The Telecommunications (Interception and Access) Act 1979 requires telecommunications companies to retain a particular set of telecommunications data for at least 2 years. These obligations ensure Australia's law enforcement and security agencies are lawfully able to access data, subject to strict controls.
You need to keep most records for five years, starting from when you prepared or obtained the records, or completed the transactions (or acts they relate to), whichever is the later. You need to be able to show the ATO your records if they ask for them.
Under the scheme, all telcos will be required to collect and store a significant amount of customer metadata for two years and make it available upon lawful request to certain law enforcement and national security agencies.
Confusion about six years of data storage
That's to prevent prepaid mobile phones being used for criminal purposes, and enable law enforcement agencies to identify the owners of phones. That identity check can use a range of documents including driver licenses, passports and Medicare cards.
The metadata retention scheme was launched by the former Coalition government in early 2015, requiring telecommunications firms to keep customer metadata for two years in order to assist law enforcement and security agencies with serious criminal and national security investigations.
Under Europe's General Data Protection Regulation (GDPR), the right to be forgotten gives individuals the right to ask an entity in certain circumstances to destroy the personal information that the entity holds about them. Australians don't currently have this right under the Privacy Act.
The Telecommunications (Interception and Access) Act 1979 requires telecommunications companies to retain a particular set of telecommunications data for at least 2 years. These obligations ensure Australia's law enforcement and security agencies are lawfully able to access data, subject to strict controls.
Why does Optus store passport and licence information? Optus said it stored the data including passport and licence numbers for up to six years as required by Australian law.
The data goes back to 2017 because Optus is required to keep identity verification records for six years. Bayer Rosmarin said once Optus determines which customers are affected, all customers, even those not directly affected, will hear from the company.
The details, dating back to 2017, include names, birth dates, phone numbers, email addresses, and – for some customers – addresses and driver's licence or passport numbers.
Complete deletion of data from our servers is equally important for users' peace of mind. This process generally takes around 2 months from the time of deletion.
You'll need to have enabled the web history in the past, and you must log in with the Google account used in Chrome. Once you log in, you'll find a "Filter by Date" option where you can select the target date and see account activities such as visited websites from that date.
Your history shows the pages that you've visited on Chrome in the last 90 days. It doesn't store Chrome pages that you've visited, like chrome://settings, pages that you've visited in private browsing or pages that you've already deleted from your browsing history.
Legal Documents
For example, documents such as bills of sale, permits, licenses, contracts, deeds and titles, mortgages, and stock and bond records should be kept permanently. However, canceled leases and notes receivable can be kept for 10 years after cancellation.
Only you or a person you authorise, such as a legal guardian or authorised agent, can request the correction of your personal information. An organisation or agency must be satisfied the request came from you or the person you authorised.
EEOC Regulations require that employers keep all personnel or employment records for one year. If an employee is involuntarily terminated, his/her personnel records must be retained for one year from the date of termination.
'Very sorry': Optus hacker claims data has been deleted. The hackers allegedly behind the Optus data breach that has affected more than 10 million Australians claim they have now deleted the data and will not sell it to anyone.
On 22 September 2022, Optus became the victim of a cyber attack that resulted in the disclosure of their customers' personal information. Information of Optus customers, such as name, date of birth, email addresses, driver's licences, Medicare card and passport numbers, may have been exposed.
How can you apply? Account holders who wish to access information beyond what's available on their bill can request their data using our online request form. Once we have received your request and verified your identity, we'll be back in touch with you within 30 calendar days.
When you access your information from Optus, you only have access to personal information like your name and address. Unlike Telstra, they do not provide detailed information about how you use your service upon initial request.
If you're an Optus mobile phone or home internet customer, here's something we suspect you don't know about your telco: it is monetising customer web browsing histories so they can be targeted with ads based on the websites they have visited.
Australia's data sovereignty law requires that data be kept in a data centre located in Australia (data residency), and be only accessible by Australians at all times. In Australia, data held on Australian soil is subject to and protected by our Australian Privacy Principles (APPs).
Data sovereignty means keeping Australia's data here in Australia and in the hands of Australian people, our governments and our industry. This requires that our data be kept in data centres that are physically located in Australia (data residency), and only accessible by Australian people and companies.
An organisation or agency must also tell us about a serious data breach. Generally, an organisation or agency has 30 days to assess whether a data breach is likely to result in serious harm.