller Number Display. This lessens
the usefulness and comprehensiveness of the White Pages and CND services.
7.32 Although the provision of a White Pages directory is a licence
condition for AOTC, it has no monopoly in the production of directories.
In a deregulated industry, there is nothing to prevent a company or
individual from entering into competition with AOTC in the production of
directories. While the duplication of standard hard copy White Pages may
not be profitable, the provision of a reverse directory is a more
attractive proposition. Neither AOTC nor AUSTEL would appear to have the
power to prevent the production of reverse directories.
7.33 Reverse directories are an example of what the Privacy Commissioner
has described as the aggressive re-use of data which is in the public
domain. Other public domain data that can be aggressively re-used
includes electoral rolls and public registers of shareholders. If the
Privacy Act 1988 were to be amended in the way discussed in paragraph 4.20
- 4.25, it is possible that this issue could be addressed. While reverse
directories are produced only by a couple of companies, it may also be
possible, with the cooperation of those companies, to reach the owners of
the directory disks and CD-ROMs in order to raise the issues of privacy
and the re-use of data. An encouragement to develop a code of conduct in
relation to the use of reverse directories may forestall a trend to an
increasing preference for unlisted numbers.
AUSTEL recommends that compilers and purchasers of reverse directories be
encouraged to develop a code of conduct that recognises the sensitivity of
a reverse telephone directory compared to one that can only be accessed
when the name of the subscriber is known.
Customer Information Issues{tc "Customer Information Issues"}
7.34 The submission of the Privacy Commissioner and one or two individuals
pointed to some issues that relate to the kind of information carriers
have about their customers and access to that information. The
competitive implications of customer information issues were discussed in
Chapter 3.
7.35 Carriers and service providers have access to information in two
broad categories -
o the name, address, telephone number and credit worthiness information
of the kind that any commercial organisation billing its customers has.
However, given that almost all households in Australia have a phone
service, it is, at least at this stage for AOTC, a particularly
comprehensive database. Much of this data is on public record because it
appears in the White Pages directories, is partially available through the
directory assistance service and is available to some through reverse
directories. The exceptions are the credit records and the silent number
information.
o information about customers' calls, both made and received. This
second kind of data is becoming more extensive as the network is
modernised and computerisation permits the collection and storage of
increasing amounts of the information that is generated in the network.
This information is already used commercially to a limited extent. For
example, a subscriber to Telecom's 008 toll-free service may be provided
with the first four digits of the numbers of the people who called it on
the 008 line, thus allowing the subscriber to target its marketing and
advertising. Some 0055 information service providers would also like
access to the CLI information, so that they can bill their own customers
direct, rather than through AOTC as they do at the moment.
7.36 One of the issues raised in this context relates to itemised billing.
The Privacy Commissioner points out that there are circumstances in which
itemised billing may lead to a breach of privacy, especially where there
is joint use of a telephone service. Some submitters and callers have
also raised issues of the privacy of household members where the numbers
called by them can be discovered by other members of the household. It
is, however, a condition in the General Carrier Licence that carriers
must provide itemised billing for all of its customers as soon as
practicable, and, in any case, not later than 30 June 1997. (Clause 8.1
of Telecommunications (General Telecommunications Licences) Declaration
(No 1) of 1991).
7.37 The Privacy Commissioner suggests that consumers should be offered
some choices of how their bill is itemised, including deletion of the last
few digits. Currently consumers who are in areas that have itemised
billing can ask not to have it, but cannot have the information presented
in a different format. One of the recent amendments made to the European
Commission's draft directive on ISDN, mentioned in paragraph 3.38, is the
offering of more flexible options on itemised billing to consumers to meet
the privacy problems that can occur.
7.38 Another issue relates to call charging records, that is the
carrier-held records of calls made by customers, the same kind of
information as is used in the provision of itemised billing. The use of
these records by third parties or for any purpose other than billing and
dispute resolution or law enforcement purposes would be a cause of
concern. As mentioned in paragraph 3.11, there are interim guidelines in
operation to assist the carriers in exercising their discretion with
regard to the provision of this kind of information to law enforcement
agencies. These guidelines form Appendix 9 of this report.
7.39 Chapter 3 (at paragraphs 3.26 - 3.27) referred to the ways in which
information about customers is exchanged between companies as a privacy
concern that should be addressed in a code of conduct. The code of
conduct should also take up issues that relate to the handling of customer
information within companies.
AUSTEL recommends that -
o carriers develop a code of conduct that relates to their handling of
customer information, including -
- the exchange of customer information between them, service providers
and within the divisions of their own organisation
- the provision of options with regard to itemised billing.
LIST OF APPENDICES
1 Terms of Reference
2 The Inquiry process
3 Submissions to the Privacy Inquiry
4 Submitters and respondents who met with AUSTEL's
Privacy Inquiry
5 Public Seminars held in conjunction with AUSTEL's Privacy
Inquiry
6 Respondents to the draft Report
7 Information privacy principles
8 Section 88 of the Telecommunications Act 1991
9 Draft guidelines for disclosure of Call Charge Recording
(CCR) information
TERMS OF REFERENCE{tc "TERMS OF REFERENCE"}
The following terms of reference for AUSTEL's Privacy Inquiry were
released on 20 October 1991 -
AUSTEL, the Australian Telecommunications Authority, is undertaking a
public inquiry into the privacy implications of telecommunications
services made possible by new technologies. AUSTEL invites submissions
addressing the following issues:
o conditions of use or operation, if any, which are needed to protect
the privacy of individuals with particular reference to the
following:
- developments within the telecommunications system such as calling
number display (Caller ID)
- the availability and use of services which incorporate technologies
such as automatic calling equipment (ACE), voice response systems and
telephone information management systems (TIMS)
- telemarketing services and other like services and activities
including unsolicited phone calls and unsolicited facsimiles(junk
fax)
o whether these matters should be dealt with as a telecommunications
specific matter or according to general privacy considerations
o in considering conditions of use or operation, the weight which
should be given to privacy considerations in assessing the potential
economic and social impacts of telecommunications services, taking
into account the benefits and costs involved.
Suggestions for, and comments on, possible mechanisms by which privacy
issues can be addressed are welcome.
THE INQUIRY PROCESS{tc "THE INQUIRY PROCESS"}
see Chapter 2
The Privacy Inquiry is the first public inquiry held by AUSTEL under
section 328 (b) of the Telecommunications Act 1991 . This section gives
AUSTEL the power to initiate public inquiries where appropriate and
practicable. The Inquiry was carried out as follows -
o AUSTEL initiated a round of preliminary consultations with interested
parties including the Department of Transport and Communications, the
office of the Privacy Commissioner, the Privacy Committee of NSW, the
Australian Direct Marketing Association and AOTC.
o The inquiry was advertised in metropolitan and regional daily
newspapers.
o Letters of notification were sent to politicians, interested
individuals and organisations.
o A detailed discussion paper was published, advertised and
distributed. The Discussion Paper was made available through
AUSTEL's State registries, Australian Government Bookshops and some
other places.
o AUSTEL received 141 submissions in response to the initial Discussion
Paper. These are listed in Appendix 3.
o Submissions were acknowledged and a number of submitters took the
opportunity to discuss their submissions with AUSTEL in more detail.
A list of submitters with whom individual meetings were held is given
in Appendix 4.
o Eight public seminars were held, one in each State capital and one in
each of Canberra and Wollongong. Details are given in Appendix 5. A
decision was made to hold informal seminars rather than formal
hearings in order to encourage positive discussion and an open
exchange of views and ideas. The seminars were organised in a way
which maximised the time available for public discussion and
questioning. The aim of these seminars was to -
- inform people about some of the emerging and future
telecommunications services which might have privacy implications
- give people the opportunity to air their views on the privacy issues
encompassed by the Inquiry; and
- provide a forum for public discussion of privacy issues relevant to
the inquiry
The seminars were advertised in the local press and advertisements for
them were sent to individuals and organisations who had indicated an
interest in the inquiry.
o A Draft Report was issued in June 1992. This Draft Report summarised
submitters' views, canvassed suggested approaches and asked for
comment on a number of specific issues. As well, two seminars, one
in Melbourne and one in Sydney, were held, both so that AUSTEL could
explain the suggestions it had made and hear what interested
individuals and groups thought of them. Details of these meetings
are also given in Appendix 5.
o 41 responses to the Draft Report were received, most from
organisations and most responding to some or all of the specific
issues raised in the Draft Report. A list of respondents is given in
Appendix 6.
o Discussions were held with interested parties about the
recommendations of the Final Report so that as far as possible these
recommendations could be issued on the basis of consensus.
.c.SUBMISSIONS TO THE PRIVACY INQUIRY{tc ".c.SUBMISSIONS TO THE PRIVACY
INQUIRY"}
AAP Communications
AGB Australia
Dr R Anderton-Crookall
AOTC
Artcraft
Association of Marketing Research Organisations
Austin & Partners
Australian Civil Liberties Union
Australian Consumers' Association
Australian Direct Marketing Association
The Australian Institute of Fundraising
Australian Privacy Foundation
Australian Telecommunications Users Group
Australian Telemarketing Association
Aviation Security Branch - DOTAC
Mr. R.E.Balchin
Richard Barnes & Associates
Mr L Barrett
Mr Craig Beard
Mr Richard Bennett
Bennett Research (Aus) Pty Ltd
Mr John Bills
Professor R. Bowden
Brand Strategies
Mr S J Broughton
H.J.Campbell Pretty & Associates
M G Campbell
Mr Jamie Catlin - CIRCIT
Centre for Information Technology & Communications (CITEC)
P Chamen
Chant Link & Associates
Christian Children's Fund of Australia Ltd
Mr Stephen Coates
Coles Myer
Commonwealth Fire Board
Communications Law Centre
Consumers Telecommunications Network (CTN)
Mrs Dulcie Cook
Correctional Services, Dept. of (SA)
Criminal Justice Commission (QLD)
Country Fire Service (SA)
Dangar Research Group
Data-View Mapping Pty Ltd
Miss Dorothy Davies
DAVOX
Nanette Dykes Market Research
Education Department of South Australia
EKAS Marketing Research Services
Elder Marketing Services
Elliot & Shanahan Research
Federal Bureau of Consumer Affairs
Mrs Field
Financial Market Research Consultants
Mr Peter Flanagan
T. Ford
Mr Brian Garth
Mr John Graham
Greer Wire Industries
Guide Dog Association of NSW & ACT
D.S & J Hall
Harrison Market Research Pty Ltd
Mr Robert Hermann
K Herzog
Mr G Hodskiss
House With No Steps
Mr Alan Hughes
Hydro Electric Commission (TAS)
Intercode Research
Mr Philip Jackson
Mr. I R Jenkin
Kenning Market Research Consultants
Law Society of SA
Legislation & Policy Division, VIC Police
Levita Group
Mr Dennis List (ABC Radio, SA)
Mr Doug McKenzie
Ms Amy Mahan - CIRCIT
Market Research Society of Australia
The Marketing Centre
Marketshare Pty Ltd
Metropolitan Fire Brigade (VIC)
MRA Research Pty Ltd
Myer Stores Ltd
National Mutual Life Association
Nationwide Research Services
Neill, Riley and Associates
NSW Dpt. of Business & Consumer Affairs
New South Wales Fire Brigade
NSW Police Service - State Intelligence Group Command
Newspoll
Northern Field Services
Optus Communications
K. Patterson & Associates
Ms Winifred Peart
Ms Patricia Prendergast
Privacy Commissioner, HREOC
Privacy Committee of New South Wales
Prospect Electricity
Quantum
Queensland Police Service
Mr Reinhold Quillen
The Reark Group
Research International
Retailers Council of Australia
Mr Myles Ruggles - CIRCIT
Mr Mike Russell
SETEL
Shire of Seymour (Ms. Shelley Frawley)
Shire of Seymour (Cliff Nicholson)
Frank Small & Associates
Mr Charlie Sorel
South Australia Police Department
Staddon Consulting Services
State Electricity Commission of Victoria
Ms Mandy Swaney
Telogy: Talking Technology Australia
Trade Practices Commission
Mr Rodger Tremlett
Mr Tony Tritschler
Mr Greg Tucker
Vitalcall Pty Ltd
WA Police Department
Wells Australasia
West Street Research Services
Mr Robin Whittle
City of Whittlesea
Mr J Wilson
Womens Electoral Lobby
Woolcott Research
Worthington Di Marxio Pty Ltd
Yann Campbell Hoare Wheeler
In addition, there were two anonymous submissions, four where submitters
asked that their submissions be regarded as commercial-in-confidence and
two where submitters were prepared to have the text used but wished to
have their name and address withheld.
SUBMITTERS AND RESPONDENTS WHO MET WITH AUSTEL'S PRIVACY INQUIRY{tc
"SUBMITTERS AND RESPONDENTS WHO MET WITH AUSTEL'S PRIVACY INQUIRY"}
AAP
Alcatel
Australian Direct Marketing Association
Australian Market Research Organisation
AOTC
CIRCIT
Mr Stephen Coates
Communications Law Centre
Consumer Telecommunications Network
Federal Bureau of Consumer Affairs
Levita Group
Market Research Society of Australia
New South Wales Fire Brigades
Nortel
Optus Communications
Privacy Commissioner
Prospect Electricity
Mr Greg Tucker
Mr Robin Whittle
Other meetings
Office of the Status of Women, Department of Prime Minister and Cabinet
Telecommunications Policy Division, Department of Transport and
Communications
National Directory Services, AOTC
Portmack Pty Ltd
Trade Practice Commission
PUBLIC SEMINARS HELD IN CONJUNCTION WITH AUSTEL'S PRIVACY INQUIRY{tc
"PUBLIC SEMINARS HELD IN CONJUNCTION WITH AUSTEL'S PRIVACY INQUIRY"}
(1) After submissions were received
Brisbane
Monday 9 March 1992
Carindale Hotel Motel, Carindale
Sydney
Wednesday 11 March 1992
Square House, University of New South Wales
Wollongong
Thursday 12 March 1992
Union Function Room, University of Wollongong
Perth
Wednesday 18 March 1992
City West Centre, West Perth
Adelaide
Thursday 19 March 1992
South Park Motor Inn, Adelaide
Hobart
Thursday 26 March 1992
Westside Hotel, Hobart
Canberra
Tuesday 31 March 1992
Haydon Allen Building, Australian National University
Melbourne
Thursday 2 April 1992
CIRCIT, South Melbourne
(2) After the publication of the Draft Report
Melbourne
Tuesday 30 June 1992
Dallas Brooks Conference Centre
East Melbourne
Sydney
Thursday July 2 1992
Golden Gate Park Plaza Hotel
Haymarket
RESPONDENTS TO THE DRAFT REPORT{tc "RESPONDENTS TO THE DRAFT REPORT"}
AAP Communications
Alcatel Australia
Mr John Allen
AOTC
Association of Marketing Research Organisations
Attorney-General's Department, Human Rights Branch
Australian Direct Marketing Association
Australian Telecommunications Users Group
Australian Telemarketing Association
Mr L Barrett
Communications Law Centre (CLC)
Consumer Affairs, New South Wales
Consumers Telecommunications Network (CTN)
Department of Communications, Canada
Mr Michael Doyle
Elliot & Shanahan Research
Federal Bureau of Consumer Affairs
Mr Peter Flanagan
Mr Ian Gunn
Mr Lindsay MacDonald
Market Research Society of Australia
N.D. & B.A. May
New South Wales Fire Brigades
NorTel
Optus Communications
Privacy Commissioner, HREOC
Prospect Electricity
Queensland Police Service
Mr Myles Ruggles - CIRCIT
Shire of Seymour (Ms. Shelley Frawley)
Shire of Seymour (Cliff Nicholson)
South Australia Police Department
Telecommunications Policy Division, Department of Transport and
Communications
Telephone Service Against Sexual Assault
Telsol
Mr Greg Tucker, David Syme School of Business, Monash University
Western Australian Police Department
Mr David Whittle
Mr Robin Whittle
Womens Electoral Lobby
Women's Information Switchboard
There was one anonymous submission, and one where the respondent did not
wish publication of her details.
INFORMATION PRIVACY PRINCIPLES{tc "INFORMATION PRIVACY PRINCIPLES"}
see paragraph 4.2
Principle 1
Manner and purpose of collection of personal information
1. Personal information shall not be collected by a collector for
inclusion in a record or in a generally available publication unless:
(a) the information is collected for a purpose that is a lawful purpose
directly related to a function or activity of the collector; and
(b) the collection of the information is necessary for or directly
related to that purpose
2. Personal information shall not be collected by a collector by
unlawful or unfair means.
Principle 2
Solicitation of personal information from individual concerned
Where:
(a) a collector collects personal information for inclusion in a record
or in a generally available publication; and
(b) the information is solicited by the collector from the individual
concerned the collector shall take such steps (if any) as are, in the
circumstances, reasonable to ensure that, before the information is
collected or, if that is not practicable, as soon as practicable
after the information is collected, the individual concerned is
generally aware of:
(c) the purpose for which the information is being collected;
(d) if the collection of the information is authorised or required under
law - the fact that the collection of the information is so
authorised or required; and
(e) any person to whom, or any body or agency to which, it is collector's
usual practice to disclose personal information of the kind so
collected, and (if known by the collector) any person to whom, or any
body or agency to which, it is usual practice of that first mentioned
person, body or agency to pass on that information.
Principle 3
Solicitation of personal information generally
Where:
(a) a collector collects personal information for inclusion in a record
or in a generally available publication; and
(b) the information is solicited by the collector; the collector shall
take such steps (if any) as are, in the circumstances, reasonable to
ensure that, having regard to the purpose for which the information
is collected;
(c) the information collected is relevant to that purpose and is up to
date and complete; and
(d) the collection of the information does not intrude to an unreasonable
extent upon the personal affairs of the individual concerned.
Principle 4
Storage and security of personal information
A record-keeper who has possession or control of a record that contains
personal information shall ensure:
(a) that the record is protected by such security safeguards as it is
reasonable in the circumstances to take, against loss, against
unauthorised access, use, modification or disclosure, and against
other misuse; and
(b) that if it is necessary for the record to be given to a person in
connection with the provision of a service to the record-keeper,
everything reasonably within the power of the record-keeper is done
to prevent unauthorised use or disclosure of information in the
record.
Principle 5
Information relating to records kept by record-keeper
1. A record-keeper who has possession or control of records that contain
personal information shall, subject to clause 2 of the Principle, take
such steps as are, in the circumstances, reasonable to enable any person
to ascertain:
(a) whether the record-keeper has possession or control of any records
that contain personal information; and
(b) if the record-keeper has possession or control of a record that
contains such information:
(i) the nature of that information;
(ii) the main purposes for which that information is used; and
(iii) the steps that the person should take if the person wishes to
obtain access to the record.
2. A record-keeper is not required under clause 1 of this Principle to
give a person information if the record-keeper is required or authorised
to refuse to give that information to the person under the applicable
provisions of any law of the Commonwealth that provides for access by
persons to documents.
3. A record-keeper shall maintain a record setting out:
(a) the nature of the records of personal information kept by or on
behalf of the record-keeper;
(b) the purpose for which each type of record is kept;
(c) the classes of individuals about whom records are kept;
(e) the persons who are entitled to have access to personal information
contained in the records and the conditions under which they are
entitled to have that access; and
(f) the steps that should be taken by persons wishing to obtain access to
that information.
4. A record-keeper shall:
(a) make the record maintained under clause 3 of this Principle available
for inspection by members of the public; and
(b) give the Commissioner, in the month of June in each year, a copy of
the record so maintained.
Principle 6
Access to records containing personal information
where a record-keeper has possession or control of a record that contains
personal information, the individual concerned shall be entitled to have
access to that record, except to the extent that the record-keeper is
required or authorised to refuse to provide the individual with access to
that record under the applicable provisions of any law of the Commonwealth
that provides for access by persons to documents.
Principle 7
Alteration of records containing personal information
1. A record-keeper who has possession or control of a record that
contains personal information shall take such steps (if any), by way of
making appropriate corrections, deletions and additions as are, in the
circumstances, reasonable to ensure that the record:
(a) is accurate; and
(b) is, having regard to the purpose for which the information was
collected or is to be used and to any purpose that is directly
related to that purpose, relevant, up-to-date, complete and not
misleading.
2. The obligation imposed on a record-keeper by clause 1 is subject to
any applicable limitation in a law of the Commonwealth that provides a
right to require the correction or amendment of documents.
3. Where:
(a) the record-keeper of a record containing personal information is not
willing to amend that record, by making a correction, deletion or
addition, in accordance with a request by the individual concerned;
and
(b) no decision or recommendation to the effect that the record should be
amended wholly or partly in accordance with that request has been
made under the applicable provisions of a law of the Commonwealth;
the record keeper shall, if so requested by the individual concerned,
take such steps (if any) as are reasonable in the circumstances to
attach to the record any statement provided by that individual of the
correction, deletion or addition sought.
Principle 8
Record-keeper to check accuracy etc of personal information before use
A record-keeper who has possession or control of a record that contains
personal information shall not use that information without taking such
steps (if any) as are, in the circumstances, reasonable to ensure that,
having regard to the purpose for which the information is proposed to be
used, the information is accurate, up to date and complete.
Principle 9
Personal information to be used only for relevant purposes
A record-keeper who has possession or control of a record that contains
personal information shall not use the information except for a purpose to
which the information is relevant.
Principle 10
Limits on use of personal information
1. A record-keeper who has possession or control of a record that
contains personal information that was obtained for a particular purpose
shall not use the information for any other purpose unless:
(a) the individual concerned has consented to use of the information for
that other purpose;
(b) the record-keeper believes on reasonable grounds that use of the
information for that other purpose is necessary to prevent or lessen
a serious and imminent threat to the life or health of the individual
concerned or another person;
(c) use of the information for that other purpose is required or
authorised by or under law;
(d) use of the information for that other purpose is reasonably necessary
for the enforcement of the criminal law or of a law imposing a
pecuniary penalty, or for the protection of the public revenue; or
(e) the purpose for which the information is used is directly related to
the purpose for which the information was obtained.
2. Where personal information is used for enforcement of the criminal
law or of a law imposing a pecuniary penalty, or for the protection of the
public revenue, the record-keeper shall include in the record containing
that information a note of that use.
Principle 11
Limits on disclosure of personal information
1. A record-keeper who has possession or control of a record that
contains personal information shall not disclose the information to a
person, body or agency (other than the individual concerned) unless:
(a) the individual concerned is reasonably likely to have been aware, or
made aware under Principle 2, that information of that kind is
usually passed to that person, body or agency;
(b) the individual concerned has consented to the disclosure;
(c) the record-keeper believes on reasonable grounds that the disclosure
is necessary to prevent or lessen a serious and imminent threat to
the life or health of the individual concerned or of another person;
(d) the disclosure is required or authorised by or under law; or
(e) the disclosure is reasonably necessary for the enforcement of the
criminal law or of a law imposing a pecuniary penalty, or for the
protection of the public revenue.
2. Where personal information is discloser for the purposes of
enforcement of the criminal law or of a law imposing a pecuniary penalty,
or for the protection of the public revenue, the record-keeper shall
include in the record containing that information a note of the
disclosure.
3. A person, body or agency to whom personal information is disclosed
under clause 1 of this Principle shall not use or disclose the information
for a purpose other than the purpose for which the information was given
to the person, body or agency.
.
c.TELECOMMUNICATIONS ACT 1991
SECTION 88
see paragraphs 4.5 - 4.9
Carriers' employees etc. not to disclose or use contents of
communications etc.
88. (1) A person who is an employee of a carrier must not disclose or use
any fact or document that:
(a) relates to:
(i) the contents or substance of a communication that has been carried by
the carrier or a communication in the course of telecommunications
carriage; or
(ii) telecommunications services supplied, or intended to be
supplied, to another person by the carrier; or
(iii) the affairs or personal particulars (including any unlisted
telephone number or any address) of another person; and
(b) comes to the person's knowledge, or into the person's possession,
because the person is an employee of the carrier.
Penalty: Imprisonment for 2 years.
(2) A person who has been an employee of a carrier must not disclose
or use any fact or document that:
(a) relates to a matter mentioned in paragraph (1) (a); and
(b) came to the person's knowledge, or into the person's possession,
because the person was an employee of the carrier.
Penalty: Imprisonment for 2 years.
(3) This section does not prohibit a disclosure by a person of a fact or
document:
(a) if the disclosure is made in the performance of the person's duties
as an employee of the carrier; or
(b) if the disclosure is made as a witness summoned to give evidence or
to produce documents; or
(c) if the disclosure is made:
(i) to an officer or employee of the Australian Security Intelligence
Organisation authorised in writing by the Director-General of
Security to receive the disclosure; and
(ii) in connection with the performance by the Organisation of its
functions; or
(d) if:
(i) the fact or document came to the person's knowledge, or into the
person's possession, because of a call to the emergency number 000;
and
(ii) the disclosure is made to a member of a police force or fire
service or of an ambulance service to which the call was
connected; or
(e) if the fact or document relates to the affairs or personal
particulars (including any unlisted telephone number or any address)
of another person and:
(i) the other person is reasonably likely to have been aware or made
aware that information of that kind is usually disclosed in the
circumstances concerned; or
(ii) the other person has consented to the disclosure in the
circumstances concerned; or
(iii) the person who makes the disclosure believes on reasonable
grounds that the disclosure is necessary to prevent or lessen a
serious and imminent threat to the life or health of a person;
or
(f) if the disclosure is required or authorised by or under law; or
(g) if the disclosure is reasonably necessary for the enforcement of the
criminal law or of a law imposing a pecuniary penalty, or for the
protection of the public revenue; or
(h) if:
(i) the person who made the disclosure is an employee of the
carrier; and
(ii) the disclosure is made to, or to an employee of, another carrier
or a supplier of an eligible service; and
(iii) the fact or document relates to:
(A) the operation or maintenance of a telecommunications network or
facility operated by the other carrier or the supplier; or
(B) the supply of services by the other carrier or the supplier by means
of a telecommunications network or facility; and
(iv) the disclosure is made for the purpose of the carrying on by the
other carrier or the supplier of its business relating to the
supply of services by means of a telecommunications network or
facility operated by the other carrier or the supplier; or
(i) if:
(i) the person who made the disclosure is an employee of the
carrier; and
(ii) the disclosure is made to, or to an employee of, another carrier
or a supplier of an eligible service; and
(iii) the fact or document relates to:
(A) the operation or maintenance of a telecommunications network or
facility operated by the first-mentioned carrier; or
(B) the supply of services by the first-mentioned carrier by means of a
telecommunications network or facility; and
(iv) the disclosure is made for the purpose of the carrying on by
the other carrier or the supplier of its business relating to
the supply of services by means of a telecommunications network
or facility operated by the first- mentioned carrier; or
(j) if the disclosure is reasonably necessary for the purpose of the
preservation of human life at sea; or
(k) if the disclosure:
(i) relates to the location of a vessel at sea; and
(ii) is made for maritime communications purposes; or
(l) if:
(i) the person who made the disclosure is or has been an employee of
the carrier; and
(ii) the disclosure is made to, or to a member of the staff of,
AUSTEL; and
(iii) the fact or document may assist AUSTEL in the performance of any
of its functions or the exercise of any of its powers under this
Act or any other law of the Commonwealth; or
(m) if the disclosure is made in prescribed circumstances.
(4) This section does not prohibit a use by a person of a fact or
document:
(a) if the use is made for the purposes of or in connection with a
disclosure of the fact or document by the person, being a disclosure
to which subsection (3) applies; or
(b) if the use is made in the performance of the person's duties as an
employee of the carrier; or
(c) if the fact or document relates to the affairs or personal
particulars (including any unlisted telephone number or any address)
of another person and:
(i) the other person is reasonably likely to have been aware or made
aware that information of that kind is usually used in the
circumstances concerned; or
(ii) the other person has consented to the use in the circumstances
concerned; or
(iii) the person who makes the use believes on reasonable grounds that
the use is necessary to prevent or lessen a serious and imminent
threat to the life or health of a person; or
(d) if the use is required or authorised by or under law; or
(e) if the use is reasonably necessary for the enforcement of the
criminal law or of a law imposing a pecuniary penalty, or for the
protection of the public revenue; or
(f) if:
(i) the person who made the use is an employee of the carrier; and
(ii) the fact or document relates to:
(A) the operation or maintenance of a telecommunications network or
facility operated by another carrier or by a supplier of an eligible
service; or
(B) the supply of services by another carrier, or by the supplier of an
eligible service, by means of a telecommunications network or
facility; and
(iii) the use is made for the purpose of the carrying on by the other
carrier or the supplier of its business relating to the supply
of services by means of a telecommunications network or facility
operated by the other carrier or the supplier; or
(g) if:
(i) the person who made the use is an employee of the carrier; and
(ii) the fact or document relates to:
(A) the operation or maintenance of a telecommunications network or
facility operated by the carrier; or
(B) the supply of services by the carrier by means of a
telecommunications network or facility; and
(iii) the use is made for the purpose of the carrying on by another
carrier, or by a supplier of an eligible service, of its
business relating to the supply of services by means of a
telecommunications network or facility operated by the
first-mentioned carrier; or
(h) if the use is reasonably necessary for the purpose of the
preservation of human life at sea; or
(i) if the use:
(i) relates to the location of a vessel at sea; and
(ii) is made for maritime communications purposes; or
(j) if the use is made in prescribed circumstances.
(5) In this section:
"communication in the course of telecommunications carriage" means a
communication that is being carried by a carrier, and includes a
communication that has been collected or received by a carrier for
carriage by it but has not been delivered by it;
"employee", in relation to a carrier or a supplier of an eligible service,
includes:
(a) a person who performs services for or on behalf of the carrier or
supplier; and
(b) an employee of such a person.
Note: This section was being amended as this report was being produced.
The above version does not include these amendments.
DRAFT{tc "DRAFT"}
GUIDELINES FOR DISCLOSURE OF CALL CHARGE RECORDING (CCR) INFORMATION
see paragraph 3.11
1. Section 88(3)(g) of the Telecommunications Act, 1991 permits the
disclosure of information by a carrier or its employees if the disclosure
is reasonably necessary for the enforcement of the criminal law or of a
law imposing a pecuniary penalty, or for the protection of the public
revenue.
2. The "reasonableness test" in section 88(3)(g) shall be satisfied
where disclosure of CCR information is made in relation to investigation
of conduct which, if proved, would constitute -
(i) an offence punishable by two years' imprisonment or more; or
(ii) specific conduct, or a specific offence (whether criminal or civil),
which, while not carrying a penalty of two years' imprisonment or
more, is agreed between the carrier and the agency concerned to be
sufficiently serious, or to have such special circumstances for its
investigation, as to justify the release of CCR information,
and provided the following procedures are followed -
(a) requests for CCR information to be made to a specified area or unit
of the carriers for processing;
(b) requests to be made/authorised at an appropriately senior level and
to be accompanied by a statement of reasons for the request so that
the carrier may be satisfied that any disclosure made in response
would be in the circumstances specified in paragraphs 88(3)(g);
(c) the statement of reasons to contain an assurance or certificate that
the disclosure requested is in fact reasonably necessary for the
enforcement of the criminal law, etc;
(d) records to be kept by the carriers in relation to requests submitted,
and disclosures made, in relation to CCR information.
3. The agencies to which these guidelines apply are Commonwealth or
State Government agencies which administer the criminal law, or laws
imposing a pecuniary penalty, or laws protecting the public revenue.
4. A carrier may request an agency to whom CCR information is disclosed
in accordance with those guidelines to give an undertaking that the
information so acquired shall only be further disclosed in the
circumstances contemplated by Information Privacy Principle 11.
Executive Summary and Recommendations
Executive Summary and Recommendations
{page|1}
Executive Summary and Recommendations
{page|1}
The Inquiry: Reasons and Support for, the Consultative Process and
Developments during
The Inquiry: Reasons and Support for, the Consultative Process and
Developments during
Telecommunications Privacy in Context
Telecommunications Privacy in Context
An Australian Approach to Telecommunications Privacy Issues
An Australian Approach to Telecommunications Privacy Issues
{page|1}
An Australian Approach to Telecommunications Privacy Issues
{page|1}
Calling Line Identification /Calling Number Display
Calling Line Identification/Calling Number Display
{page|1}
Unsolicited Telecommunications
Unsolicited Telecommunications
Unsolicited Telecommunications
Equipment and Other Issues
Equipment and Other Issues
Appendix 1
Appendix 3
Appendix 3
Appendix 3
Appendix 3
Appendix 4
Appendix 5
Appendix 5
Appendix 6
Appendix 7
Appendix 7
Appendix 8
Appendix 8
Appendix 9
Created before October 2004
Member login
Not a member yet?