Australian Telephone (AUSTEL) 1992 Privacy Report To Order a Copy, Contact: Austel P.O. Box 7443 St. Kilda Rd Melbourne VIC 3004 Australia Ph +61-3-828-7300 Fax +61-3-820-3021 toll-free number in Australia: 008 335 526 chapter 1 EXECUTIVE SUMMARY AND RECOMMENDATIONS Executive summary{tc "Executive summary"} 1.1 This report focuses on two telecommunications privacy issues which have the potential to be real problems if not addressed - o freedom from intrusion o control of personal data. 1.2 Consumer interests may be protected and promoted by - o applying a principle of informed consent to - consumers' exposure to new technologies - the use or re-use of personal data o a committee of consumers, industry and government agencies developing a voluntary framework for dealing with the issues o funding being made available to AUSTEL to service that committee o industry developing codes of conduct dealing with specific aspects of the issues (eg telemarketing) for approval by the committee. 1.3 Measures to control the capture and use of personal data in a telecommunications context should have regard to, and be consistent with general principles or laws governing privacy issues. 1.4 Divergences from or additions to such general principles or laws should occur only where the telecommunications industry is demonstrated to be unique or at least so special as to require telecommunications specific treatment. Summary of recommendations{tc "Summary of recommendations"} General framework{tc "General framework"} 1.5 AUSTEL recommends that - (1) the level of data protection in the telecommunications industry be set by reference to relevant international standards, such as those established by the Council of Europe (paragraph 3.53) (2) the framework to regulate telecommunications privacy issues focus on general principles that apply to services that might be supplied, rather than on the technologies that deliver those services (paragraph 3.56) (3) measures to control the capture and use of personal data by means of telecommunications networks or services should have regard to, and be consistent with, general principles or laws governing those matters (paragraph 3.58) (4) divergences from, or additions to, general principles or laws governing privacy issues should occur only where the telecommunications industry is demonstrated to be unique or at least so special as to require telecommunications specific treatment (paragraph 3.58) (5) consideration be given to extending the scope of the Privacy Act 1988 beyond its current focus on government bodies to enable the Privacy Commissioner to oversee the collection, storage and use of data by private companies (paragraph 4.25) (6) industry and government agencies adopt a voluntary co-regulatory approach based on a Telecommunications Privacy Committee representing the interests of consumers, users, the industry and relevant government agencies (paragraph 4.28) (7) subject to additional funding being made available for the purpose, the Telecommunications Privacy Committee be ôwith but not of AUSTELö and that AUSTEL service the committee (paragraph 4.29) (8) the Telecommunications Privacy Committee be responsible for - - the identification of general privacy principles applicable to the telecommunications industry - the development of specific guidelines where necessary - encouraging relevant industry and community groups to develop codes of conduct which reflect the general privacy principles and specific guidelines - the approval of codes of conduct which meet appropriate standards, including effective monitoring and enforcement measures (paragraph 4.31) (9) the effectiveness of the voluntary co-regulatory approach and of the Telecommunications Privacy Committee be reviewed in three years against pre-determined performance indicators (paragraph 4.53) Calling Line Identification (CLI) based services, in particular Calling Number Display (CND){tc "Calling Line Identification (CLI) based services, in particular Calling Number Display (CND)"} 1.6 AUSTEL recommends that - (10) the principle of ôinformed choiceö should govern the introduction of Calling Line Identification based services, particularly Calling Number Display (paragraph 5.68) (11) the Telecommunications Privacy Committee should supervise the development by the carriers and other interested parties of a code of conduct that will ensure that customers have the opportunity to make an informed choice (paragraph 5.71) (12) the code should make provision for - o a public awareness program o the ôdefaultö option where a customer does not make a choice (paragraph 5.71) (13) any proposal for a default option should be supported by valid contemporary evidence of its public acceptability, such as independent market research acceptable to AUSTEL and the Telecommunications Privacy Committee. In considering the default option the Telecommunications Privacy Committee should have regard to the potential social or other benefits of CND along with the public interest in leaving consumers' existing arrangements undisturbed unless they choose positively to alter them (paragraph 5.75) (14) AOTC proceed with a trial of Calling Line Identification based services including Calling Number Display during 1993 - the conditions of such a trial being agreed with the Telecommunications Privacy Committee (paragraph 5.79) (15) those responsible for the development of the code of conduct to ensure customers have the opportunity to make an informed choice have regard to the outcomes of the trial and other relevant research results or information available at the time (paragraph 5.79) (16) prior to the introduction of Calling Number Display and other such services, the carriers should undertake a public awareness campaign to inform the community about the implications of both sending and receiving Calling Number Display (paragraph 5.86) (17) the Telecommunications Act 1991 be amended to remove any doubt whether AUSTEL may vary its Service Providers Class Licence to require a service provider receiving Calling Line Identification information to develop for approval by the proposed Telecommunications Privacy Committee a code of conduct for dealing with such information (paragraph 5.101) (18) service providers be required to observe such a code (paragraph 5.101) (19) the code be subject to the jurisdiction of the Telecommunications Industry Ombudsman so that the Ombudsman may receive and resolve complaints alleging breaches of the code and, where appropriate, recommend to AUSTEL whether it should take action under the class licence for a breach of the service provider's obligation to observe the code (paragraph 5.101) Unsolicited telecommunications{tc "Unsolicited telecommunications"} 1.7 AUSTEL recommends that - (20) appropriate codes of conduct be developed by relevant industry and community groups for approval by the Telecommunications Privacy Committee to deal with intrusion , control of personal data and fair trading issues in relation to unsolicited telecommunications (paragraph 6.32) (21) separate codes of conduct be developed in respect of the different categories of unsolicited telecommunications (paragraph 6.32) (22) subject to the agreement of the carriers which will fund the proposed Telecommunications Industry Ombudsman scheme, the Telecommunications Industry Ombudsman should take responsibility for the initial collection and collation of complaints relating to unsolicited telecommunications, referring them to other agencies as appropriate (paragraph 6.43) (23) the Telecommunications Privacy Committee should oversee the development of a cost-effective process by which consumers who prefer not to receive unsolicited telecommunications may, as far as possible, exercise that preference (paragraph 6.64) Equipment issues{tc "Equipment issues"} 1.8 AUSTEL recommends that - (24) individuals affected should be informed by appropriate means whenever data resulting from the use of a Telephone Information Management System (TIMS) is being collected and processed (paragraph 7.16) (25) in the case of the use of TIMS by hotels and motels, the owners and operators of motels and hotels using TIMS to charge guests for telephone calls be encouraged to develop a code of conduct with regard to the use and re-use of the data so collected (paragraph 7.16) (26) at this stage, the development of a code of conduct under the auspices of the Telecommunications Privacy Committee, rather than legislative amendment, is the most appropriate way of resolving issues relating to the use of Automatic Calling Equipment (paragraph 7.27) (27) at this stage, the development of a code of conduct under the auspices of the Telecommunications Privacy Committee, rather than legislative amendment, is the most appropriate way of resolving issues relating to the use of unsolicited facsimiles (paragraph 7.29) Customer information issues{tc "Customer information issues"} 1.9 AUSTEL recommends that - (28) compilers and purchasers of reverse directories develop a code of conduct that recognises the sensitivity of a reverse telephone directory compared to one that can only be accessed when the name of the subscriber is known (paragraph 7.35) (29) Carriers develop a code of conduct that relates to their handling of customer information, including - - the exchange of customer information between them, service providers and within the divisions of their own organisation. - the provision of options with regard to itemised billing (paragraph 7.41) CHAPTER 2 THE INQUIRY: REASONS AND SUPPORT FOR, THE CONSULTATIVE PROCESS AND DEVELOPMENTS DURING Reasons for the inquiry 2.1 Support for the inquiry 2.2 Consultation 2.5 Developments in the course of the inquiry 2.11 {tc ""}Reasons for the inquiry 2.1 AUSTEL decided (in October 1991) to hold a public inquiry into the privacy implications of telecommunications services because a number of issues were emerging in Australia which overseas experience indicated could become problems if they were not resolved at an early stage, eg - o Telecom (which has since merged with OTC to form AOTC) approached AUSTEL in September 1991 to discuss its plans to introduce a range of services based on Calling Line Identification including some services which had given rise to privacy concerns in North America. (As a result of debate engendered by AUSTEL's inquiry, AOTC has postponed the introduction of such services until related privacy issues have been resolved.) o Suppliers were seeking from AUSTEL permits for Automatic Calling Equipment, the unrestricted use of which had produced a consumer backlash in North America, to the detriment of its telemarketing industry and carriers. AUSTEL has no power to impose conditions of use on such equipment or to withhold a permit on public interest grounds. o The proposed merger of Telecom with OTC would have the effect of limiting the application (to the handling of tax file numbers and credit reporting) of the Privacy Act 1988 to the merged entity and that Act would likewise have limited application only to the then proposed new carrier (Optus). o There were unresolved privacy issues with respect to Telephone Information Management Systems. As observed above, AUSTEL has no power to impose a condition of use on such equipment or to withhold a permit for it on public interest grounds. Nor is it able to impose conditions relating to the ômaskingö of the last two digits of numbers recorded on TIMS equipment such as those imposed by Telecom (at the behest of the NSW Privacy Committee) when it had responsibility for issuing permits prior to the establishment of AUSTEL. This was not well understood within the industry and produced regular complaints to AUSTEL. AUSTEL also considered it important that the community and industry should be consulted on how such privacy issues might be resolved. Support for the inquiry{tc "Support for the inquiry"} 2.2 A number of submitters supported the need for, and timeliness of, the inquiry. The Privacy Commissioner welcomed the inquiry, saying that - ô...new technologies are now entering the Australian market which if left unconstrained in their use could radically alter traditional levels of privacy protectionö. 2.3 The submissions of the Consumers' Telecommunications Network and the Communications Law Centre made similar points, with the latter saying - ôAUSTEL's Inquiry into the Privacy Implications of Telecommunications Services is welcome both for the issues being covered and because it is being conducted before many of the worst abuses of privacy experienced in overseas telecommunications systems have been introduced into Australia. However, the Centre does not believe this inquiry will be able to solve all the privacy issues that may arise in the futureö. 2.4 On the other hand, a small number of submitters argued that telecommunications privacy issues are not as difficult or pressing as suggested by other submitters. In particular, submissions from members of the market research industry argued that their industry has an adequate self-regulated code of conduct and that further intervention would be unwarranted. Consultation{tc "Consultation"} 2.5 AUSTEL is firmly committed to the view that if it is to lay firm foundations for the Australian telecommunications industry it must do that in consultation with interested parties. Accordingly it has undertaken extensive consultation in the course of this inquiry. It has been AUSTEL's experience with a number of inquiries and investigations that the processes of consultation and discussion promote an understanding of other viewpoints among participants and enhance the likelihood of creative and cooperative approaches to the issues. That has been particularly the case with this inquiry and there have been a number of changes in its course which are outlined in the next section of this chapter. 2.6 A discussion paper was issued to focus debate and a series of public seminars were held in all capital cities and a major regional centre. The seminars were followed by a draft report and further seminars. The emphasis was to seek constructive input and to engender positive discussion. 2.7 If the consultative approach is to work, AUSTEL must be able to tap into the views of the widest possible cross-section of the general community as well as those of industry participants and organised groups. There are, however, difficulties in doing that. Notwithstanding that the inquiry was widely advertised and generally received considerable media coverage, the inquiry gathered momentum slowly. Submissions were more likely to come from industry participants and those who were informed on these issues than from members of the general public. Private individuals were more likely to comment on unsolicited telecommunications, rather than network matters or issues to do with the implementation of a privacy framework. 2.8 Accordingly, AUSTEL drew on the resources of peak industry bodies and peak bodies representing the interests of consumers and users. Those bodies provided valuable input and AUSTEL is most grateful to the organisations representing community interests that made submissions. 2.9 On other topics AUSTEL has gauged the views of the general community by undertaking qualitative (focus group) and quantitative (survey research). Such research was not appropriate in this instance because those who might have participated in focus groups or a survey would have had no real familiarity with the technologies in issues such as Calling Line Identification and Calling Number Display. 2.10 Notwithstanding the difficulties of reaching the general community on issues such as these, AUSTEL is satisfied that it has a good feel for the general community's attitudes to telecommunications privacy issues, not only through the peak bodies representing individual consumers but also through the media generally, particularly as AUSTEL staff participated in some 40 talkback radio interviews broadcast throughout Australia. Developments in the course of the inquiry{tc "Developments in the course of the inquiry"} 2.11 Debate engendered by the inquiry has moved AOTC to delay its introduction of Calling Line Identification (CLI) based services until there is a framework in place to resolve issues surrounding the introduction of such services. An important consequence of this decision is that it gives time for the proposed Telecommunications Privacy Committee to gather extra information about such services. 2.12 The debate engendered by the inquiry also led AOTC and Alcatel to propose a trial of CLI based services during 1993. The proposed Telecommunications Privacy Committee should be able to use this trial to make informed decisions about the introduction of CLI based services. 2.13 During the course of the inquiry, an amendment to section 88 of the Telecommunications Act 1991 was made to address an issue recognised at an early stage of the inquiry, namely, the absence of any limitation on the use a service provider may make of Calling Line Identification information it might acquire from a carrier. 2.14 While the inquiry has been in train there have been decisions and developments on the international front that confirm AUSTEL's view that telecommunications privacy issues are significant. For example, the Canadian Radio-television and Telecommunications Commission (CRTC) reversed a previous decision and ordered Bell Canada to make free blocking options available in its offering of its equivalent of Calling Number Display. The Canadian Department of Communications has called for public comment on a proposed set of telecommunications privacy principles. The New Zealand Department of Commerce commissioned a major report on privacy and interception telecommunications issues. There has also been international interest in AUSTEL's inquiry. 2.15 The consultation process that has been a feature of this inquiry has laid a firm foundation for the work of the proposed Telecommunications Privacy Committee. CHAPTER 3 c.TELECOMMUNICATIONS ôPRIVACYö IN CONTEXT The meaning of ôprivacyö for the purposes of the inquiry 3.3 The nature of telecommunications privacy issues 3.12 The impact of competition on telecommunications privacy issues 3.26 Overseas perspectives and developments 3.33 Europe 3.37 Japan 3.45 Canada 3.46 New York 3.47 Do telecommunications privacy issues require a special approach? 3.48 3.1 Unless telecommunications privacy issues are addressed, they have the potential to become controversial and divisive and are likely to decrease significantly the level of trust consumers have in the telecommunications system. It is important that AUSTEL be proactive rather than reactive in this area. 3.2 This chapter - o canvasses what ôprivacyö means in a telecommunications context - paragraph 3.3 o outlines the specific issues discussed in this report - paragraph 3.12 o considers the impact of competition on telecommunications privacy issues - paragraphs 3.26-3.24 o outlines international approaches to telecommunications privacy issues paragraphs 3. 33-3.47 o looks at the characteristics of the telecommunications industry that bear on the telecommunications privacy issues - paragraph 3.48-3.57 The meaning of ôprivacyö for the purposes of the inquiry{tc "The meaning of ôprivacyö for the purposes of the inquiry"} 3.3 For the purposes of this inquiry AUSTEL focused on two aspects of privacy, namely - o privacy in the sense of freedom from intrusion o privacy in terms of the control of personal data. Freedom from intrusion This aspect of privacy is sometimes expressed as the right to quiet enjoyment of one's home. Although it has been argued that intrusive activities are not in themselves breaches of privacy, many people equate privacy with freedom from intrusion and regard unwanted telecommunications as extremely intrusive. This aspect of privacy is further considered in paragraphs 6.11 - 14. Control of personal data Privacy is also regarded as a right to control the use of personal data about oneself. This is the sense in which the Australian Privacy Commissioner and his equivalents in many other countries use the term. In this sense, privacy is about information privacy, and is encompassed by principles such as o openness about data collection o limitations on methods of collection o specification of the purpose for which the data is being collected o limitations on re-using data for purposes not specified o expectations about the accuracy and currency of the data. These are some of the principles upon which the Australian Privacy Act 1988 is founded. 3.4 There are strong views in the community on privacy issues, especially the intrusion aspects. For some people ôprivacyö operates as a kind of shorthand for deeply held convictions about their autonomy and right to be free of interference. To them privacy is a basic human right which underpins other human rights. Some people also see the concept of privacy in absolute terms, so that suggestions that turn on balancing a loss of privacy with the achievement of other benefits are totally unacceptable. 3.5 The depth of feeling about unsolicited telecommunications and the anger and frustration they generate is shown in the following quotations from submissions received by AUSTEL in response to its initial discussion paper - o ôThey [unsolicited telephone calls] are an unwelcome, unwarranted invasion of privacy. They can and do delay other urgent calls. They are a complete waste of my time which is valuable. They interrupt thought, activity or leisure. They are not a raison d'etre for having a phone line. They are simply a pain in the bum.ö (Brian Garth) o ô_would like to register my strongest disapproval of the practice of making unsolicited phone calls_I got so sick of this that I changed my number to an unlisted one_I do resent the fact that I have to have an unlisted number as protection.ö (Mandy Swaney) o ôI wish to declare my objection to any form of telemarketing that involves phone calls to private homes_I consider such calls a nuisance and an intrusion on privacy.ö (Patricia Prendergast) o ôMany people feel angry about telemarketing. This is partly due to the fact that it cannot be escaped, and that it could happen at any time. It is also due to the fact that it degrades certain functions of the telephone system - and certain aspects of human relations - which are far removed from the actual telemarketing call itself. This degradation is widespread and constitutes a degradation of good things which our society values but has taken for granted because they have never been under threat before.ö (Robin Whittle) 3.6 In his response to AUSTEL's draft report, Myles Ruggles, a researcher with CIRCIT (the Melbourne based Centre for International Research on Communication and Information Technologies), explored what privacy means in communication, drawing upon the fields of social and behavioural psychology - "Privacy may _ be defined as an index of the degree of consent to and control of their relationships with others which individuals experience." 3.7 Based on that definition, Mr Ruggles concludes that privacy should provide an individual with the following abilities - ô1. the ability to enter into only those relationships which individuals have mutually chosen, and to terminate relationships; 2. the ability to control relationships on the basis of mutually accepted interaction rules (regarding e.g. frequency of interactions, permissible interruptions...) 3. the ability to participate in the selection of topics of interaction ... 4. the ability, within a given relationship, to limit disclosure of the existence, characteristics or contents of other relationships.ö 3.8 This social, even subjective, approach to privacy helps to explain the mixed reactions different people have to services such as Calling Number Display. People set their own expectations of privacy and are unconvinced when people with different expectations of privacy tell them theirs is too high or too low. 3.9 Such an approach also brings together both aspects of privacy (freedom from intrusion and control over personal data) outlined above. This report takes up both aspects and recognises the connection between them. There are, however, points in the analysis at which it is important to distinguish between them. Where this report talks of ôtelecommunications privacy issuesö, the intent is to include both freedom from intrusion and control over personal data issues that arise in a telecommunications context. 3.10 The right to privacy is not, however, absolute. It needs to be balanced against other public interests such as effective law enforcement and national security. Thus section 47 of the Telecommunications Act 1991 requires AUSTEL, the carriers and eligible service providers to co-operate with and assist Commonwealth, State, and Territory law enforcement agencies and section 88 of the Act recognises that information carriers should otherwise treat as confidential may be disclosed for law enforcement and national security purposes. 3.11 To that end AUSTEL's Law Enforcement Advisory Committee (which consists of representatives of the carriers, law enforcement and national security agencies together with relevant government departments) has prepared draft guidelines for the disclosure of call charge recording information by carriers. A copy of the draft guidelines appears at Appendix 9. The nature of telecommunications privacy issues{tc "The nature of telecommunications privacy issues"} 3.12 The following telecommunications privacy issues were canvassed in the course of the inquiry - o intrusion issues - unsolicited telephone calls - unsolicited or ôjunkö faxes - Automatic Calling Equipment o personal data issues - carriers' customer information - Calling Line Identification - Calling Number Display - reverse directories - Telephone Information Management Systems - itemised billing - emergency services. Unsolicited telephone calls 3.13 Unsolicited telephone calls, discussed in Chapter 6 of this report, generated a good deal of critical comment from people receiving them, while telemarketers, market researchers and charities making such calls defended their actions. Unsolicited or ôjunkö faxes 3.14 The issue of unsolicited or ôjunkö faxes, canvassed in Chapter 7, did not generate the widespread emotional responses that unsolicited telephone calls did, nor anything like the submissions in support that such calls received. This is consistent with the result of AUSTEL's 1989 and 1991 research to the effect that while ôjunkö faxes have the potential to be a problem, they are not yet a problem. Automatic Calling Equipment 3.15 The issue of Automatic Calling Equipment is closely related to unsolicited telephone calls. From one point of view, such equipment has the potential to exacerbate the problems attached to receiving such calls, while from another, the equipment has real cost benefits. It involves considering how equipment issues may be handled and is covered in Chapter 7. Carriers' customer information 3.16 There are a range of privacy issues that arise in relation to the information held about customers by carriers and service providers. Some of this information - that which is generated in the network and provides a record of the customers' calls (that is, the information provided by Calling Line Identification) - is telecommunications specific, and is dealt with in Chapter 7. Carriers' customer data bases 3.17 While customer data (name, address, telephone number and credit records) held by a carrier is essentially similar to that held by any other commercial organisation, some submissions treated it as a telecommunications specific issue It is discussed in Chapters 3 and 7. Calling Line Identification 3.18 Calling Line Identification (CLI) is the major source of information that is generated in the network. It is described in Chapter 5. As more transactions are conducted electronically across the telecommunications network, the body of information about individuals captured by CLI will become larger and, perhaps, more sensitive. An important issue related to CLI is privacy implications of providing it to service providers. This is also discussed in Chapter 5. The telecommunications specific issues related to personal data are all related to CLI and the services it makes possible, like Calling Number Display, which is also canvassed in Chapter 5. Calling Number Display 3.19 Calling Number Display (a product or service derived from a network's capability to provide Calling Line Identification) entails a subscriber to the service having the number of a person calling the subscriber shown on a liquid crystal display on the subscriber's phone. The implications of this for both the calling party and the caller, the ways the service could be structured, the use which might be made of numbers so displayed, and the commercial implications are the major topics of Chapter 5. Reverse directories 3.20 Reverse directories, discussed in Chapter 7, enable a person's name and address to be ascertained by reference to a person's telephone number. Such directories enhance the use a subscriber to a Calling Number Display service, say, an ôinbound telemarketerö, might make of the calling party's number displayed on the subscriber's phone. Telephone Information Management Systems 3.21 Telephone Information Management Systems (or TIMS equipment) enable, say, a hotel to record details of the numbers called from particular extensions so that it may bill its guests. Likewise an employer may keep records of and analyse the numbers called by its employees. The implications of this are canvassed in Chapter 7. Itemised billing 3.22 Itemised billing which has been a feature of some overseas telecommunications systems for some years is currently being phased into the Australian network for timed calls (long distance, international and 0055 calls). Full itemisation or disclosure of all numbers called to services charged on a timed basis may give rise to privacy issues where, for example, there is a joint use of a telephone service or an employee is required to submit a telephone bill to an employer for reimbursement. Those issues are briefly considered in Chapter 7. Emergency and Assistance Services 3.23 A number of submissions raised issues relating to the terms and conditions upon which emergency services (other than Telecom's ô000ö service) and community assistance lines (eg - LifeLine) might be given access to Calling Line Identification. 3.24 AUSTEL is undertaking a separate detailed examination of emergency services having regard to - o the recent proliferation of emergency service numbers beyond Telecom's ô000ö reference service (for ambulance, fire and police) to a wide variety of numbers (eg - 11441, 11444 and 114400 for the Victorian Fire Brigade, Police and Ambulance, respectively) o the adequacy of section 88 of the Telecommunications Act 1991 in its coverage of the use such a service might make of the information displayed to it o the evolution of different patterns of emergency services in particular States and within States o the implications of having some emergency service numbers providing anonymity and others not o general concerns expressed to AUSTEL outside this inquiry about the adequacy of Telecom's ô000ö service. 3.25 Concerns raised by some submitters to the effect that allowing a caller to ôblockö Calling Number Display might limit information available to an emergency service are without foundation - blocking of Calling Number Display by a customer would not block Calling Line Identification within the network. Nor would it stop the tracing of hoax calls to emergency services or the tracing of malicious or obscene calls. The impact of competition on telecommunications privacy issues{tc "The impact of competition on telecommunications privacy issues"} 3.26 The introduction of competition in telecommunications raises additional issues with respect to the confidentiality and control of personal information held by companies providing telecommunications services. In a monopoly situation the handling of an individual's personal data is a matter to be resolved between the individual and the monopoly carrier. In a competitive situation not only is personal data about customers available to more organisations, but the sharing of such data between organisations involved in providing telecommunications services is, in certain circumstances, necessary and obligatory. In other circumstances there may be pressure exerted by new entrants to the industry to force the incumbent to disclose information gathered in a monopoly setting. 3.27 An example of mandatory information sharing in the competitive setting is the condition of the General Carrier Licences, under which AOTC and Optus operate, that they must supply information about callers and called parties to each other across the points where their networks interconnect. The exchange of such information is essential to allow each carrier to bill their respective customers and to charge each other for the use made of their network. Likewise, a service provider offering switched services also requires access to CLI information. 3.28 Some submitters commented on the issues that arise from the need to have information available on a competitive basis. A recommendation in the Privacy Commissioner's submission called for review of the condition in the General Carrier Licence relating to the sharing of information to ensure that it is restricted to what is strictly necessary. The Communications Law Centre also expressed disquiet at the need to make information about individuals available in a competitive industry. 3.29 There may be tensions between promoting competition and protecting consumer privacy. It is clearly important that competitive and effective businesses be permitted to take advantage of the new opportunities afforded by the introduction of competition. At the same time it is important to remember that use of personal information about individuals should be limited to that for which it was originally collected, unless the owner of the information (the data subject) has given express and informed consent. 3.30 These issues have arisen in the United States of America and, at least at a federal level, have been largely resolved in favour of the pro-competitive position. For example, the Federal Communications Commission's inquiry into Open Network Architecture concluded that in order to facilitate competition, certain information held by telephone companies should be made available to other service providers. As a result service providers have demanded information about the parties to a call that was carried across their facilities, including information about the caller that is contained in the carrier's customer data base, eg - billing information and, in some cases, credit information. Several State regulatory agencies in the USA are now examining this issue from both the competition and the consumer protection perspectives. 3.31 Clearly there are competitive, consumer protection and privacy considerations related to how information about individuals held by carriers and service providers should be handled and disseminated in a competitive environment. AUSTEL believes that better solutions will be found if all sets of considerations are taken into account. A code of conduct relating to customer information developed by the carriers and submitted for approval to a committee representing a range of industry interests, in line with the approach to telecommunications privacy recommended in Chapter 4, is the preferred approach. 3.32 Issues related to the use and dissemination of information about a customer may also arise within a single company and are not restricted to passing information between companies. For example, it may be argued that it is a breach of privacy for a carrier's billing division to pass to its customer equipment division the information that a customer's telephone bills have just increased markedly and that it may be possible to sell the customer some new equipment or service. Issues related to the handling of customer information within the organisation are discussed in Chapter 7,including itemised billing, where an appropriate recommendation is made. Overseas perspectives and developments{tc "Overseas perspectives and developments"} 3.33 Recent developments in Europe and North America suggest that both the intrusion and the personal data aspects of telecommunications privacy are becoming increasingly prominent and controversial. International developments specific to particular issues are discussed elsewhere in this report: paragraphs 3.33 - 3.37 give some information on uses of guidelines and codes of conduct, paragraphs 5.10 - 5.19 discuss CLI based services in other parts of the world, while paragraphs 6.5 - 6.8 briefly cover responses to unsolicited telecommunications elsewhere. 3.34 The components of privacy concerns vary from place to place, but include such developments as - o competition leading to wider access to, and less accountability for, information o technological developments that support the collection and transmission of information o commercial developments that utilise telecommunications in systematic ways for marketing and canvassing. 3.35 Overseas experience also suggests that developments in areas related to telecommunications have expanded the ability to collect, store and re-format information to a point where information previously freely volunteered may now be regarded by some as private and jealously guarded. For example, the development of software for reverse directories that enable a name and address to be established by reference to a telephone number may mean individuals are now less likely to volunteer their phone numbers. 3.36 There has also been a spread in telecommunications services canvassed in this report. The Calling Line Identification-based services such as Calling Number Display described in paragraph 5.7 have been introduced by a substantial number of telephone companies, especially in North America. There is considerable work being done overseas on the regulation of telecommunications privacy issues at an international level. Europe{tc "Europe"} 3.37 In Europe four instruments are being prepared which will have a significant impact on telecommunications privacy issues. ISDN data protection directive 3.38 The first is a proposed directive by the European Commission relating to ISDN and privacy. An objective of this proposal is to harmonise the regulations concerning the protection of personal information in the telecommunications industry throughout the twelve EC countries. If this is not done, divergent regimes for the protection of privacy issues may develop and this could endanger the free use of telecommunication services and terminal equipment between, at least, the EC countries. This may, in turn, inhibit the free flow of information. For example, divergent approaches to the issue of blocking CND and the precise mechanism used for achieving this may lead to difficulty with international telecommunications usage. 3.39 It was reported at the 14th Annual Conference of International Data Protection and Privacy Commissioners held in Sydney at the end of October 1992 that progress on this directive has been slow. While during the course of this inquiry there were amendments to the draft, it will not be advanced until the general directive referred to below has proceeded. General data protection directive 3.40 In its present form this general proposal provides a detailed data protection blueprint to be followed by the EC member countries. The relationship of these two directives is that the ISDN one applies the general data protection principles to the new telecommunications networks. As the Privacy Commissioner pointed out in his original submission the proposed ISDN directive is based on the premise that - ôeffective protection of personal data and privacy is becoming æan essential pre-condition for social acceptance of the new digital networksÆö. The Council of Europe's initiative 3.41 The third legal instrument is from the Council of Europe, a human rights body established after World War II which formulates conventions on human rights for ratification by its member countries. Its Committee of Experts on Data Protection has developed "A Draft Recommendation on the Protection of Personal Data in the Area of Telecommunications Services, with Particular Reference to Telephone Services". The preamble to the recommendation includes the following - ô...technological developments in the area of telecommunications, in particular telephone services, may entail possible risks to the privacy of the user, as well as possible inhibitions on his freedom of communications...ö 3.42 This recommendation sets out detailed guidelines for the use of telecommunication networks and services. It recommends to member countries that data protection in telecommunications be taken into account in domestic law, and that the provisions of the recommendation are brought to the attention of network operators and providers of telecommunications services and equipment. The specifics of the recommendation cover both intrusion and personal data protection issues. For example, the recommendations include that - o there should be no disincentives for refusing to be included in a directory o direct telephone marketing to a subscriber who has expressed the wish not to receive such marketing should not be permitted o the introduction of calling number display should be accompanied by the ready and free availability of a blocking mechanism. Member countries of the Council of Europe will be encouraged to adopt these recommendations. They are expected to be finalised in the near future. OECD guidelines 3.43 The fourth instrument is a proposal from the Organisation for Economic Co-operation and Development concerning guidelines for network security. These voluntary guidelines are designed to apply across all sectors so that they will have application in the telecommunications industry. These are expected to be published before the end of 1992. (See: Kirby J . ôInformation Security - O.E.C.D. Initiativesö Journal of Law and Information Science, (1992) 25.) Trans-border data flow issues 3.44 A particular aspect of privacy concerns the movement of personal data from one country to another, for example, by multi-national companies. Trans-border data flows, as such transfers of data are called, have been of particular concern in Europe, particularly where the country to which the data is being sent has lower standards of data protection than that in which it was collected. These concerns have led to considerable efforts to draw up a European-wide charter for dealing with trans-border data flows, focussed by Europe's move towards a single market. Internationally , this has caused concerns because it may make it more difficult for non-European companies based in countries with lower standards of data protection to do business with Europe. A desirable outcome of this inquiry would be that the Australian levels of data protection in the telecommunications sector meet European standards. Japan{tc "Japan"} 3.45 The Ministry of Posts and Telecommunications in Japan has issued Guidelines on the Protection of Personal Data in Telecommunications Business. Based closely on the OECD Guidelines, the commentary on the guidelines highlights some of the specific privacy concerns in the area of telecommunications such as that the data subject may not be aware that data has been collected and the retention of data in systems. Such concerns are not unique to telecommunications. Although referred to as ôguidelinesö, the document appears to be binding on carriers, while providing guidance to other participants in the industry. The document specifies the data which might need to be collected in order to provide services and therefore the data to which the guidelines apply - o information collected for the subscriber's contract - subscriber's name and address - place and type of terminal equipment and other customer telecommunications facilities - name and address to be billed - account number of financial institution concerned. o during the use of services - type of services - ID of calling subscriber - ID of called subscriber - date and time calls initiated and terminated - duration of the calls or the data volume transmitted - accounting period or units to be charged o other data - amount billed - payment status. Canada{tc "Canada"} 3.46 Canada has also moved to address the issues of telecommunications privacy. The Department of Communications issued a set of five Privacy Principles for public comment on 29 June 1992. The principles can be summarised as covering recognition of privacy considerations, public awareness, the maintenance of privacy at no extra costs to consumers, the control of personal information and review mechanisms. The context of this move includes concern about the implications of CLI based services and recognition of the need to have stringent privacy safeguards to avoid being disadvantaged in telecommunications trade partnerships with European countries. New York {tc "New York "} 3.47 In developing principles relating to the protection of telecommunications data, the State of New York's Public Service Commission took as its starting point the U.S. Federal Communications Commission's open network architecture rulings. As a result the NYPSC has issued a set of telecommunications specific principles which do not appear to draw upon the OECD or other international guidelines. It acknowledges - o the privacy implications of open network arrangements o technical options for protecting privacy, for example, through ôblockingö which leave the control in the hands of the customer o that individuals have different privacy expectations and should be offered choices, both with regard to incoming and outgoing transactions. Where a service compromises privacy levels a telephone company should provide a means of restoring the lost privacy on a cost-free basis, but customers seeking ôpremium privacy protectionö should cover or contribute to the cost of that. .c.Do telecommunications privacy issues require a special approach?{tc ".c.Do telecommunications privacy issues require a special approach?"} 3.48 The telecommunications industry has a number of characteristics which make it special and which need to be taken into account in designing a approach to the resolution of telecommunications privacy issues, eg - o its global nature o high infrastructure costs o rapidly developing technologies o a range of participants. 3.49 These characteristics are not unique to telecommunications. In differing degree they are shared by other industries and enterprises. The broadcasting and public communications industry shares many of these characteristics and there is in fact a convergence of technologies which will accelerate as broadcasting technologies become interactive. Multi-national companies involved in expensive research may allocate different parts of a large project to its subsidiaries in different parts of the world sharing the characteristics outlined above. Where some confusion may arise is that other industries which share some of all of these characteristics may be using the telecommunications networks for their data flows and transfers of personal information. Using telecommunications means for conveying personal information does not by itself comprise an issue of telecommunications privacy. In such cases the telecommunications network may be being used as the conduit for the information, but equally the same issues would have come up if the mail or a private courier service had been used. Even if a fax machine is used to transmit sensitive medical information, that is essentially an issue for the medical companies concerned; it is not a telecommunications issue. 3.50 While the telecommunications industry has the above special characteristics, they are not unique and do not necessarily call for telecommunications specific privacy regulation. Certainly the capture and use or misuse of personal information is by no means unique to the telecommunications industry - all that is special is that technological developments in the telecommunications industry mean that such information may be captured and used more quickly than in some other industries. AUSTEL's concern in exploring the issues and recommending an approach is largely related to timing. These issues are becoming more urgent, and industry-specific solutions are better than a long delay while an overall solution is put into place. These issues are also canvassed in Chapter 4. The global nature of the telecommunications industry. 3.51 The development of trans-national digital networks and associated value added services enable vast amounts of information to be collected, stored and accessed electronically across national boundaries. 3.52 If individual countries develop disparate laws, regulations and administrative regimes to deal with privacy issues, the growth of telecommunications services and other industries may be impeded, either because a country with high levels of data protection places obstacles in the way of transfer of information to a country with low levels, or because the lack of consistent levels of data protection produces substantial administrative difficulties. But this danger is not unique to telecommunications personal data - it applies equally to data that might be collected about an individual's health or finances. These considerations relate to trans-border data flows discussed above. 3.53 The approach that is developed in this country needs to take account of the levels of privacy protection being implemented in other countries, especially those with which we have significant telecommunications traffic. In order to enhance Australia's international competitiveness - AUSTEL recommends that the level of data protection in the telecommunications industry be set by reference to relevant international standards, such as those established by the Council of Europe. High infrastructure costs 3.54 Any regulation of telecommunications privacy issues must recognise the high costs associated with the development and installation of telecommunications networks. If it does not, there is a danger that the introduction of new services may be stifled or that the unpredictability produced by regulatory delays or shifts may act as a disincentive to investment. This is not to say that underlying principles and policies should be set aside: arguments of infrastructure and investment costs are often based on speculative assumptions and need careful examination. Rapidly developing technologies 3.55 In an industry as dynamic as the telecommunication industry, a regulatory framework that focuses on technologies is likely to become redundant very rapidly. 3.56 Accordingly, any framework to regulate telecommunications privacy issues should focus on general principles that apply to services that might be supplied rather than on the technologies that deliver those services. AUSTEL recommends that the framework to regulate telecommunications privacy issues focus on general principles that apply to services that might be supplied, rather than on the technologies that deliver those services. A wide range of participants 3.57 The telecommunications industry touches everybody in the community to a greater or lesser degree. Participants in the industry include - o manufacturers and other equipment suppliers o carriers o service providers o users, including both large commercial organisations and individual consumers The degree to which these participants can be reached, or ought to be reached, by regulation varies considerably. What is appropriate for a carrier, operating under a licence, and what is appropriate for a small business operating in a technological niche are quite different. This factor makes the design of an approach to telecommunications privacy more complex. 3.58 While the telecommunications industry has the above special characteristics, they are not unique and do not necessarily call for telecommunications specific regulation. Certainly the capture and use or misuse of personal information are not unique to the telecommunications industry - all that is special is that technological development in the telecommunications industry means that such information may be captured and used more quickly than in some other industries. AUSTEL recommends that - o measures to control the capture and use of personal data by means of telecommunications networks or services should have regard to, and be consistent with, general principles or laws governing those matters o divergences from, or additions to, general principles or laws governing privacy issues should occur only where the telecommunications industry is demonstrated to be unique or at least so special as to require telecommunications specific treatment. 3.59 Such a case might be made in respect of things only a telecommunications network or service may deliver, eg - o unsolicited telephone calls o telemarketing o unsolicited or ôjunkö faxes o some aspects of Calling Number Display CHAPTER 4 AN AUSTRALIAN APPROACH TO TELECOMMUNICATIONS PRIVACY ISSUES The existing privacy framework 4.2 Possible alternative approaches 4.11 Why not leave the existing framework alone? 4.12 Amendment to the existing framework 4.14 Should section 88 of the Telecommunications Act 1991 be amended? 4.15 Should the Privacy Act 1988 be amended? 4.20 A new approach 4.26 A voluntary co-regulatory model 4.28 Status of the proposed Telecommunications Privacy Committee 4.29 Terms of Reference for the Telecommunications Privacy Committee 4.31 Committee Membership 4.37 Sub-committees of the Telecommunications Privacy Committee 4.48 Funding of the Telecommunications Privacy Committee 4.51 Review of the Committee's Activities 4.53 Guidelines and codes of practice 4.54 4.1 This chapter covers - o the nature of the existing Australian approach to privacy issues o possible avenues for addressing the issues of telecommunications privacy o a description of the voluntary co-regulatory approach that AUSTEL is recommending. Voluntary co-regulation means an approach that brings together industry participants such as the carriers and service providers, consumer bodies and relevant government agencies in an environment that fosters proactive cooperation as an alternative to formal regulation. The existing privacy framework{tc "The existing privacy framework"} 4.2 The existing privacy framework is provided by the Privacy Act 1988. This Commonwealth legislation establishes the position of a Privacy Commissioner and gives to that office some powers to audit and require Commonwealth government bodies to observe the Information Privacy Principles (detailed in Appendix 7) which are derived from the Privacy Guidelines of the Organisation for Economic Co-operation and Development (OECD). 4.3 While the major part of the act applies only to government bodies, parts of the Privacy Act do apply to the private sector. The Privacy Amendment Act 1990 established requirements which apply to private sector organisations relating to the handling of data on the credit records of individuals. The Privacy Commissioner is authorised to encourage compliance with the Information Privacy Principles guidelines through the private sector, as well as overseeing the compliance of federal government bodies with these guidelines. While Telecom was once regarded as a government body, since its merger with OTC to form AOTC it is only subject to the Act to the extent that any private company is. The same applies to Optus. The Privacy Act 1988 is general legislation without specific application to telecommunications. 4.4 Avenues for individuals or organisations which believe their privacy has been breached under the common law can be expensive to use and at best offer redress rather than protection. Breaches of privacy in the area of telecommunications may be relatively small ones, like the unauthorised release of a phone number to a third party, and not the kind of grievance that should be taken to court. 4.5 Specific legislation relating to telecommunications in terms of the disclosure, information handling and privacy is laid down by section 88 of the Telecommunications Act 1991. It reflects similar provisions in earlier legislation that imposed duties on the employees of Telecom, OTC and AUSSAT not to disclose the contents of communications that came to their knowledge because they were such employees. 4.6 Section 88, set out in full in Appendix 8, creates a criminal offence if an employee, or former employee, of a carrier discloses or uses any fact or document that relates to - o the contents of a communication carried by the carrier or in the course of such carriage o telecommunications services supplied to another person by the carrier o the affairs or personal particulars (including an unlisted phone number or address) of another person and that came to the employee's, or former employee's, knowledge or possession because he or she is, or was, an employee of a carrier. The penalty for breach of the provisions is imprisonment for two years. 4.7 The Explanatory Memorandum for the Telecommunications Bill 1991 states in relation to section 88 that - ôThe application of the offence to the 'use' of a fact or document is a considerable extension of the prohibition and is included to give effect to Information Privacy Principle 10 in section 14 of the Privacy Act 1988.ö [The Information Privacy Principles are set out in Appendix 7]. 4.8 The section also creates a number of exemptions to the disclosure prohibitions, eg - o disclosure made in the performance of a person's duties as an employee of a carrier o disclosure made as a witness summonsed to give evidence or to produce documents o disclosure to the police, fire brigade or ambulance where there has been an emergency call o disclosure of information relating to the affairs or personal particulars of a person in circumstances which the Explanatory Memorandum states - ô... are consistent with those in paragraph 3(c) of Information Privacy Principle (IPP) 11 in section 14 of the Privacy Actö o disclosure authorised or required under a Commonwealth, State or Territory law or the common law, which the Explanatory Memorandum states - ô... is consistent with paragraph 1(d) of IPP 11 in section 14 of the Privacy Actö o disclosure reasonably necessary for the enforcement of the common law or a law imposing a pecuniary penalty or for the protection of the public revenue, which the Explanatory Memorandum states - ô... is consistent with paragraph 1(e) of IPP 11 in section 14 of the Privacy Actö. 4.9 The exemption provisions in the earlier legislation that applied to Telecom, OTC and AUSSAT are extended by section 88 of the Telecommunications Act 1991 to include a new exemption for disclosure to - o another carrier o a supplier of eligible services The extension is necessary because the carriers (AOTC and Optus) and suppliers of eligible services interconnect their networks and facilities and supply services over one another's networks. The exemption allows a carrier, say AOTC, to give information to a service provider about the calling customer's number. While the service provider legitimately requires such information for an immediate purpose associated with providing a telecommunications service, namely, billing its customers, there are considerable privacy implications related to this, which are discussed in Chapter 5. 4.10 As well as the Privacy Act 1988, section 88 of the Telecommunications Act 1991 and common law avenues, there is some State legislation relating to privacy and some international conventions by which Australia is bound which include privacy considerations. These do not directly affect the area of telecommunications privacy. Possible alternative approaches {tc "Possible alternative approaches "} 4.11 In broad terms, there are three possible approaches to the issues of telecommunications privacy which were canvassed in the draft report - o do nothing, on the grounds that the available evidence suggests that there are not serious breaches of privacy or levels of intrusion o amend some part of the existing legislative framework to give better coverage of the area. This could involve either section 88 of the Telecommunications Act 1991 or the Privacy Act 1988 o develop a new approach, and provide a framework outside either section 88 or the Privacy Act. Why not leave the existing framework alone?{tc "Why not leave the existing framework alone?"} 4.12 It is true that current levels of abuse appear to be low. The evidence of breaches of privacy relate to unauthorised access to, and trade in, information and to interceptions rather than the kinds of breaches that could occur in the provision of services, such as telemarketing or Calling Number Display. For example, the report of the Independent Commission Against Corruption in New South Wales pointed to some examples of trade in silent telephone numbers. Nevertheless no commentator or submitter to AUSTEL's inquiry recommended leaving the area entirely alone and many were specifically supportive of the suggestion that pre-emptive action would make a more limited intervention effective. 4.13 The current relative low level of abuse of telecommunications privacy in Australia compared with some other countries means that measures to address the issues may be less draconian than they might otherwise be - a less costly educative voluntary regime may succeed where it would not if Australia were faced with individuals having entrenched interests in maintaining what others perceive as an abuse of their privacy. Amendment to the existing framework{tc "Amendment to the existing framework"} 4.14 The draft report sought comment on whether section 88 of the Telecommunications Act 1991 should be amended, either to incorporate all of the Information Privacy Principles or to extend the limitations on disclosure from their present reference to the employees of carriers to the employees of service providers, service providers themselves and carriers. As well, some respondents raised the suggestion of amendments to the Privacy Act 1988. Should section 88 of the Telecommunications Act 1991 be amended?{tc "Should section 88 of the Telecommunications Act 1991 be amended?"} 4.15 A number of the respondents to the draft report including the Privacy Commissioner were opposed to the suggestion that section 88 be amended to reflect all the Information Privacy Principles. The Privacy Commissioner wrote - ô...I have grave doubts as to whether the Information Privacy Principles should be incorporated into the body of Commonwealth criminal law in the way that s. 88 currently seeks to do. These Principles were drafted on a different set of assumptions about how they would be applied... My view is that s. 88 represents a misconceived approach to the issue of giving individuals a reasonable means of protecting their privacy in the new telecommunications environment. To develop s. 88 in the way contemplated in the draft report would, in my view, compound the error.ö 4.16 The Attorney-General's Department's response to the draft report largely concurred with the Privacy Commissioner's views. It stated that - ô...section 88 of the Telecommunications Act as it currently stands is not in itself an adequate privacy protection mechanism because it protects only against inappropriate use and disclosure of personal information and because it does not provide a suitable complaints mechanism for individuals. We are also of the view that section 88 should not be amended to reflect all the IPPs. It is inappropriate that the protections supplied by the principles embodied in the IPPs be enforced by means of a penal provision in a statute.ö 4.17 The Australian Direct Marketing Association also expressed reservations about incorporating the Information Privacy Principles into section 88. ôSection 88 of the Telecommunications Act is precise... The Privacy Information Principles are not precise. Including them in the Telecommunications Act would lead to unnecessary imprecision and dilute the power of section 88...ö 4.18 AUSTEL agrees with the Privacy Commissioner, the Attorney-General's Department and the Association that amendment to section 88 to incorporate the Information Privacy Principles would not be an effective way to provide privacy protection to individuals. 4.19 Another option canvassed in the draft report was to expand the coverage of section 88 from the employees of carriers, to service providers, their employees and to carriers. As observed in Chapter 2, an amendment to extend section 88 to service providers has been introduced. Should the Privacy Act 1988 be amended?{tc "Should the Privacy Act 1988 be amended?"} 4.20 The option of an amendment to the Privacy Act 1988 was not canvassed in the draft report, but arose out of the comments made by some respondents. One reason for not canvassing it was that AUSTEL is only in a position to suggest that an amendment to the Privacy Act 1988 should be considered by those responsible for the Act. Another reason was awareness of some of the problems of using the Act as a vehicle to address concerns with telecommunications privacy - o generally, the Privacy Commissioner has jurisdiction over Commonwealth government bodies only. Neither AOTC nor Optus is such a body. The Commissioner's role is therefore limited to that of encouraging the carriers to observe the Information Privacy Principles. o the role of the Privacy Commissioner in dealing with other participants in the telecommunications industry, eg - companies providing telecommunications services or those using the network as a marketing tool or to provide other services is limited to encouraging conformity with the Information Privacy Principles. o except to the extent that it may deal with the use of data captured through intrusive means by Commonwealth Government bodies, the Privacy Act 1988 does not encompass intrusion issues which are seen by many people as at the heart of telecommunications ôprivacyö. o the Information Privacy Principles, while based on the OECD Guidelines which were designed to be applicable to both public and private sectors practices, are not particularly easy to translate into practical guidelines for those involved in the telecommunications industry. 4.21 As mentioned, AUSTEL has given more thought to the issue of amendment of the Privacy Act 1988 because of the comments of respondents and submitters . For example, the Privacy Commissioner said - ôShort of creating an entirely new agency, it seems to me that an enhanced Privacy Commissioner's jurisdiction represents a logical way of addressing [a system of oversight of privacy concerns]... It may well be that an acceptable approach could be found in that regard by allowing AUSTEL a more substantial or steering role in that area, the details of which could be worked out.ö 4.22 AOTC also raised the idea, suggesting that either section 88 or the Privacy Act could be a vehicle for some basic controls on re-use of personal information, such as might occur if a retailer were to make use of Caller Number Display and reverse directories to follow-up inquiries made of it or to compile a mailing list.- ôEither s. 88 of the Telecommunications Act 1991 or the Privacy Act 1988 should be amended to cater for the privacy concerns arising from possible re-use of personal information passed to end users of the telecommunications network.ö 4.23 AUSTEL sees problems in the suggestion of achieving this effect through the amendment of section 88 of the Telecommunications Act 1991 :to incorporate Information Privacy Principle 10 relating to limits on the use of personal information into the Act. Such an amendment could turn everybody in Australia into a potential offender subject to penal provisions. The alternative suggestion of amending the Privacy Act 1988 to a similar effect may be a more appropriate approach. That would avoid the difficulty of section 88 currently carrying penalties that are inappropriate to the offence of re-use of personal data by end-users and builds on the precedent of the recent extension of the Commissioner's jurisdiction to the private sector in respect of credit reporting requirements. An appropriate amendment to the Privacy Act 1988 applying to re-use of information by end-users could give clear guidelines to the industry and consumers and would allay many of the fears people have expressed about what might happen with more widespread access to telecommunications generated personal data. 4.24 Such a restriction would also address what has been identified as one of the major privacy shifts underlying the introduction of services based on the marketing of data generated by telecommunications transactions. As William Dutton, professor in the Annenberg School for Communication at the University of Southern California recently (1992) wrote - ôTelephone services have never been completely private. The telephone operator knew who called them, if not what was said. But it is different now. One difference is that there is less accountability. The telephone company was responsible for maintaining the confidentiality of a call. Now, responsibility will be diffused to any individual or company involved.ö 4.25 Given that the telecommunications industry is special but not unique and that similar factors such as ease of transmission of information and a range of industry participants arise in the credit reporting industry, it may be argued that there is a case for widening the scope of the Privacy Act 1988 to enable the Privacy Commissioner to have a role in overseeing the collection, storage and use of data , whether it be done by a Government body or by a private enterprise. If the scope of the Privacy Act 1988 were to be so extended, AUSTEL would endeavour to ensure that any telecommunications privacy framework was consistent with it. AUSTEL recommends that consideration be given to extending the scope of the Privacy Act 1988 beyond its current focus on government agencies to enable the Privacy Commissioner to oversee the collection, storage and use of data by private companies generally. A new approach{tc "A new approach"} 4.26 The proposed amendments to the Privacy Act 1988 to extend its scope to the collection, storage and use of data by private companies generally may, however, not be implemented quickly enough to avoid telecommunications specific intrusion and data privacy issues that have been identified as giving rise to concerns overseas becoming problems in Australia. Also, such amendments would more likely than not provide only general guidance as to the principles that would have to be applied by way of industry specific codes to the collection, storage and data use practices within particular industries. 4.27 Accordingly, whatever the timing and nature of the outcome of the recommendation to amend the Privacy Act 1988 , some form of industry specific approach would appear to be required to address telecommunications intrusion and personal data privacy issues. A voluntary co-regulatory model{tc "A voluntary co-regulatory model"} 4.28 This proposed model is based on - o overseas trends o the characteristics of the telecommunications industry (as set out in Chapter 3) o the premise that resolution of specific intrusion or personal data privacy issues peculiar to one sector of the industry may require more than general principles or broad guidelines o Australia being in a position to address telecommunications intrusion and personal data privacy issues before they cause problems as have occurred overseas and before interested parties in Australia develop entrenched attitudes on how the issues might be addressed o experience since the inception of this inquiry that the various parties have reached a level of understanding of each other's views such that there is a willingness across the industry to give resources and commitment to a voluntary approach o general acceptance of the concept of a Telecommunications Privacy Committee as suggested in the draft report. AUSTEL recommends a voluntary industry/government co-regulatory approach based on a Telecommunications Privacy Committee representing the interests of consumers, users, the industry and relevant government agencies. Status of the proposed Telecommunications Privacy Committee{tc "Status of the proposed Telecommunications Privacy Committee"} 4.29 As the proposed Telecommunications Privacy Committee - o may deal with matters beyond AUSTEL's legislative mandate (eg - general fair trading issues such as the "cooling off" period that should be included in a telemarketing code of practice) o outputs may require implementation action by persons other than AUSTEL (eg - the Privacy Commissioner) o is intended as a service to the telecommunications industry generally and its consumers, in particular, rather than just advising AUSTEL in the performance of its functions, it is proposed that the Committee be "with but not ofö AUSTEL. That is, subject to AUSTEL securing the necessary financial and human resources for the purpose, AUSTEL would service the Committee but because the Committee's proposed charter would be broader than an advisory committee established under section 53 of the Telecommunications Act 1991, the Committee would have an independent chairperson. AUSTEL recommends that subject to additional funding being made available for the purpose, the Telecommunications Privacy Committee be ôwith but not ofö AUSTEL and that AUSTEL service the Committee. 4.30 The establishment of such a committee would not preclude the use of legislation, or other means, to control specific abuses which may be identified. For example, the Committee may advise AUSTEL that a specific service or piece of equipment is causing concern and recommend that its use be limited in some ways. This advice may, in turn, form the basis of a recommendation by AUSTEL to the government that legislation be enacted to deal with the specific situation. The co-regulatory model does not exclude other solutions. Ultimately, failure by industry participants to operate within the proposed co-operative system may lead to more rigid forms of regulation. Terms of Reference for the Telecommunications Privacy Committee {tc "Terms of Reference for the Telecommunications Privacy Committee "} 4.31 The following proposed terms of reference for the Telecommunications Privacy Committee are based on responses to AUSTEL's draft report which specifically sought comment on the issue. Having regard to - o the OECD guidelines o the Information Privacy Principles contained in the Privacy Act 1988 o the provisions of the Telecommunications Act 1991 o the need to balance the free flow of information in the use of telecommunications networks, services and equipment and the public interest in the protection of personal data, privacy issues, the Telecommunication Privacy Committee shall - o within three months of establishment provide a general set of privacy guidelines and policy for the telecommunications industry, which takes account of carriers, service providers and users generally o provide appropriate guidelines within three months of issues arising in relation to a new product or service o advise relevant government agencies on any implications its proposals may have in relation to legislation administered by those agencies o recommend to relevant government agencies that they take appropriate action o encourage the development of effective codes of practice with appropriate monitoring and enforcement mechanisms within the telecommunications industry, preferably within six months of the Committee first raising the need for a code with the relevant industry sector o either approve or provide comments and advice on draft codes of practice submitted to it within two months of receipt o form sub-committees, as appropriate, to consider specific issues and to report back promptly These sub-committees may include persons who are not members of the committee o monitor the implementation of and the adherence to codes of conduct o liaise , as appropriate, with the Telecommunications Industry Ombudsman concerning the operation of codes of conduct and any complaints received by the Ombudsman in relation to matters the subject of the codes o provide to AUSTEL by the end of each calendar year a written report on the operation of the Committee and such other reports as the committee deems necessary; AUSTEL recommends - o the Telecommunications Privacy Committee be responsible for - - the identification of general privacy principles applicable to the telecommunications industry - the development of specific guidelines where necessary - encouraging relevant industry and community groups to develop codes of conduct which reflect the general privacy principles and specific guidelines - the approval of codes of conduct which meet appropriate standards, including effective monitoring and enforcement measures. 4.32 The proposed terms of reference cover most of the suggestions made by respondents to the draft report. AUSTEL is grateful to those respondents who made detailed suggestions about the terms of reference. A common theme in the suggestions was the need for effective enforcement mechanism for the proposed codes of conduct. For example, AAP lists as a key term ôrecommend sanctions and manner of enforcementö, ATUG refers to giving ôadvice on perceived breaches of the guidelinesö, and the Australian Telemarketing Association mentions ôhow to address issues of breachö as important. As can be seen from the above description, the approach to enforcement being taken here is that a code of conduct must provide a realistic mechanism for monitoring and enforcement. 4.33 Another point made in a few of the responses is that the privacy guidelines must cover the area of a carrier's use of information. For example, the suggestions from the Seymour Shire Council make specific reference to developing ôspecific controls and licensing of TTGI [Telecommunications Transaction Generated Information]ö and the Privacy Commissioner's recommendations include the Committee having reference to ôthe personal information practices of carriers and service providers as they affect customersö. This point is implied in the above terms of reference rather than being specifically mentioned. The issue of a carrier's handling of information and the recommendation with regard to the development of an appropriate code of conduct are discussed at paragraphs 3.26 - 3.32 and 7.34 - 7.39. 4.34 Adherence to international standards and principles of privacy protection was also important to a number of respondents, particularly the Privacy Commissioner, who suggests a preamble to the terms of reference - ôcontaining a direction to the committee that it is to develop standards which are generally consistent with the OECD Guidelines and to take into account in its work international approaches to privacy and telecommunications issues of the kind outlined in the Draft Reportö. International guidelines and developments have been included in the terms of reference. 4.35 A number of respondents referred to public awareness campaigns and consumer information as forming an important part of the Committee's work. This was mentioned by the Federal Bureau of Consumer Affairs, the Australian Telemarketing Association and AOTC. This point has been covered by making public information part of the checklist of codes of conduct. Subject to funding, there also may be opportunities for the Committee to be more directly involved in public awareness campaigns. The Privacy Commissioner referred to a precedent - "In the Credit Reporting area, good public education material has been generated within the industry at its cost, in liaison with my office. (One major credit provider provided a substantial contribution to the publication of the last credit reporting brochure in return for a brief acknowledgment.)" 4.36 AOTC raised a particular task it wants the Committee to carry out: advising AUSTEL on the planned trials of CND. This clearly falls within the scope of advising on new services and products, and it seems likely that the Committee would give time and resources to that. The planned trials of CND are further discussed in Chapter 5. Committee Membership{tc "Committee Membership"} 4.37 Most respondents to the draft report supported the membership of the Committee as proposed in that report, namely - o consumer groups o network operators o telecommunications-based industries, such as telemarketers and market researchers o manufacturers/suppliers of customer equipment o relevant government bodies 4.38 The Privacy Commissioner spelt out two possible approaches to the formation of a committee - ôThe committee could comprise representatives of all the major players, in which case it would be a large committee. This may lead to the need to form sub committees to examine particular issues. A problem with this approach is that some members of the committee would have no interest/expertise in some of the issues being addressed by the sub committees. A second approach would be for the committee to comprise a small number of representatives from the three groups (business, consumers and government) who are likely to have both expertise and an interest in all the committee's deliberations. If the latter approach was adopted the committee would need to have a strong commitment to consultation with all the players relevant to each issue being addressed by the committee or be in danger of producing a code which does not have wide acceptanceö. 4.39 AUSTEL agrees with the second approach suggested by the Privacy Commissioner. In the interests of having a manageable and effective advisory body it is proposed to have a committee with relatively small numbers rather than a committee with a large number of representatives from the various interest groups across the telecommunications sector. A large committee may produce a cumbersome decision-making vehicle unable to reach prompt decisions and provide timely advice. The proposed membership of the committee is set out in paragraph 4.46. 4.40 The draft report also invited comment on who should chair or convene the Committee. There was wide support in the submissions on the draft report for AUSTEL to convene the Committee, with some respondents expressing surprise that the question had been raised. Respondents specifically supporting AUSTEL's convening of the Committee included the Australian Direct Marketing Association, the Federal Bureau of Consumer Affairs, AAP, the Australian Telecommunications Users Group, Seymour Shire Council, the Consumers' Telecommunications Network, the Australian Telemarketing Association, AOTC and Optus. 4.41 A number of groups also suggested that AUSTEL should chair the Committee as well as convening it. However, as stated in paragraph 4.29 above, it is AUSTEL's view that the Committee should be "with but not of" AUSTEL and that an independent chairperson acceptable to consumer and industry groups be appointed. 4.42 Comments received in response to AUSTEL's draft report pointed to a need to provide balance between industry and consumer representation on the Committee. While there are many consumer organisations which have an interest in the area, the Australian Federation of Consumer Organisations (AFCO) represents consumers over a wide range of interests and may serve as a peak body for consumer views on the Committee. Representatives of the carriers, the major users of telecommunications and the equipment manufacturers are clearly necessary to represent the industry. 4.43 Respondents to the draft report also pointed to a need to give careful consideration to the role of government bodies on the Committee. On the one hand, if the Committee is to have credibility as an independent agency, government representation should not be allowed to dilute the industry and consumer representation. On the other hand, there are a number of agencies which, it could be argued, have functions and powers that make their participation desirable. 4.44 Responses to AUSTEL's draft report did suggest that the Telecommunications Industry Ombudsman be a member of the Committee and that the Ombudsman may be a suitable independent chairperson. It is, however, inappropriate for the Ombudsman to fulfil either role. It is not appropriate for the Ombudsman to be on the Committee when he or she may be called upon to judge the Committee's work when investigating a complaint raising privacy issue. Several commentators on the draft report said that they regarded it as inappropriate for the Ombudsman to have a policy role. Were he or she to be the chairperson of the Committee, it is inevitable that in giving press releases or in announcing the work of the Committee, the chairperson of the Committee would be caught up in policy issues. These comments do not stop the Ombudsman playing a significant role in the work of the Telecommunications Privacy Committee. To the extent that there needs to be input from the Ombudsman to the Committee's deliberations, that can be arranged by way of submissions or the Ombudsman's attendance at the Committee as required. The terms of reference of the Committee call upon it to liaise as necessary with the Ombudsman (paragraph 4.31). 4.45 It is intended that neither commercial nor consumer interests should dominate the decision-making process in the Committee. Rather the members will forge solutions to the issues that confront them, taking into account the various viewpoints. Should this structure not provide an effective regulatory mechanism then a less flexible regulatory structure may be required. Each member of the Committee will have one vote where the chairperson calls for a vote and the Chairperson should have a deliberative and casting vote. 4.46 Having regard to the comments received in response to the draft report it is proposed that an initial committee of 10 (including an independent chairperson) be established as follows - o an independent chairperson o two representatives nominated by the Australian Federation of Consumer Organisations (AFCO) o a user representative nominated by the Australian Telecommunications Users Group o two carrier representatives, one from each of AOTC and Optus o a representative nominated by the Australian Electrical and Electronic Manufacturers Association o a representative nominated by the head of the Federal Bureau of Consumer Affairs o the Privacy Commissioner or his representative o a representative nominated by AUSTEL The third mobile licensee should also be represented on the Committee when the licensee begins its operations. 4.47 The smallness of the Committee precludes the participation of some industry interest groups, such as telemarketers or service organisations with a high volume of incoming calls. The intended arrangements will give such interested parties the opportunity to participate through a sub committee structure described below. In fact, the sub committee structure will allow these groups to focus their participation on those issues which have a direct impact upon them. Sub-committees of the Telecommunications Privacy Committee{tc "Sub-committees of the Telecommunications Privacy Committee"} 4.48 The Telecommunications Privacy Committee will have the power to establish sub-committees for consideration of specific issues. As part of this sub-committee structure it will be able to invite people from groups not represented on the Telecommunications Privacy Committee to participate in the sub-committee process. For example, if a sub-committee was formed to consider the provision of telemarketing services then the Committee may invite a representative or representatives of the telemarketing industry to be part of the relevant sub-committee. Given that such groups have a selective interest in the range of privacy-related issues, this is a more flexible way of managing their involvement than representation on the committee itself. 4.49 The deliberations of sub-committees will be presented to the committee for its consideration and, as appropriate, adoption. 4.50 This structure will enable accommodation of those groups which, in their responses to the draft report, expressed interest in being involved in the work of the committee, such as the Association of Market Research Organisations. Another related mechanism for involvement in the Committee's work is outlined in the section relating to the formulation of codes of conduct for specific industry segments. Funding of the Telecommunications Privacy Committee{tc "Funding of the Telecommunications Privacy Committee"} 4.51 If it is to operate effectively, the proposed Telecommunications Privacy Committee will need financial and administrative support. AUSTEL proposes to seek additional funding and, if agreed, support the Telecommunications Privacy Committee for an initial period of three years, after which it will be reviewed and evaluated as described in paragraph 4.53. Some of the activities that it is proposed that the Committee should undertake are beyond the scope of AUSTEL's functions as set out in the Telecommunications Act 1991, (eg - fair trading issues that might arise in a contract between a telemarketer and a consumer). Accordingly, it is necessary to ensure that there is government support for the Committee and that AUSTEL is seen to be using its funds in a way that is in the public interest. 4.52 The costs of servicing AUSTEL's advisory committees plus additional costs related to the nature of this Committee suggest an annual budget of $100,000 for three years (when it is proposed to review the Committee's activities). Such funding would provide a fee to the independent chairperson and for costs associated with convening the committee meetings. It would also cover the costs of administrative and staff support, which are estimated to be one person full time in the first year to act as the secretary, reducing to part time commitment during the second and third years of operation. Review of the Committees Activities{tc "Review of the Committees Activities"} 4.53 It is proposed that the Committee operate for an initial term of three years, and that its effectiveness be reviewed at that point. AUSTEL is concerned that the Committee make speedy and significant progress in facilitating, approving and monitoring the establishment of a range of industry codes. The proposed terms of reference include periods in which the Committee should complete particular stages. A key criterion of effectiveness will be whether a co-regulatory approach is in fact in place at the end of the Committee's initial three year term. To that end an independent review of the operation of the Committee should commence two and a half years from its establishment, the findings to be presented to AUSTEL three months before the end of the third and final year of its operation. This review should include the following matters - o number of industry codes, speed of creation and implementation and their coverage of the industry o an evaluation of the operation of the industry guidelines and the codes of practice o analysis of the complaints received o a review of the operations of the committee including the impact of the lack of a general enforcement and audit mechanism o a review of overseas developments which may have an impact any future structure in Australia o level of knowledge among consumers of mechanisms for privacy protection in telecommunications o estimate of the costs of running of the committee and some indication of the costs of the system borne by the industry o recommendations as to the future regulation of the area in Australia. AUSTEL recommends that the effectiveness of the voluntary co-regulatory approach and of the Telecommunications Privacy Committee be reviewed in three years against pre-determined performance indicators. Guidelines and codes of practice{tc "Guidelines and codes of practice"} 4.54 The objective of the Committee is to set up a voluntary, co-regulatory framework which provides detailed guidance on the various privacy issues raised in the sector. This will be achieved, in the first instance, by providing general industry guidelines for the protection of privacy issues. The Committee will then invite participants in the telecommunications sector to submit codes of practice to it. Ideally, these codes will be developed by industry associations which represent a particular segment of the market in consultation with consumer and user groups. 4.55 The codes should not only reflect the privacy guidelines set down by the Telecommunications Privacy Committee but also provide detailed guidance on the particular issues under consideration. These codes of practice will be submitted to the Committee for its comments and, if appropriate, approval. While the Committee's approval of a code of practice could not give it the force of law, the Committee's imprimatur should provide it with significant persuasive power. Also, relevant government agencies may use a code as a basis for determining whether to take action in relation to a complaint about a matter covered by the code. That is, if the conduct complained of is in breach of the code, the agency may regard it as grounds for moving against the conduct. 4.56 Once a code of practice is approved, its implementation will be monitored by the Telecommunications Privacy Committee. This process will ensure that the code is properly advertised by the relevant organisation and that the organisation has set aside sufficient resources to give effect to it. The monitoring process must take into account any complaints which are received about the organisation or its members. The outcome of this process will be included in the periodic reports by the Committee to AUSTEL. 4.57 A number of commentators on the draft report queried how a code might apply to a ômaverickö or company operating in a particular area of the industry which is not a member of the relevant association and which does not observe the code. It will be up to the relevant industry association or organisation putting forward the code of conduct to bring the ômavericksö into the ambit of their code as far as possible. That suggests that the education campaign that will be part of the implementation of the code will need to be directed to the wider industry as well as to consumers. At the same time, the existence of the Committee and the prominence it should give privacy related issues will make this task somewhat easier for the industry association. It will also be open to that organisation to bring specific problems relating to the code to the Committee to see if there is some way in which assistance can be given. The bottom line is that if there are too many complaints about a particular segment of the industry, the conclusion to be drawn is that the voluntary co-regulatory approach has not worked. 4.58 It is important that voluntary codes are not mere window dressing or a device to deflect more formal regulations. The codes of practice must provide a detailed and effective means of self-regulation of the areas they cover. To this end, the following checklist, based on a recent OECD report (Tucker, G. "Privacy and Data Protection - Issues and Challenges" ), may serve as a useful point of reference - 1. Form - the code should make positive statements which indicate a commitment to the adoption of proper privacy protection principles. Mere descriptive language is not sufficient. 2. Substance - the code should be tailored to the sector/company concerned and not merely recite general principles of privacy protection. 3. Level of Detail - the code should deal with the privacy protection issues confronting the relevant sector/company and other interested parties. 4. Transparency - the code should be written in simple language readily comprehensible to participants (including consumers) in the relevant sector. 5. Implementation - the code should provide for an implementation procedure within the sector/company so that there is no doubt as to the style and manner of protection offered. Part of this process is the nomination and declaration of an officer or officers to take responsibility for this domain who would have the duty to report regularly to the appropriate management body. Management should be careful to ensure that the establishment of this internal position does not lead to the isolation of the relevant officer from the files and procedures of the firm. This would have a reverse impact to that which is intended. 6. Review - the code should provide for a means of review of its terms from time to time in order to make an assessment of their relevance and, where, necessary, to make appropriate changes. This is a recognition that market conditions, like technological change, may warrant a reconsideration of the terms of the code. It may include soliciting public comment and these comments might be taken into account when the review process is undertaken. 7.Control/Enforcement - the code should be underpinned with some means of control or enforcement of its terms. This may be legislative, contractual or administrative and it should provide consumers or other interested parties with some means of redress for a breach of the terms of the code. 8. Consumer awareness - the code must receive publicity by the sector/company so that consumers are aware of their position. 4.59 The danger that a code may not represent a genuine attempt to undertake reform and is just window dressing is also addressed by having the Telecommunications Privacy Committee play an overseeing role in relation to the development and implementation of the codes applying the checklist. 4.60 Industry segments and companies wanting to have an approved code of conduct might also negotiate a suitable complaints handling mechanism with the Telecommunications Industry Ombudsman. The position of the carriers who fund the Ombudsman's office will need to be clarified, but neither carrier has objected in principle to the Ombudsman playing such a role. The mechanism may be that the industry has its internal complaints handling process and that if that does not succeed in a particular instance, the complaint is forwarded to the Ombudsman, or it may work in reverse, so that complaints go to the Ombudsman in the first instance and that office refers them to the relevant industry body and monitors the process of resolution. In this context it is relevant to note that the Market Research Society of Australia, which has a long-standing code of conduct, adherence to which is written into the contracts its members enter into with clients, has offered to receive complaints referred by the Ombudsman. Whatever the complaints handling mechanism might be, it will be important that the level and severity of complaints can be independently audited. 4.61 It would also be appropriate for the codes to be discussed with the Trade Practices Commission which may authorise a code of conduct that is not anti-competitive in its effect. 4.62 There are a number of Australian examples of the use of codes of practice or conduct at industry level. Since 1986 there has been an industry code of practice in relation to electronic banking and consumers. This model set up a series of guidelines which the issuers of credit and debit cards used as a minimum standard when developing their own set of conditions of use. These conditions of use which form the basis of the contracts for electronic banking services between the card issuers and consumers were submitted to a supervisory body which provided comments as to their acceptability and conformity with the industry code. An interesting means of enforcement has been used in this situation whereby the conditions of use adopted by the issuers of the electronic banking services warrant that they reflect the provisions of the general guidelines. Accordingly, should the conditions of use not reflect the terms of the guidelines, this may constitute misleading deceptive conduct under to section 52 of the Trade Practices Act 1974. In this way the consumer is reassured that protection complies with the terms of the code. 4.63 The Council of Europe has also recognised that codes of practice may be drawn up by industry representatives and provision has been made in the recent draft recommendations on the protection of personal data in the area of telecommunication services, with particular reference to telephone services (Strasbourg, 19 March 1992). It is further recommended that codes of practice receive the approval of the relevant authorities. (See draft explanatory memorandum to the draft recommendation, p. 4). The European Commission also recognises that codes have a role to play in the protection of data as it included a provision in the draft general data protection directive encouraging their use (See Proposed directive for the protection of personal data, article 20). Both of these provisions are set in the context of a formal data protection structure. 4.64 AUSTEL's approach also bears some similarity to the Dutch experience. In that system, prior to the enactment of its data protection legislation, industry codes of practice were encouraged and actively developed. Once the legislation was developed, the existing codes of practice were required to receive the formal approval of the data protection authority. If this was not done then the authority had the power to recommend regulations to apply to that sector. In this way, the detail and relevance of the codes of practice are assured. 4.65 AUSTEL is not placing the codes into a legal framework as in the Dutch model, but it is setting up a process, through the operation of the Telecommunications Privacy Committee, that will ensure the production of workable, effective codes of practice. 4.66 This approach to the codes of conduct should allay reservations expressed by some respondents to the draft report. The ultimate answer to these reservations is that the voluntary co-regulatory approach is being given a chance to work and a specific time in which to do so. Mechanisms for evaluating its effectiveness and the willingness to use formal regulation if unsuccessful are an integral part of the framework that is recommended. CHAPTER 5 CALLING LINE IDENTIFICATION/CALLING NUMBER DISPLAY The issues 5.1 Deferral of the introduction of CLI based services 5.2 What is Calling Line Identification? 5.4 CLI based services 5.6 CLI and ISDN 5.9 Overseas experience of CLI based services 5.10 United States of America 5.11 Canada 5.14 Europe 5.17 Japan 5.18 Overview of overseas perspectives 5.19 CLI, emergency services and blocking CND 5.20 Options for the provision of Calling Number Display 5.22 The Case for Opt Out (Per Line Transmission with Per Call Blocking ) 5.31 The Case for Opt In (Per Line Blocking with Per Call Transmission) 5.35 Nuisance and harassing calls 5.39 Opt In v Opt Out and the commercial viability of CND 5.44 The principle of informed choice 5.65 Trialing CND services 5.77 Public awareness campaign 5.80 Service provider issues 5.87 The issues{tc "The issues"} 5.1 Issues central to the inquiry are - o whether Calling Line Identification (CLI) or CLI based services pose a threat to an individual customer's privacy o if there is such a threat, how it might be handled without depriving other customers of the benefits of CLI and CLI based services o what is the best way for customers to make an informed choice. Deferral of the introduction of CLI based services{tc "Deferral of the introduction of CLI based services"} 5.2 A major factor in holding the inquiry was AOTC's intention, expressed in an internal discussion paper which it made available to AUSTEL in September 1991, of introducing CLI based services progressively from around March 1993 for its AXE exchanges and from around September 1992 for its System 12 exchanges. 5.3 AOTC has now indicated that it will not introduce CLI based services that raise privacy issues, until those issues have been resolved. Its response to the draft report states - ôAOTC recognises that there are a number of potential privacy concerns arising from the introduction of Calling Number Display (CND). Based on emerging information, AOTC considers that at least some of these concerns may arise regardless of the mode of deployment of CND ... For this reason, AOTC does not propose to proceed with the introduction of CND at this time. AOTC does, however, consider that the privacy concerns associated with the introduction of technology can be adequately addressed, or will diminish over time, permitting successful introduction of CND....ö ôAs outlined in AOTC's original submission to this Inquiry, AOTC has a strong commitment to ensuring the highest standards of privacy, consistent with the Corporation's excellent record on privacy related issues. In line with its commitment to taking account of privacy concerns, AOTC has carefully considered the privacy aspects of the implementation of CND and related products to its customers (ie., beyond the carrier network boundary ...) This assessment process, including the instigation of general and market research, and discussions with consumer and community representatives, has indicated a range of consumer concerns associated with CND and related products. AOTC's analysis and conclusions in this regard are broadly in line with those of AUSTEL, and have resulted in AOTC recognising that it would not be appropriate to introduce CND on a universal basis at this time.ö What is Calling Line Identification?{tc "What is Calling Line Identification?"} 5.4 Calling Line Identification is data that is generated at the time a call is established. In general, when a telephone call is made through parts of the network with the technical capacity information is passed within the network about - o the called party's phone number o the calling party's phone number o the time of day o the duration of the call o the routing of the call. 5.5 CLI is integral to the operation of telecommunications networks and the provision of a range of services. It facilitates efficient traffic management, route selection and billing and enables more effective information management systems to be established. The sharing of CLI between carriers is mandatory under the General Carrier Licences held by AOTC and Optus because it is essential to the introduction of long distance service competition. In a competitive long distance environment a particular call may be carried on networks operated by different carriers and service providers. For example, where a company in Adelaide chooses Optus as its long distance carrier and makes a call to Sydney, AOTC carries the call to the nearest point of interconnection with Optus, Optus carries the call from that point to the point of interconnection in Sydney nearest to the called party and then hands the call back to AOTC for delivery through the AOTC's Sydney local loop to the called party. Without the passage of CLI, Optus would be unable to identify and bill the Adelaide company. Service providers may also likewise require CLI to bill their customers. CLI based services{tc "CLI based services"} 5.6 CLI also makes possible a range of new products or services some of which provide certain network information to customers. Because network information includes personal data about calling and called parties, services based on making that information commercially available raise privacy issues. 5.7 Services which utilise CLI information include - o Calling Number Display (CND, known in the United States of America as Caller ID). Subscribers to this service receive the phone number of the calling party on a liquid crystal display on their phones while the phone is ringing (provided the calling party has not blocked it and there is no technical impediment to sending it). CND has been a central issue in this inquiry. o Calling Number Display Mask or Block. This allows the calling party to block the CND from delivery to the called party but it is not a service in the sense of something that people have to pay for. AOTC intends to offer CND with both per call and per line blocking available at no charge. In this AOTC's approach has been different from that of some American telephone companies which have resisted offering line blocks or have sought to charge for blocking. Blocking is explained in paragraphs 5.24 - 5. 26. o Call Return, which allows a customer to instruct the network to dial the number of the last person who called the customer. This service would not however be available where the caller blocked his or her CND. Although AOTC's submission says "the person returning the call is not informed of the number which is being redialled", the capacity to store and retrieve numbers varies with different customer equipment and Call Return may give rise to issues similar to Calling Number Display. This service also raises some privacy issues. o Selective Call Diversion. Allows calls from numbers chosen by the subscriber to the service to be diverted to another number specified by the subscriber. Non-selective call diversion has been available for some time. o Selective Call Rejection. Allows calls from particular numbers to be rejected and diverted to a recorded voice announcement. o Ad Hoc Call Trace allows a customer to instruct the network to trace the last call and forward the information to AOTC. It should be noted that the information about the caller is not given to the called party, and that Ad Hoc Call Trace may be available even where the caller has blocked the CND. This last point distinguishes it from Call Return. 5.8 CLI based services can offer real benefits to consumers and efficiencies for businesses. The services provide the called party with more information and there are clear benefits in that increased flow of information. Residential and business users can use that information to make choices about the calls they wish to accept, reject or forward. Some CLI based services offer better answers to harassing and malicious phone calls than have been hitherto available. By providing mechanisms to retrieve incoming calls made when the customer was unavailable, there is a service to that customer, plus increased revenue opportunities for the telephone companies. CLI and ISDN{tc "CLI and ISDN"} 5.9 CLI information is currently available in Australia to those subscribing to the Integrated Services Digital Network (ISDN). By its very nature, ISDN provides its users with information about the calling party simultaneously with voice. In Australia ISDN usage has been largely confined to corporate users and to smaller high-tech businesses with a particular need for its more advanced features and its information capacities have been an explicitly recognised feature. Because the sharing of information (similar to that provided by CND on the analogue network) has been within a closed user group, on a mutual consent basis, AUSTEL has not examined the privacy implications of ISDN as a separate issue and would expect that the general principles and framework that emerge from this report to apply to ISDN services, as appropriate, having regard to the closed user group nature of the service. Overseas experience of CLI based services{tc "Overseas experience of CLI based services"} 5.10 Different terms are used for the Australian terms Calling Number Display and CLI based services. In the United States of America, the most common equivalent terms are Caller ID and CLASS (Custom Local Area Signalling System) services, while in Canada, the terms normally used are Call Display and Call Management Services (CMS). United States of America 5.11 North America has had the longest experience of CLI based products and services. In 1988 the United States of America's Federal Communications Commission (which has jurisdiction where telecommunication services cross State borders) approved the delivery of callers' numbers to companies subscribing to toll-free number services. (Telecom provides only part of the number in its itemised bills to subscribers to its toll free 008 services.) Intra-State Caller ID services have been offered since 1988 in areas of New Jersey and other districts served by Bell Atlantic. By September 1991, 26 of 52 United States of America regulatory agencies had made a determination on the offering of these services. (Survey cited in Rohan Samarajiva, 'The ôIntelligent Networkö: Implications for Expression, Privacy and Competition' in The Intelligent Network: Privacy and Policy Implications of Calling Line Identification and Emerging Information Services [CIRCIT] 1992). All of them had allowed Caller ID (except Pennsylvania where it was decided that the service would be in breach of that State's laws against wire tapping) but with different combinations of blocking options - o five with no blocking at all. These tend to be in the areas where the service was first introduced when the provision of blocking options was more difficult than is currently the case. o three with blocking allowed for crisis centres and agencies providing confidential services, o seven with per-call blocking available to all customers o three with per-call blocking available to all customers and per-line blocking in certain circumstances o eight with per-call and per-line blocking available to all customers. 5.12 There are also some incomplete hearings and some jurisdictions which have not yet considered the question. The trend appears to be in the direction of requiring more blocking options. For example, the California Public Utilities Commission has recently ordered that the service can be offered only if per-line blocking is made available to holders of silent lines, and the telephone companies (GTE and Pacific Bell) have withdrawn the proposed service on the grounds that because such a high percentage (around 40%) of Californians have silent lines, the service would not be commercially viable. 5.13 A 1990 USA survey into the public trust in which organisations were held showed that telephone companies have suffered the sharpest decline in levels of public trust of any organisation surveyed, from being the most trusted public organisations to the fifth most trusted in a period of nine years, (Louis Harris & Associates and A.F. Westin, The Equifax Report on Consumers in the Information Age (Atlanta, Equifax 1990). Rohan Samarajiva has suggested that changes in the telecommunications industry, including the growth of competition and the aggressive marketing of CLI based services, are ôrapidly frittering awayö the inheritance of public trust that telephone companies had after decades of being regulated common carriers. (The ôIntelligent Networkö: Implications for Expression, Privacy and Competition' cited in paragraph 5.11, page 53.) Canada 5.14 Canada also has some experience of CLI based services. Some information provided to AUSTEL by NorTel suggests that customer penetration rates have exceeded forecasts after one year - Forecast Result Alberta Govt Tel 2.2% 7.2% New Brunswick Tel 8.0% 14.0% Bell Canada 2.5% 10.3% In assessing these results, it should be noted that free trials and free supply of telephone equipment to some customers were involved. 5.15 Other figures given in the interrogatories of the Call Management Services Inquiry in Manitoba show that the highest penetration was 15.7% for Call Display in Quebec, with New Brunswick at 15%. Other Call Management Services had attracted fewer customers. For example, the highest penetration rate for a service other than Call Display was 6.5% for Call Return in New Brunswick, with other services having penetration rates less than that. Nonetheless, these services are of considerable commercial value to the telephone companies. A discussion paper on Call Management Services issued by the Information and Privacy Commissioner in Ontario in April 1991 states - ôBell [Canada] has estimated that, with an expected third of all customers using it, the service will generate $260 million in revenue over the next 15 years, not including the revenue from rentals of the specialised telephones...ö That is based on a rental of $4.75 per month for a private subscriber to have one of the CMS services. 5.16 Initially the services were introduced without much controversy or opposition, even though only limited blocking options were available. As consumer awareness of the services has increased, there has been a more polarised reaction. Some individuals and groups have seen real benefit in the services. In other cases consumer groups have brought legal actions against telephone companies and as a result the telephone companies have been required at considerable cost to restructure the service so that there are blocking options. There has also been cost in terms of their relations with customers and the public. On May 4 1992 the Canadian Radio-television and Telecommunications Commission ordered a number of Canadian telephone companies to remove charges for blocking Caller ID. ôIn the decision, the CRTC acknowledged the many social benefits of CMS since its introduction in 1990, but stated that it initiated the current review in response to growing consumer concern over privacy.ö (Regulatory Activities, Bell, May 1992 Highlights) Europe 5.17 While French Telecom is introducing CLI based services on its analogue network from September 1992, European countries have been generally slower than the USA and Canada to introduce CLI based services, except in the area of business-to-business communications. In general, the Europeans appear to have taken the approach that to introduce the service on analogue networks which will be replaced in the foreseeable future is hardly worthwhile. Japan 5.18 Japan is another country with the technological capacity to offer these services which is deferring them. It is not certain what part privacy-related considerations are playing in this deferment. Overview of Overseas Perspectives 5.19 The overseas experience with CLI based services suggest that Australia should adopt a cautious approach to the introduction of such services in Australia. Although there are instances in which the service has been introduced in a trouble-free way and with consumer and business benefits, the overseas trends are in the direction of giving greater weight to the consumer-based privacy concerns and towards telephone companies and regulators being in conflict where companies want to introduce the service in ways that maximise short terms commercial gains, that is in ways which impose an expectation that CND information would be sent. CLI, emergency services and blocking CND{tc "CLI, emergency services and blocking CND"} 5.20 Another CLI related issue, which attracted a significant number of submissions, was its availability to emergency services. These submissions raised issues with respect to the terms and technical conditions on which CLI was to be made available to emergency services, the implications of a spread of emergency numbers, the interests of different kinds of emergency services, the implications of the provision of alternative numbers which provided anonymity, the evolution of different patterns of emergency services in particular States, the adequacy of section 88 of the Telecommunications Act 1991 and other issues. The issues clearly warrant more detailed investigation than is possible as sub-issues for this inquiry. AUSTEL has therefore undertaken a separate investigation into issues relating to emergency services - see also paragraphs 3.23 - 3.25. 5.21 Some submitters were concerned that the blocking of CND by callers may limit the information available to emergency services through the use of CLI. This concern can be allayed. The blocking of CND does not block CLI. In fact, some submitters have raised the opposite concern, that is, that callers to 000 may assume that they can report an emergency or a crime anonymously when this may not be the case. Options for the provision of Calling Number Display{tc "Options for the provision of Calling Number Display"} 5.22 The privacy issues surrounding CND relate to the sending of CND, not to its receipt. People receiving CND will have made a positive choice to receive it, agreeing to pay a regular service charge to receive it and, in most cases, to buy new customer equipment to enable them to receive it. 5.23 The sending of CND information does, however, raise privacy concerns, eg - o will people understand that information about their number is being sent to the party they are calling? o how will people with special needs for privacy (eg - doctors, judges, victims of domestic violence, members of the police force) be affected? 5.24 In the course of this inquiry, opinion has clustered around two ways of dealing with the issue of how the sending of CND should be managed. Both approaches give the maker of phone calls the opportunity to decide whether or not to send their CND on any particular occasion. That is, there is no question of forcing people to provide CND information. There will always be a means of choosing whether to send it. This choice arises because of the possibility of blocking CND. 5.25 There are two ways of blocking CND, per call and per line. o Per call blocking means that the maker of the phone call would choose not to send CND for a particular call and would activate that choice by dialling a particular code. o Per line blocking means that CND does not appear when calls are made from a particular phone line because it has been configured at the exchange not to send CND. 5.26 Blocking CND prevents the number appearing on the phone of the called party. It does not prevent the information being collected and stored in the network, that is, blocking of CND does not block CLI. o Tracing threatening, obscene or malicious calls will be possible even if the caller has blocked his or her CND. o Information will be available to 000 emergency services about the origin of a call even when the caller has blocked the CND (provided that this enhancement to 000 is operating in the particular area). 5.27 The two approaches to managing the sending of CND are - o per line transmission with per call blocking, also referred to as "opt out" (because in the ordinary course of events the customer's number will be displayed unless the customer makes a conscious decision to "opt out", or not have his or her number displayed) o per line blocking with per call transmission, also referred to as "opt in" (because in the ordinary course of events, the customer's number will not be displayed unless the customer makes a conscious decision to "opt in" and have his or her number displayed). 5.28 Per line transmission/per call blocking (opt out) means that the customer's line would be configured in such a way that CND would normally be sent whenever technically feasible. Only if the caller made a specific choice not to send it on a particular occasion and took appropriate action, would it not be sent. That is, opt out refers to a situation in which the caller's telephone number is forwarded to the called party unless the caller opts out and blocks the number. 5.29 Per line blocking/per call transmission (opt in) means that the customer's line would be configured in such a way that CND would normally not be sent. Only if the caller made a specific choice to send it on a particular occasion and took appropriate action would it be sent. That is, opt in refers to a situation in which the callerÆs number is not delivered unless the caller opts in. 5.30 The options are not mutually exclusive. If per line transmission with per call blocking (opt out) became the norm or ôdefaultö approach, customers could still explicitly choose to have their own line configured for the per line blocking with per call transmission (opt in) option. Similarly, if per line blocking with per call transmission (opt in) became the norm or ôdefaultö, customers could have their line configured for per line transmission with per call blocking (opt out) by specifically requesting this option. The Case for Opt Out (Per Line Transmission with Per Call Blocking ){tc "The Case for Opt Out (Per Line Transmission with Per Call Blocking )"} 5.31 The draft report gave examples of the arguments and advocacy of those individuals and organisations supporting per line transmission. These arguments can be summarised as follows - o the blocking options give ample opportunity to callers to block their CND when they specifically require that, without allowing for frivolous or automatic denial of identifying information to the called party. Opt out is the best balance between the privacy needs of the called and calling parties. o Opt out preserves the commercial viability of the service for the carriers and thereby makes available to consumers the advantages of a value-enhanced telephone network. o Opt out creates business opportunities, for example, for equipment manufacturers, businesses which receive a high volume of incoming calls and entrepreneurs who can develop different kinds of devices for storing, manipulating and using the information provided by CND. 5.32 Although AOTC has recognised the privacy concerns of CND to the point where it has decided to delay introduction of the service, it remains hopeful that delay will enable the privacy concerns to be resolved so that CND might be introduced on an opt out basis. In its response to the draft report, it has sought the identification of indicators or conditions which would need to be satisfied in order for CND to be introduced on an opt out basis. 5.33 Optus, while pointing out that it is dependent on AOTC's provision of CND, also maintains its strong preference for the opt out approach. ôOptus rejects the narrow, single dimensioned view which many submitters have taken of CND services as constituting a threat to privacy. Optus is concerned that the debate about the introduction of CND services has centred on an analysis that opt out is æanti-privacyÆ whilst opt in is æpro-privacyÆ... Optus considers that insufficient recognition has been given to the significant enhancement of the privacy of called parties which CND services provide... Optus remains of the view that if the æopt inÆ approach is adopted, CND services will not be introduced in Australia. As a result, Australia's telephone system will have less added value than systems in other major markets overseas and customers will be denied the ability to know who is calling before answering their telephone. Such a result is not synonymous with the public interest.ö 5.34 Other responses to the draft report emphasise commercial and economic advantages to the opt out approach. Equipment suppliers, Alcatel and NorTel, both made submissions to that effect. Alcatel's response pointed out the opportunities for Australian industry that may exist if a strong domestic base is fostered by opt out CND, while NorTel ôbelieves that AUSTEL should avoid any regulatory disincentives to CND services in order to speed the advancement of this underlying infrastructureö [that is, Common Channel Signalling]. Some responses put forward the view that the opt in approach gives a kind of veto power to those who are too lazy or uninterested to make a choice (AAP, ATUG and Michael Doyle), while the Department of Transport and Communications makes the point that Optus have made above, that it is opt out that respects the privacy needs of the called party. The Case for Opt In (Per Line Blocking with Per Call Transmission){tc "The Case for Opt In (Per Line Blocking with Per Call Transmission)"} 5.35 The draft report also summarised the arguments in favour of the opt in approach - o individuals have a right to control the giving out of personal information about themselves and it is the opt in approach which more certainly preserves that o the people who are least likely to be able to make use of the blocking options in an opt out approach are those who are disadvantaged, for example, by lack of knowledge of English, social isolation or age etc o opt in protects the privacy needs of some groups and organisations, such as holders of silent numbers, callers to confidential counselling agencies, professional or law enforcement workers who may be put at risk by people knowing their home phone number or address, and victims of domestic violence. 5.36 A number of organisations and individuals reiterated their support for per line blocking with per call transmission in the responses to the draft report and there were some submissions from organisations which had not submitted previously. Some organisations concerned with women's vulnerability to violence supported opt in. For example, the Women's Information Switchboard expressed a preference for the opt in position in order to - ôprotect women and children in shelters who have been victims of domestic violence from compromising the anonymity and security of the shelter...ö 5.37 A few submitters were concerned about a future in which opt out meant that an expectation of being provided with CND information had become established. Myles Ruggles of CIRCIT argued - ôThe per-line transmission with per-call blocking configuration is ... inadequate. Per-call blocking creates the potential that automatic number release (and perhaps further personal information in the future) may become the social norm, because the default status of number release would give rise to a suspicion of harmful intent if withheld.ö 5.38 Other points made in support of the opt in position in the responses to the draft report were that there had been insufficient attention given to the implications of storage, manipulation and transmission of data gained through opt out CND (Consumers Telecommunications Network) and that there was an element of pressure in opt out - ôThere is no reason why AUSTEL should be involved in providing a guaranteed or æcaptiveÆ market to carriers.ö (Seymour Shire Council) and similarly - ôDo we really want CND or is it just the carriers telling us we need it?ö (Telsol) Nuisance and harassing calls{tc "Nuisance and harassing calls"} 5.39 An argument in favour of the opt out position is that it significantly reduces nuisance and harassing calls and is therefore of great benefit to the many people distressed by such calls. It has been argued by those supporting this position that the opt in default establishes a kind of de facto right to make anonymous calls. 5.40 AUSTEL does not discount the serious impact of nuisance and harassing calls on their recipients. Individuals' desire to have more information about the people placing calls to their phone is a legitimate reason for choosing to buy the CND service when it is offered and for choosing to send that information themselves when making calls. AUSTEL strongly supports individuals having an opportunity to make such choices and regards the greatly improved call tracing capabilities of CLI as a significant advantage. It is also aware that the introduction of Caller ID in American States has led to a decline in reports of such calls. A pamphlet from Illinois Bell reports - ôIn New Jersey, Caller ID has reduced customer complaints about abusive calls by nearly half. ô 5.41 Nuisance calls, however, do not justify the imposition of an opt out system on phone users as a whole - even with the provision of blocking facilities. CLI technology offers ways of dealing with this problem other than transferring the responsibility to the recipients of such calls. One of the CLI based products available is a call trace service. It would mean that after receiving an objectionable and anonymous call, the recipient could key in a code which would cause the network to record the originating phone number. That is done using network CLI, rather than CND; therefore, the originating number can be recorded even if the caller blocked it. (In this way it is similar to calls made to enhanced 000. These will be identified using network CLI and customer data bases rather than CND and so can be identified even where callers have blocked.) The recipient of the call, under existing AOTC policy, would not be provided with that phone number. Rather AOTC could use that information to pursue prosecution or to send a warning to the offender. 5.42 Some consumer groups in the United States have argued that the use of Caller ID (CND) as a mechanism for dealing with objectionable and threatening calls constitutes telephone companies offering less service to their customers, not more - ôBefore the advent of new technology, call trace was considered by the phone companies to be part of the basic service for which there was no extra charge. æIt was unwieldy. It took a long time to get it installed. You had to keep a log of all your calls, But the service was unbilled, part of the phone company's obligation to monitor the network,Æ [Mark] Cooper [Consumer Federation of America Research Director] said. æNow that they have a new and very potent technology, the phone companies are trying to take it out of basic service and profit from it,Æ he said.ö (CFA News March 1991) 5.43 Other points have also been raised against seeing CND or Caller ID as the answer to obscene calls. Rohan Samarajiva said in his presentation to CIRCIT's Conference on the Intelligent Network in December 1991 - ôCaller ID is not very useful in providing a lawful and effective response to the real problem of obscene and harassing calls. The called party cannot identify the obscene or harassing callerÆs name and address without accessing a reverse directory or calling back the deviant caller and asking for the information...The information that an obscene or harassing call was made at a particular time can be recorded on the Caller ID display device, but that information is likely to be of minimal evidentiary value since the machine was under the control of the aggrieved party and in any case does not indicate what the call was about.ö Opt In v Opt Out and the commercial viability of CND{tc "Opt In v Opt Out and the commercial viability of CND"} 5.44 The section of the AUSTEL draft report which canvassed the issue of the commercial viability of the CND service turned out to be a controversial one with some responses arguing that it was not up to AUSTEL to take any interest in questions of the profit that carriers may make, while others argued that it was unreasonable of AUSTEL to put forward an argument about commercial viability on such slender evidence. 5.45 While the receipt of responses from two manufacturers gave AUSTEL an additional perspective on the issue of the commercial viability of CND, if one or other of the blocking options were adopted, the responses generally did not advance AUSTEL's consideration of the issue. That is, the responses were of necessity largely speculative in that they did not have hard information based on Australian experience upon which to advance their case for or against either option. The absence of such information should be remedied by AOTC's proposed trial of the service. AUSTEL reserves its position until such time as further information is available. In the meantime the views of submitters are summarised below for the record. 5.46 Two commercial issues were considered in the draft report- o firstly, whether carriers could afford to offer CND services on an opt in (per line blocking/per call transmission) basis. o secondly, whether business that see potential uses for CND in enhancing the services they offer their customers (ie - by making use of their customers' displayed numbers) would make the necessary investment if CND services were offered on an opt in (per line blocking/per call transmission) basis. It is claimed that such businesses would need the larger percentage of CND that the opt out (per line transmission/per call blocking) approach is likely to deliver before making the necessary investment. 5.47 Responses to the draft report covered both these points. The second point was extended to the important area of opportunities for manufacture, supply and export of CLI capable customer equipment for both the householder and the business markets. Responses were received from two equipment suppliers, NorTel and Alcatel, both submitting that there were significant opportunities for Australian business and that ways of resolving the privacy concerns needed to be addressed if these opportunities were not to be lost. 5.48 Opinions were divided on whether commercial viability should be taken into account. There were more responses arguing that commercial viability of the service for the carriers and other areas of the telecommunications industry would be in real risk if the service were to be provided only on an opt in basis. 5.49 The Communications Law Centre, while agreeing with AUSTEL's position in the draft report that a convincing argument for the commercial benefits of CND had not been put forward, said - ôWe do not oppose AUSTEL considering any further submissions about the economics of CND. However, the simple question of whether consumer CND will be more or less viable on an opt in or opt out basis is not the central issue for AUSTEL. Rather, AUSTEL should consider whether the case has been made for a social or national benefit resulting from CND above and beyond the commercial benefit to AOTC.ö 5.50 On the point of whether it would be worthwhile for the carriers to operate the service in an environment in which consumers were given a choice as to whether to send their CND, the draft report had mainly considered the capital costs, that is, the cost of the technology. Some responses pointed out the significance of marketing and administrative costs. For example, the submission from NorTel said that the costs of the technology - ô typically represent only some 15% of the cost of any new service being delivered to customers. Other costs such as maintenance, operations, sales, marketing, end user support etc contribute the bulk of the financial burden.ö 5.51 AOTC made similar points to those made by NorTel. AOTC also indicated that - o it would bear the cost, which it estimated at between $4 - $6 to change a customer's default configuration from opt in to opt out, or vice versa o it had concerns about the cost of an open ended public awareness campaign. 5.52 Optus argued vigorously about the viability of the service for carriers if customers have to be persuaded of the merits of sending their CND - ôIn Optus' view, AUSTEL's assertion that the carriers could drive CND services towards viability through active promotion amongst customers is flawed. CND is the type of service whose advantages must be immediate and apparent to customers who subscribe to it. A partially effective service is likely to be viewed by customers, and reported to other customers, as a ædudÆ.. The initial subscribers will inevitably find and report the service as defective, and word-of-mouth from them will undermine the carriers' promotional campaign.ö 5.53 Optus provided information from BellSouth on the effect of blocking options on take up rates in support of their argument. A marketing research study asked the question, If no numbers could be blocked from Caller ID, would you be more likely to subscribe, less likely to subscribe, or would it make no difference? Business Residence Customer Type Takers (Definite) Takers (Likely) Non-Takers Takers (Definite) Takers (Likely) Non-Takers (number) 28 80 294 59 204 547 More likely 16 18 33 18 53 57 57% 23% 11% 31% 26% 10% Less likely 3 17 34 9 34 82 11% 21% 12% 15% 17% 15% No difference 9 41 220 28 106 375 32% 51% 75% 48% 52% 69% Don't know 4 7 3 7 17 5% 2% 5% 3% 3% No answer/refused 1 4 16 2% 2% 3% 5.54 This table supports Optus' contention that blocking hurts the take up rate but it does not answer a point made by Professor Dutton below (paragraph 5.74), that even if a majority wanted CND, that would not extinguish the concerns of the minority. Further, these figures do not support a contention that a majority want CND. Of the 1212 people covered in the survey, only 87 or 7% were definite takers of the service. It is clearly true that it would be easier to sell receipt of CND if it came with a guarantee that phone numbers of callers would be provided 70% or even 100% of the time. But marketing ease is largely irrelevant to those such as the Communications Law Centre who look for benefit above and beyond a carrier's commercial gain. In any event, AOTC has recognised that consumer concerns need to be addressed before introducing CND. 5.55 There are also the capital or technological costs to be considered. AUSTEL understands that the major capital expenses in delivering CLI based products (including CND) are - o the data centres at the subscriber stage of local exchanges o the upgrade of local exchange software o specific upgrades to ARE exchange software, in order to give blocking options to customers whose phones are connected to these exchanges. 5.56 On the information presently available to AUSTEL, the cost involved in these investments is not great compared to the costs that AOTC must necessarily incur in extending CLI through the system, . The real cost to the carriers would appear to lie in expanding the penetration of CLI throughout the network and this expansion would be expected to occur irrespective of whether CND is offered as a service to customers. That is because CLI is required for carrier-to-carrier billing and to enable carriers and service providers to bill their own customers. The introduction of CLI based services - of which CND is only one - offers the carriers an opportunity to recoup some of the costs of CLI and, as the response to the draft report from NorTel points out, a chance to generate a revenue flow that supports the rapid deployment of network modernisation. 5.57 Those that argue for the status quo to remain until a customer has made an informed choice also argue that if the carriers want to maximise their investment in CLI by offering CLI based services, they should do so in a manner that would persuade customers of the benefits of those services so that customers would, of their own volition, choose the carrier's preferred opt out (per line transmission/per call blocking) approach. It may mean that - o the spread of CLI based products (including CND) is slower than it might otherwise be o the carriers may take longer than they might otherwise to maximise their investment in CLI, but it would be consistent with the principle of informed choice. 5.58 On the second major issue of commercial viability, the business applications and opportunities offered by CND can be divided into three groups - o opportunities for equipment manufacturers and suppliers in fulfilling the demand for CND capable phones and other equipment making use of CLI based services o applications by businesses that make use of the information supplied. Various examples were suggested in the submissions, some on a commercial-in-confidence basis. Examples include faster response to telephone inquiries, lead generation through the use of inbound telemarketing, and security-based applications. o business opportunities based on the caller being able to use his or her CND as authentication. 5.59 Alcatel and NorTel made responses to the draft report that stressed the potential benefits of the equipment opportunities. Alcatel wrote - ôwe believe Australian industry can be uniquely positioned to develop and manufacture telephones which exploit CND ahead of such products appearing elsewhere in the world.ö Alcatel asks that AUSTEL cooperate in a market trial of CND which would include a trial of the customer equipment. AUSTEL welcomes the concept of a trial and would cooperate with it until such time as it would be appropriate to transfer that responsibility to the proposed Telecommunications Privacy Committee. 5.60 The submissions that dealt with the business opportunities afforded by using CND information were generally vague about the specific applications of CND and did not address the question whether these applications needed a very high level of automatic sending of CND to operate or be viable. In meetings with some submitters, it transpired that there were often simpler ways of achieving similar outcomes. For example, when there were queues of callers to a busy company, interactive recorded messages might work better than capturing the callers' number and ringing back. It was often said that the answering machine already provided most of the benefits promised by CND. Some respondents and submitters were concerned that the most obvious business application, the re-processing of CND from in bound telemarketing calls (for example, calls to 008 or 0055 numbers) for marketing purposes is contrary to the OECD Guidelines which say information should only be re-used with the express consent of the data subject. 5.61 VitalCall, a company which runs a medical response scheme, sees great advantages in the autodiallers that their clients use revealing the CND since in conjunction with a reverse directory it will confirm the location of the person needing emergency attention. VitalCall points out that this requires the CND to be available from the phones their customers may use. 5.62 The business opportunities in the third group are largely in a conceptual stage. Myles Ruggles of CIRCIT suggested that such applications are more likely to get off the ground if the service is configured in a way that maximises individuals' control over the release of their personal information, ie - ôFor commercial transaction through networks (or anywhere else) to be completed, parties do need verifiable information about one another... For individuals and organisations to freely entrust carriers with the information needed to perform these services, carriers must enjoy an unimpeachable status as a trusted third-party 'honest broker'... A starting point, in the present context, would be to offer a CLI service to Australians which preserves their control over the personal information disclosure, while demonstrating the carriers' good-faith intentions with respect to privacy interests. CLI should therefore be offered with a default blocking configuration, an ACR (Automatic Call Rejection) option, and a per-call unblocking option, with per-call charges attached to both options, and a per-line charge for the CLI service...On the foundation of a CLI service configured in this way, additional services could be developed to enable customers to store various types of information in the network, and to selectively release it on a call-by-call basis.ö 5.63 Mr Ruggles is building on a ôModest proposal to accelerate the information economy, reduce credit card fraud, break the Caller ID deadlock, and make almost everyone happyö put forward in the presentation by Dr Rohan Samarajiva cited above. Dr Samarajiva argued for a situation in which telephone companies would release CLI based information to third parties when the caller so authorised - ô...the proposal is for the telcos to build on their existing and unique strengths to provide a key infrastructural element of the electronic space now taking shape over the networks controlled by them. All present and future inhabitants of electronic space will win because of the reduction of uncertainty and risk affecting their transactions. Individuals will win because their privacy rights will not be sacrificed at the altars of authentication and market research. Firms that do business on the network will see business boom. The telcos will win by occupying the most pivotal position in this information economy with enormous growth potential...because they will be doing what they know how to do best, providing common carrier services.ö 5.64 The draft report contained a section on technical issues which explored the privacy implications of CLI based services being introduced in a network with a variety of capabilities of sending and receiving CND. While in view of AOTC's decision to delay the introduction of CLI based services, these issues do not need to be addressed in detail, it is worth flagging them for consideration when the decision to introduce CLI based services is taken - o how will calls from public payphones be treated? It seems desirable that such calls be identified as coming from a payphone. o will it be possible to distinguish between blocked calls and calls from phones not able to deliver CND? (This question may be irrelevant, depending on the degree of modernisation achieved by that time.) o what will the override codes be? This issue is being addressed in AUSTEL's Numbering Plan and the proposal is that *31 would allow CND to be sent, while *32 would block it. Having different codes will mean that consumers can be clear whether they are sending or blocking. A single override code which reversed whatever was the normal configuration of the phone has the disadvantage that people might not know which option they were choosing if using a phone not their own. The principle of informed choice {tc "The principle of informed choice "} 5.65 Much of the debate has centred on whether the phones of customers whose local exchange supports sending CND should be configured so as to send or block CND in the normal course of events. This debate appears to AUSTEL to be wrongly based on the premise that a decision should be made on behalf of the majority of consumers irrespective of their individual preferences. A blanket opt out or opt in decision (even where over-rides are available) removes decision-making power from individuals. AUSTEL is of the view that - o customers should be given the opportunity to understand these services and then to choose how their phone should be configured o the premise would be wrong whether it is a telephone company or a government agency that made the decision on behalf of consumers. 5.66 At some stage both carriers, AOTC and Optus, will give their customers an opportunity to decide whether they choose to buy receiving the CND product. AUSTEL believes that customers should also be able to choose whether to send CND, even though the sending of CND is not something for which there would be a charge. 5.67 That is, AUSTEL believes that the principle of informed choice should guide the introduction of the Calling Number Display service, and any other CLI based service that raises privacy concerns. The weight of ôinformedö is that people must be given an adequate opportunity to understand how the service is going to work, and how it will affect them given their particular circumstances. The weight of ôchoiceö is that there should be an explicit customer choice process: it should not be assumed that people have chosen to send their CND because they have not taken steps to stop it. 5.68 The grounds for this belief are - o informed choice is a basic principle. Where people have participated in a choice and know that they have exercised a personal influence, there is less likely to be subsequent adverse reaction o the corollary to that is that where people do not get a choice, they may feel they have been coerced or denied a voice and that is likely to have an adverse effect on their perceptions of the carrier. It is possible to see a non-participatory opt out decision being perceived as one group of people being forced to provide information to another group of people who are well off enough to pay for it. Equally a non-participatory opt in decision could be seen as a paternalistic decision to deprive people of the advantages of a new service o the process of informing people about the new service has intrinsic benefits regardless of outcome. Telecommunications is a dynamic industry both in its structure and its technology and keeping consumers informed about the new choices and complexities is a significant challenge. In the process of an information campaign, people would have a chance to reach a better appreciation of the new technologies and the implications of the competitive structure of the industry o people pay for the telephone service, and should therefore be able to exercise choice about how that service is delivered to them. AUSTEL recommends that the principle of informed choice should govern the introduction of Calling Line Identification based services, particularly Calling Number Display. 5.69 Putting principles into practice is not a straightforward process and there may be differences among interested parties about what steps would be involved in ensuring that customers have an adequate opportunity to inform themselves and to make a choice. The Telecommunications Privacy Committee will be in a position to clarify this by supervising the development of a code of conduct which covers these points. This code of conduct would be developed primarily by the carriers acting as a sub-committee in the process described in Chapter 4, although other interested parties would also participate in the formulation of the code. To be acceptable to the Telecommunications Privacy Committee, the code would have to meet the standards set out in the checklist in paragraph 4.58. 5.70 In developing this code, a relevant consideration will be what has been done in other areas in which consumers have been asked to make choices regarding their telecommunications services. One example is preselection, that is the nomination of the ônormalö long distance carrier. There the carriers have agreed that important considerations that underlie this process include - o the need for customers to exercise their choice with full knowledge of the service offered by both carriers o protecting the proper rights and expectations of customers, including their rights to privacy and to freedom of choice. (Joint Announcement of Telecom Australia and Optus Communications, 15 November 1992, Progress made on Phone Pre-Selection Agreement). These points establish the need in the preselection process for a public information campaign to make clear what will be the effects of the various options people might choose. The points also apply to the introduction of CND, and the code to be developed under the auspices of the Telecommunications Privacy Committee should reflect them. Also, the customer preselection choice mechanism principles agreed between AOTC and Optus provide, in effect, that a customer who does not exercise a choice in favour of Optus will be deemed to have preselected AOTC. That is, the principle in the preselection context is that where a customer does not exercise a choice, the status quo pertains. That principle might apply equally to customers who do not choose to have their number displayed to the persons they call. 5.71 Other relevant considerations include consumer response in a carefully designed and monitored trial of CND, holding surveys, assessing people's reactions to and understanding of a 000 emergency service that delivers calling party information to the operator, as well as working out what kind of campaign is needed to reach an adequate portion of the population. AUSTEL recommends that - o the Telecommunications Privacy Committee supervise the development by the carriers and other interested parties of a code of conduct that will ensure that customers have the opportunity to make an informed choice o the code make provision for - - a public awareness program - the ôdefaultö option where a customer does not make a choice. 5.72 After there has been an explicit opportunity for people to choose whether they send CND from their phones, there will be a percentage of people who have not exercised a choice and a decision will need to be made about how their phone is to be configured. The decision should relate only to those people who have not exercised a choice. While AUSTEL is of the view that the principle of ôinformed choiceö should govern whether a customer sends or blocks CND, it hopes that many individuals would in fact decide to configure their phone lines so that CND would be sent except for those occasions when they expressly did not want it. Many people deciding to send their CND by choosing the opt out option will mean a free sharing of information and will give opportunities to equipment manufacturers and business people to enhance services and products. If the percentage of people not choosing is high the decision about how their phone is configured becomes significant. The code of conduct should make provision for this decision, that is, it should provide guidance on the default option. 5.73 In its draft report, AUSTEL supported a default option that people not making a choice ought to have their phones configured to have a per line block (opt in). The grounds for this were - o that the general and natural expectation is that where people have not made a choice the status quo will continue. On the information currently available to it, AUSTEL endorses this expectation and considers that the status quo should be retained in respect of those customers who do not make a choice, ie - the ôdefaultö option should be that customers who do not make a positive choice to permit their numbers to be displayed should not have their numbers displayed. o AUSTEL agrees with submissions made by some consumer and public interest groups that the people who may not make a decision are likely to be those who are disadvantaged and less able to understand the implications of the new services by reason of language difficulties, age, intellectual disability, social isolation or some other reason. o marketing considerations do not justify putting people under pressure to provide their personal information. It has been suggested by carriers and by equipment suppliers that people will not pay to receive the CND service, or will not maintain their subscription to the service, unless the calling party's information is disclosed in a substantial majority of cases. It is further suggested that opt out will more readily produce that majority. The reasoning on this point may be logical, but the premise that marketing considerations justify putting pressure on people to disclose their information is not. o that the privacy of the called party is not lessened by the non-provision of CND. This point, which is based on a distinction between privacy and intrusion, is not intended to minimise or trivialise the reality of nuisance and harassing phone calls or to suggest that there is some kind of right to make anonymous phone calls. Issues related to harassing phone calls are discussed in paragraphs 5.39 - 5.43 In an exchange of CND, the caller is providing the called party with personal information (his or her telephone number) so that the called party can make a more informed decision about the intrusion represented by that phone call. The called party's personal information is not affected. 5.74 This last point is one addressed by William Dutton in his article The Social Impact of Emerging Telephone Services (Telecommunications Policy July 1992). Commenting on the pro-Caller ID argument that on simple utilitarian grounds, ô...caller-ID comes out on the plus side because it protects the privacy of the person being called, while it is argued that the problems it raises are relatively trivialö, Professor Dutton cites two weaknesses - ôFirst, democratic values are as deeply concerned with the protection of minority rights as they are with majority rights...even if most people were to want this service, it would not lessen the relevance of privacy concerns, nor an individual's right to privacy... Second, the utilitarian calculation often confuses two very different kinds of privacy... Caller-ID threatens the privacy of the caller by disseminating personal information; it protects the peace of mind of the person being called, which is a different dimension of privacy, concerned with intrusion.ö 5.75 AUSTEL is aware that there are significant industry members, including some who will be members of the Telecommunications Privacy Committee, whose support for an opt out arrangement for non-choosers has been consistently stated since the inception of this inquiry. The opt out situation will need to be given serious consideration at the time a decision is made. AUSTEL believes, as can be seen from the points made in above paragraphs, that there are serious objections to be answered and overcome before opt out can be adopted, but notes that since the publication of its draft report AOTC has indicated a willingness to trial Calling Line Identification based products, including Calling Number Display, during 1993 and that such a trial may generate hard information about the general community's likely reaction to their numbers being displayed as a matter of course. AUSTEL would want to review its consideration of the default option in the light of any such hard information and any other information that might be available to it at the time a decision has to be made. AUSTEL recommends that any proposal for a default option should be supported by valid contemporary evidence of its public acceptability, such as independent market research acceptable to AUSTEL and the Telecommunications Privacy Committee. In considering the default option the Committee should have regard to the potential social or other benefits of CND along with the public interest in leaving consumers' existing arrangements undisturbed unless they choose positively to alter them. 5.76 AUSTEL's position, expressed in its draft report, that is, support for an explicit and informed choice for consumers whether they send and/or receive CND, with opt in for those who do not make a choice, attracted considerable comment, in particular on the following aspects - o the suggestion of a trial of CND services, with a postponement in its more general introduction o the recommendation of a public education campaign o what the ôdefaultö configuration should be, per line block or per line transmission o CND's potential to protect from nuisance and harassing calls, o the implications of the default position for commercial viability of CLI based services. These comments are discussed seriatim. Trialing CND services{tc "Trialing CND services"} 5.77 As indicated above, AOTC has decided to delay the introduction of the CND service until the privacy concerns related to it have been more satisfactorily resolved. It intends to undertake a trial of CND services as a contribution to the resolution of the privacy concerns - ôTelecom is committed to the concept of trial of CND and other CLI based services. Timing of these trials is likely to be the later half of 1993...ö 5.78 AUSTEL welcomes the idea of such a trial, especially if it provided information on the acceptability of different ways of offering the service, and involved consumer advocates in the project team as well as industry and market research people. As stated above, the information generated by a trial could be a significant source of information for the Telecommunications Privacy Committee in reaching a decision about the terms on which CLI based services should be introduced. Given that AOTC hopes that the trial will provide evidence and information supportive of an opt out position for people who do not make an explicit choice when given the opportunity to do so, it will be important that the trial be designed in a way that means the information derived from it is helpful and unambiguous. Therefore, the conditions of the trial should be agreed between the Telecommunications Privacy Committee and AOTC and its partners in the trial. 5.79 AOTC would be joined in the holding of such a trial by an equipment company, which would be responsible for the switches and their software and also for the customer equipment so that consumers could choose what combination of service or services they wanted. Another advantage of such a trial is that it will give both AOTC and the equipment company an opportunity to assess the commercial viability of the service in a limited context with contained costs. AUSTEL recommends that - o AOTC proceed with a trial of Calling Line Identification based services, including Calling Number Display during 1993 - the conditions of such a trial being agreed with the Telecommunications Privacy Committee o those responsible for the development of the code of conduct to ensure customers have the opportunity to make an informed choice have regard to the outcomes of the trial and other relevant research results or information available at the time. Public awareness campaign{tc "Public awareness campaign"} 5.80 As argued in the draft report, giving consumers a chance to choose whether or not they wish to send their CND means that they must also have a chance to understand what it means. A substantial public awareness and education campaign, especially about the implications of sending CND, would be a prerequisite to this approach. The draft report asked for comment about whether carriers should be required to fund and conduct independently supervised campaigns so that consumers will be in a position to make an informed choice about their CND options. 5.81 Nearly all the respondents who commented on this point supported the idea of such a campaign, including AOTC. It said - ôAOTC endorses AUSTEL's conclusion on the need for a public awareness campaign... It is considered that such a campaign is required regardless of how CND is eventually introduced...supervision of the type implied in AUSTEL's draft Report is unnecessary at this time, as no particular change is proposed...ö 5.82 The Federal Bureau of Consumer Affairs also supported the idea, writing that it - ôrecommends that the carriers be responsible for conducting and financing a community education campaign into Caller ID and its optionsö. The Privacy Commissioner supports - ôAUSTEL's views on the need for consumer education to ensure informed choice. I feel that organisations such as carriers and marketers should be encouraged to explain to consumers why they should allow their information to be transmitted to third parties.ö 5.83 Other respondents supporting the awareness campaign included the Women's Electoral Lobby, Seymour Shire Council and Consumer Affairs NSW. This last response pointed out - ôAn extensive education/information campaign is clearly essential and would appear to be in the interests of the carrier.ö 5.84 Some respondents thought such a campaign was a good idea, but doubted that it would be successful. Michael Doyle, an individual respondent, characterised it as a ônear impossible taskö but one which ought to be attempted. Mr Doyle believes that AUSTEL is optimistic in thinking that many customers would make a choice. Some respondents had more severe doubts about the concept. For example, the Department of Transport and Communications suggests a reassessment of AUSTEL's proposals regarding CND, including the recommendation that the carriers fund a public information program, as the cost of this program will directly influence the commercial viability of the service. The Australian Telecommunications Users Group is more basically opposed - ôThe question about possibly requiring carriers to fund education campaigns on consumers' choices regarding CND smacks of the ônannyö approach to public administration... it needs to be remembered that every cost imposed on carriers has to be recovered from users of their services. On this basis ATUG would be opposed to compelling carriers to conduct ôindependently supervisedö education campaigns.ö 5.85 The best outcome of such a campaign and choice process would be for the highest possible percentage of customers to exercise an informed choice and respond to the ballot. The privacy concerns primarily arise where people do not exercise their choice or where, as has been the case in North America, people are not given a choice and the matter is settled by the telephone company and the regulatory authorities. It is difficult to estimate how many consumers would in fact respond to the opportunity to make a choice. To some extent the answer depends upon the quality and reach of the public awareness campaign. AOTC has said that it would expect only a low response rate, but a contrary indication is the response rate achieved by some preselection ballots (for long distance carriers) in the United States of America. The response rates for some areas in Minnesota and Iowa ranged between 62% and 88% except for one response rate of 54%. (Telephony, July 15 1985, p. 44). But no matter how good the campaign, there would be a group of consumers for whom a decision would have to be made, ie - those customers who did not respond to the ballot, and these are the customers who will have to be considered in reaching a decision on the default option. 5.86 Notwithstanding comments to the contrary and the anticipated difficulties, generally the idea of an awareness campaign received support. AUSTEL recommends that prior to the introduction of Calling Number Display and other such services the carriers should undertake a public awareness campaign to inform the community about the implications of both sending and receiving Calling Number Display. Service provider issues{tc "Service provider issues"} 5.87 Although the emphasis in this inquiry has been on the provision of CLI based services to and from individuals, there is also the issue of the provision of CLI to service providers and businesses. In considering this issue, it is important to be clear on the relationship between CLI and CLI based services. CLI is the network signalling capacity, CLI based services are a set of products developed using that capacity but packaging the information in different ways in order to sell it to consumers. CLI is passed around the network, but CLI based services are taken past the network into the customer access network or ôlocal loopö, using software installed in the exchanges. From the privacy perspective, a central difference between CLI and the consumer products based on CLI is that CLI is passed without any action on the part of the consumer to transmit it or block it. The consumer products, however, may be controlled by a customer, either when the customer takes no action to stop the information being sent or when the customer actively allows the information to be sent. 5.88 As observed above, the exchange of CLI between carriers is a necessary condition for long distance service competition in Australia. Whenever a long distance call is carried on more than one network, the CLI for that call will be passed from the originating network operator to the subsequent one. The customer placing the call will not have the ability to stop that happening and that exchange is necessary so that both operators may bill their customers and manage their traffic. Issues related to the further use that may be made of that information, (eg - for marketing purposes) may be addressed in a code of conduct developed by carriers to determine their information handling practices. 5.89 Similar issues arise in relation to the supply of CLI information to service providers who may need it for billing and other management purposes. 5.90 AUSTEL's draft report canvassed some options for dealing with the issue of the provision of CLI to service providers. Since the publication of the draft report AOTC has filed a National Connect service tariff providing for service provider interconnection with it. That tariff provides, amongst other things, that - "CLI will be provided as part of the National Connect service ... (Subject to AUSTEL authorisation)." 5.91 AUSTEL has authorised the provision of CLI as part of the National Connect service on one occasion subject to the service provider - o informing its customers that it has access to CLI information o that neither the service provider nor its employees or agents will reuse data provided to it by a customer for the purposes other than those for which it was given without the customer's express consent o CLI information gathered from callers who are not customers of the service provider will be deleted as soon as possible and not used for purposes the caller might be unaware, particularly, marketing or advertising campaigns. 5.92 In authorising the service provider's access to CLI, AUSTEL noted that the service provider agreed to be subject to a voluntary code of conduct and to the AUSTEL's Service Providers Class Licence being amended to include basic privacy principles. 5.93 The two main privacy aspects of a service providers' access to CLI information are - o ensuring that the service provider's customers understand that CLI information about their telephone transactions is being delivered to the service provider and that they agree to this o the subsequent use that a service provider may make of CLI information. 5.94 The question arises, how best can the principle of informed consent (developed later in this Chapter) be applied to service providers' use of CLI information? Where a service provider is dealing with customers who have a contract with it, the answer is relatively straightforward: the contracts should clearly explain the terms and conditions of the service, including the use of CLI information. The contract should make it clear that the delivery of the CLI is for the purposes of providing the service and billing for it, not for marketing or selling information to third parties. This limitation is in keeping with the OECD and Information Privacy Principles related to the specification of uses and the limitation of subsequent uses to those specified, unless there is explicit consent. 5.95 There may be instances in which a service provider receives CLI in respect of people with whom it does not have a contract. For example, a person who has no contract with a service provider might dial a service provider's access code to place a long distance call. It will be up to the service provider, not the carrier, to have in place a mechanism (eg - a recorded voice) that informs the person that the service is not available to a person who has not entered into a contract with it. But the service provider will have that person's phone number as a potential customer. In that case the CLI information should be deleted as soon as possible (which may be after the carrier has billed the service provider for the relevant period). Although it may be acceptable for a caller, who has shown interest in a service, to be switched to a recorded message or operator explaining the terms on which the service is available, it would be unacceptable for CLI information to be used as the basis of a subsequent marketing campaign without the caller having any chance to consent to that use. 5.96 Amendments to the Telecommunications Act 1991 to bring service providers and their employees within the ambit of the provisions of section 88 relating to the handling and disclosure of information have been introduced, and, if passed, would ensure that service providers have the same limitations and freedoms in dealing with information as do carriers. This is something that AOTC asked for in its original submission to the inquiry - ô...resellers and service providers should not be in a better or different position than carriers in respect of their ability to re-use or disclose customer information for commercial or other reasons.... In the interests of customer understanding and confidence, it is important that to the greatest extent possible the obligations of carriers and resellers are identical in this contextö. 5.97 But extending the scope of section 88 in that way may not produce a complete answer and there are a number of options for the provision of more adequate privacy protection. They include - o encouraging service providers who wish to receive CLI to formulate a code of practice to be submitted to the proposed Telecommunications Privacy Committee o varying AUSTEL's Service Providers Class Licence by including a condition requiring service providers to observe a code of practice relating to privacy o ensuring that the proposed Telecommunications Industry Ombudsman has jurisdiction over service providers and may apply a sanction in the case of a breach of privacy. o legislative amendment to the Privacy Act 1988 so that it applies to both carriers and service providers. 5.98 The option of encouraging service providers who wish to receive CLI to develop a code of conduct to submit to the Telecommunications Privacy Committee for approval has a number of advantages - o consistency with the approach put forward in Chapter 4 o resolution of a breach at the place where it occurs o minimal intervention consistent with achieving the desired objectives. o harnessing the goodwill demonstrated by service providers' participation in the inquiry Given the level of concern expressed by some consumer groups about the need for privacy protection where CLI is involved, this option may be perceived as a weak solution. 5.99 The option of varying AUSTEL's Service Providers Class Licence has certain advantages. It does not involve another agency (either the Ombudsman or the carriers) as an indirect means of achieving the effect sought, but rather directly targets the groups whose compliance is wanted. This option may, however, require amendment to section 203 of the Telecommunications Act 1991 to make clear that privacy protection is within the objectives of the class licence system. 5.100 The option of referring complaints about breaches of privacy to the Telecommunications Industry Ombudsman is compatible with a voluntary code and could also be part of a provision in the Service Providers Class Licence. Some respondents to the draft report, however, were opposed to the Telecommunications Industry Ombudsman playing any role in this area because the office may lack formal jurisdiction over service providers. It seems that service providers may participate in the scheme if they choose, but are under no obligation. The Communications Law Centre has said on this point - ôOur earlier submissions suggested a significant role for the Industry Ombudsman in privacy protection. Since then, the role and structure of that body has been clarified and will mean it may not be an appropriate place for privacy issues to be dealt with. The Minister has proposed that membership of the Industry Ombudsman should be voluntary for service providers. Many service providers will therefore not be covered, let alone telemarketers. Secondly, the carriers, who must fund the Industry Ombudsman, are unlikely to want to see it devote resources to issues and complaints which they are unable to do anything about.ö It may be that the Communications Law Centre is taking too limited a view of the role the carrier-funded Ombudsman could play. The AOTC response to the draft report certainly envisages a wider privacy protection role for the Ombudsman, and raises no objection to the provision of resources that would be required. 5.101 The option of amendment to the Privacy Act 1988 could be a useful way of bringing congruence into the privacy framework in Australia and moving towards a non-sectoral approach. Such an amendment would have a wider reach than merely controlling what service providers do with the information they have gained from the passage of CLI, although that would be a consequence of such an amendment. As stated earlier, AUSTEL is not in a position to pursue this outcome, but can see merit in such an amendment to the Privacy Act 1988. AUSTEL recommends that - o the Telecommunications Act 1991 be amended to remove any doubt whether AUSTEL may vary its Service Providers Class Licence to require a service provider receiving Calling Line information to develop for approval by the proposed Telecommunications Privacy Committee a code of conduct for dealing with such information o service providers be required to observe such a code o the code be subject to the jurisdiction of the Telecommunications Industry Ombudsman so that the Ombudsman may receive and resolve complaints alleging breaches of the code and, where appropriate, recommend to AUSTEL whether it should take action under the class licence for a breach of the service provider's obligation to observe the code. CHAPTER 6 UNSOLICITED TELECOMMUNICATIONS{tc "UNSOLICITED TELECOMMUNICATIONS"} What do we mean by unsolicited telecommunications? 6.2 The nature of unsolicited telecommunications 6.3 Overseas experience 6.5 The United States of America 6.6 Europe 6.8 ôOff-shoreö telemarketing 6.9 The issues 6.10 Intrusion 6.11 Personal Data 6.15 Fair Trading 6.20 An effective complaints handling mechanism 6.32 Accommodating preferences not to receive unsolicited telecommunications 6.43 Directory marking 6.49 Preference lists 6.55 Other mechanisms for handling unsolicited telecommunications 6.64 6.1 This chapter canvasses issues related to unsolicited telecommunications including overseas experience in relation to those issues and looks at how - o the voluntary co-regulatory approach proposed in Chapter 4 might apply to resolve the issues, rather than adopting more stringent measures that have been applied overseas o those who prefer not to receive unsolicited telecommunications might give effect to their preference. What we mean by unsolicited telecommunications?{tc "What we mean by unsolicited telecommunications?"} 6.2 This chapter focuses on "unsolicited telecommunications" in the sense of telecommunications initiated by a business or other organisation to a residence in circumstances where - o the resident does not have a continuing relationship with the business or organisation o the object of the telecommunications is to persuade the resident to a course of action such as buying something, making a donation or participating in a survey. The nature of unsolicited telecommunications{tc "The nature of unsolicited telecommunications"} 6.3 Unsolicited telecommunications are many and varied and included unsolicited faxes. Certainly, not all unsolicited telecommunications involve telemarketing - market research is one obvious exception. Nor is all telemarketing based on unsolicited telecommunications - inbound telemarketing relies on advertising to consumers to call a number. Some telemarketing may also be in the form of after sales service follow up with a customer who has had a prior relationship with a business. 6.4 Technological advances in Automatic Calling Equipment such as predictive diallers, auto diallers and a range of equipment which replace in whole or in part an operator's involvement in unsolicited telecommunications have the potential to increase the volume of unsolicited telecommunications in Australia. Issues relating to the use of such equipment are canvassed in Chapter 7. Overseas experience{tc "Overseas experience"} 6.5 Unsolicited telecommunications issues have become much more prominent in both North America and Europe over the past year with administration in both continents adopting various legislative and regulatory approaches to the emerging problems. The United States of America 6.6 In the United States of America, the Telephone Consumers Protection Act - a Federal law - was introduced and signed by President Bush on 20 December 1991. The intention of this law is to prohibit ôcold callingö or unsolicited telecommunications except in specified circumstances. 6.7 The exceptions include soliciting by registered charities, where the consumer has given express prior consent and where there is a pre-existing business relationship which has been fairly strictly defined. Limitations have also been placed on the use of autodiallers. For example, it is forbidden to ring hospital patients, counselling services and residential lines without specific consent. The effect of those restrictions is that autodiallers cannot be used to dial randomly or through sequences, but will need to be programmed with specific lists. This Federal legislation follows in the path of a wide range of regulatory actions taken by State telecommunications agencies to control intra-State unsolicited telecommunications. Europe 6.8 The Council of Europe's Committee of Experts on Data Protection has recently produced a Draft Recommendation on the Protection of Personal Data in the Area of Telecommunications Services, with Particular Reference to Telephone Services (see also paragraphs 3.41 - 3.42). The draft recommendations cover the following points - o limits on subscriber data being used for direct marketing purposes, in accordance with the Guidelines and domestic law o encouragement of codes of practice. ôIn particular, domestic law or codes of practice should apply to the time when calls may be made, the nature of the message and the manner in which the message is communicated. In any case directing advertising material at minors should be forbiddenö o no directing marketing of subscribers who have asked not to be contacted. ôFor this purpose, appropriate means should be developed for identifying those subscribers who do not wish to receive any advertising material over the telephoneö o recorded advertising using automatic call devices to be directed only at consumers who have consented in writing o application of the above points to marketing messages delivered by facsimiles. ôOff-shoreö telemarketing{tc "ôOff-shoreö telemarketing"} 6.9 Some submitters raised the possibility of telemarketing operations being established off-shore, ie - in countries which have standards of data protection lower than Australia's. This is a subset of the wider issues of trans-border data flows which is addressed in paragraph 3.44. The issues {tc "The issues "} 6.10 From a consumer's viewpoint, unsolicited communications raise - o both aspects of telecommunications privacy, namely - o intrusion o control of personal data o fair trading issues. Each is dealt with seriatim below. Intrusion{tc "Intrusion"} 6.11 Many submitters perceive unsolicited telecommunications as intrusive. They expressed views to the effect that - o such telecommunications should not be permitted unless the called party has given prior explicit consent o there should be a mechanism by which consumers can indicate that they do not wish to receive such calls. The intrusiveness of unsolicited telecommunications is clearly a telecommunications-specific issue. 6.12 Opinions differ whether intrusion is a privacy issue. In the submissions made to this Inquiry, a number of people argued that unsolicited telecommunications did not involve breaches of privacy because no data was being collected, used or disclosed. Not surprisingly, this is the position of The Australian Direct Marketing Association - ôAn unsolicited communication may have been intrusive but if it makes no further impact or interference with the peaceful enjoyment of life it cannot be construed as a breach of privacy." 6.13 The Privacy Commissioner, in his submission, argues in a similar vein. AUSTEL agrees with the point made by these submissions, ie - that intrusion is not strictly a ôprivacy issueö. While it is important to make the distinction, and the distinction has been used in this report, this is not to discount the significance of intrusion, nor to deny that it is related to privacy concerns. Just as different individuals are threatened by the disclosure of personal information to very different degrees, from its being not important through to being life-threatening, the impact of intrusion varies greatly. A person who lives alone and is rarely home will experience little inconvenience, a person who works from home or one who is elderly or infirm may be affected adversely. There is also a connection between the personal data aspects of privacy and this intrusion aspect where marketing lists, composed from re-used personal data, result in an unsolicited telecommunications intrusion. 6.14 The depth of feeling about unsolicited communications and the anger and frustration they generate are shown in the quotations, at paragraph 3.5, from submissions received by AUSTEL in response to its initial discussion paper. If the voluntary co-regulatory approach proposed by AUSTEL is to succeed, it must be seen to focus on the cause of that anger and frustration. The options by which the voluntary co-regulatory scheme may do that are listed in paragraph 6.45 and discussed thereafter. Personal Data{tc "Personal Data"} 6.15 Commercial initiators of unsolicited telecommunications usually work from lists of potential or likely customers. The quality, accuracy and integrity of such lists directly influence the success or ôhitö rate and therefore trade in lists is a significant industry issue. Equally, consumers are often concerned with questions of how they got onto a particular list and how they might be able to get off it . This is not a telecommunications-specific matter but it does have a telecommunications-specific aspect if Calling Number Display were to get such widespread acceptance as to enable inbound telemarketers to capture phone numbers and compile and trade in lists. 6.16 These kinds of concerns are a small part of the wider concerns held by some people about the collection, storage, manipulation and sale of such personal information. It is an area that shows the tension between sectoral and non-sectoral approaches. Only a broad non-sectoral approach that placed limits on the re-use by both the private and the public sectors of data gained from whatever source can really address this issue. AOTC's first recommendation in its response to the draft report takes up this point - "AUSTEL should act on issues related to the reuse of personal information obtained by end users of the telecommunications network." "The perceived potential for re-use, or mis-use, of information received via Calling Number Display or CND based products represents a threat which AOTC urges AUSTEL to overcome. The ability of Australian carriers to provide CLI based services, and possible future products and technologies, will be restricted as customers will understandably be reluctant to participate given the problems which have occurred in some other countries, notably the United States, due to lack of controls in this area. While AOTC is specifically concerned with telecommunications transaction generated information there will be a need to address a parallel range of issues arising from other transactions and the on-selling of personal information and lists derived from these transactions." 6.17 As mentioned in paragraph 4.22, AOTC suggested two possible mechanisms for dealing with the issue of use/re-use/mis-use of personal data captured through the telecommunications network or by end users of the network. o amendment to section 88 of the Telecommunications Act 1991 o amendment to the Privacy Act 1988. These suggestions were discussed in Chapter 4. 6.18 While AUSTEL agrees with and endorses AOTC's approach and the advantages of a broad approach for non-telecommunications specific issues, non-sectoral action should not be a pre-condition for responding to privacy concerns on a sectoral basis if there is immediate cause for concern, eg - if AOTC were not to delay the introduction of Calling Number Display until mechanisms to address its potential abuse are in place. 6.19 The re-use of information is a questionable practice under both international and Australian privacy principles, and it may be that businesses seeking to re-use such data could develop means to alert their customers to this intention and to give them a chance to withdraw from the transaction or to participate only if their data is not re-used. Fair Trading{tc "Fair Trading"} 6.20 Fair trading aspects of telemarketing are concerned with telephone selling practices. Buyers may be more vulnerable when offers are made to them without prior warning. State and Territory legislation regulates door to door sales and this may offer some protection to consumers purchasing goods or services over the telephone, because of the principle that the place of sale is where the buyer is located, but the adequacy of this protection is not clear. The Federal Bureau of Consumer Affairs advises that this legislation should be reviewed to ensure that the protection available in door to door sales applies also to telephone sales. The NSW Department of Consumer Affairs has issued a discussion paper to consider whether current protection is adequate. The use of credit cards for transactions conducted over the phone may also pose special problems. These are neither telecommunications specific nor privacy issues, but some submitters have raised them in the inquiry. 6.21 The voluntary co-regulatory scheme being recommended by AUSTEL may enhance consumer protection against unfair selling telemarketing practices. This is because - o existing telemarketing codes of conduct already make recommendations about selling practices. Approval by the Telecommunications Privacy Committee has the potential to raise the status of codes of conduct which could have a collateral effect on the parts of the codes dealing with selling practices even though these are not telecommunications specific. o Voluntary co-regulation and statutory consumer protections such as ôcooling-off periodsö or a right to cancellation after inspection are compatible. The response of Consumer Affairs NSW to the Draft Report makes this point - ô...the provision of such a basic statutory right does not appear to conflict with AUSTEL's proposals for the establishment of a self regulatory scheme. In fact introduction of such a provision may assist the operation of a voluntary code.ö 6.22 To the extent that the intrusion, control of personal data and unfair trading issues are telecommunications specific and cannot be dealt with satisfactorily by the application of general privacy principles or laws, or by the general law, they might be dealt with under the voluntary co-regulatory approach proposed in Chapter 4 by - o firstly, the Telecommunications Privacy Committee developing general principles that might apply to unsolicited telecommunications o secondly, an industry sector and consumer sub-committee developing specific codes for the Committee's approval. 6.23 The starting point for such a code may be an existing industry code such as - o the Australian Direct Marketing Association's Standards of Practice When Telemarketing o AOTC's document, Direct Marketing: Code of Conduct & Standards of Practice o The Australian Institute of Fundraising's Codes of Ethics and Professional Conduct o The Market Research Society of Australia's Code of Professional Behaviour. 6.24 The task of the sub-committee would be to ensure that the code of conduct abided by the telecommunications privacy principles as well as meeting the specific needs of that industry and its consumers. The checklist set out in paragraph 4.58 would be helpful in the sub-committee's work of ensuring that the code of conduct that went back to the Telecommunications Privacy Committee was of an acceptable standard and specificity. 6.25 An advantage of this approach is that it will allow codes to be tailored to particular branches of the industry, although they must all fit in with the privacy principles established by the Telecommunications Privacy Committee. Market researchers in particular were concerned that they may be covered by the same code as telemarketers and that this would be a major and unnecessary restraint on their mode of operations. Similarly, some fundraising organisations put forward a case for exemption from regulation in their original submission. The separate codes approach would allow both groups to develop acceptable codes responsive to their particular activities. The response from Optus sees the prospect of separate codes as a workable one - ô Optus could envisage a series of separate codes; for example, a code applying to telecommunications services provided by carriers and service providers, another code dealing with telemarketing and canvassing, and yet another dealing with CPE [Customer Premises Equipment]. Not all parties to one code would need to be a party to another code if not directly involved or impacted by the latter code... Optus, therefore, endorses a separate voluntary industry code of practice relating to telemarketing activities... Optus would be prepared to work with the telemarketing industries in drawing up a code.ö 6.26 Once a code of conduct has received the Committee's approval, consumers generally must be made aware of its content and its effectiveness must be monitored - particularly the effectiveness with which complaints concerning breaches of the code are handled. Where appropriate, the Telecommunications Industry Ombudsman may have a role in that regard. 6.27 The industry associations should benefit from the greater moral authority that comes with being part of a general sectoral approach and the approval of a high profile Committee which is not subject to the suspicion of being self-serving. There would also be economies and efficiencies in the publicising of the codes, because publicity for one code is likely to have a flow-on effect for other codes. 6.28 All codes should contain a mechanism for review and evaluation, which should be more stringent and demanding because the Telecommunications Privacy Committee's approval should be dependent on a hard-nosed evaluation and because the Committee would have access to appropriate channels if it wished to recommend a change in approach. 6.29 The responses to AUSTEL's draft report were divided on the issue whether voluntary codes would provide a sufficient safeguard. Respondents who answered - with varying degrees of optimism - that it was an appropriate approach included - o Consumer Affairs NSW: ô...the promotion of a voluntary code appears to be a reasonable course of action at this stage ... the prevailing circumstances would suggest the possibility of success is high.ö o AOTC: ô...there is every reason to ensure that any AUSTEL initiative is commensurate with the problem as it currently exists. It is for this reason that AOTC recommends that industry-based Codes of Practice and Preference Lists should be used to deal with any problems that arise from unsolicited telecommunications.ö o Greg Tucker, an individual submitter who has worked with the OECD in the area of the development of privacy guidelines, supported the approach, especially on the grounds of its congruence with European approaches. o the Australian Telemarketing Association believes that ôa combination of a well defined and publicised code of conduct [and] an education program for consumers and telemarketing companies should be the initial step to ensure the benefits are achieved and the privacy of the consumer is maintainedö. 6.30 Some respondents were more guarded about a voluntary approach, but did not rule it entirely out of consideration - o The Federal Bureau of Consumer Affairs ôsupports the concept of a voluntary code based around set and immutable principles which protect the consumer's rightsö o The Privacy Commissioner said it was premature to seek to assess whether a voluntary code would be a sufficient safeguard, and that its major failing was likely to be that it would not be effective in helping ordinary citizens to get redress from businesses who breached telecommunications privacy. o The Australian Telecommunications Users Group said ôit is unlikely that a voluntary code will of itself provide sufficient safeguards against all forms of unsolicited telecommunicationsö. o The Communications Law Centre preferred a legislative approach and submitted that AUSTEL, if not prepared to recommend legislation at this stage, should at least flag an intention to review compliance with a code, with a view to recommending legislation if necessary. 6.31 Some respondents expressed the view that a voluntary approach was unacceptable - o the Women's Electoral Lobby said the voluntary approach was ôflawedö and that precedents, such as self-regulated television advertising, had not worked to the benefit of consumers. o The Consumers' Telecommunications Network (CTN) is greatly concerned that the recommendations arising out of the AUSTEL's inquiry might be weakened by a voluntary code. Enforcement mechanisms must be considered, it believes. o The Seymour Shire Council ôdoes not regard a voluntary code of conduct as an adequate way of ensuring high and consistent standards in the telemarketing industry.ö 6.32 AUSTEL shares the caution expressed by respondents whether voluntary codes will provide all the answers. It is true that the voluntary approach will not protect against mavericks. As the Privacy Commissioner points out, the codes will need to be well publicised and there must be a complaints handling mechanism which offers some redress to aggrieved consumers. AUSTEL agrees with the Communications Law Centre about flagging an intention to review and being willing to recommend legislation if that review shows the approach has not worked. The existence of the Telecommunications Privacy Committee does not exclude the use of legislation and failure by industry participants to operate within the system of voluntary co-regulation may lead to more rigid forms of regulation. The level of current abuse does not, however, justify a legislative approach and resultant high levels of expenditure on implementation and enforcement. If the voluntary approach does work, legislative enforcement will not be necessary. If it does not work, there should be clear evidence of the need for legislation and a clear indication of where the enforcement efforts need to be directed. AUSTEL recommends that - o appropriate codes of conduct be developed by relevant industry and community groups for approval by the Telecommunications Privacy Committee to deal with intrusion , control of personal data and fair trading issues in relation to unsolicited telecommunications o separate codes of conduct be developed in respect of the different categories of unsolicited telecommunications. An effective complaints handling mechanism{tc "An effective complaints handling mechanism"} 6.33 It is clear that voluntary co-regulation will not work unless there is somewhere for consumers to take their complaints about privacy, intrusion and other aspects of unsolicited telecommunications. The complaints handling system must be accessible and easy to use. 6.34 While there will be no sanctions with authority from an outside source, restraints on the behaviour of those making unsolicited telecommunications will come from their own code of conduct and from peer pressure. The co-regulatory approach will also strengthen the complaint mechanism by - o ensuring that patterns and trends in complaints will be monitored and will form part of the evaluation of the effectiveness of the scheme. A high level of complaints not satisfactorily resolved will be a key indicator of the need for a more stringent non-voluntary approach o bringing together the agencies with a charter in these areas and promoting their cooperation. When the relevant agencies are working together in the Committee and its sub-committees, there will be benefits in the efficient coordination of complaints handling and the early identification of trends and difficulties. 6.35 The complaints handling mechanism should provide for a clearly identified single initial point of contact where consumers may take matters related to unsolicited telecommunications, even if the initial contact agency must refer it to another. As long as the initial contact agency does that promptly, and takes responsibility for following through on the action, the inter-agency approach should work well. If it does work well, the involvement of more than one agency should be transparent to the consumer. With such a system, all three kinds of issues related to unsolicited telecommunications (ie - intrusion, control of personal data and fair trading) could be dealt with under one umbrella but by the agency best equipped to deal with the specific issue. 6.36 AUSTEL sought comment on the proposal that the Telecommunications Industry Ombudsman should be the focal ôshop frontö single point of contact. The tenor of the responses could be described as an agreement with the proposal, but with recognition of the practical difficulties involved. The central difficulty is that the Telecommunications Ombudsman scheme is intended to deal with complaints against carriers. That is the justification for the requirement that carriers fund the scheme. The response from the Australian Telecommunications Users Group puts this point clearly - ôThe intention in establishing the Telecommunications Industry Ombudsman is essentially to give users an avenue for dealing with unresolved disputes with the carriers. As such it is not considered an appropriate avenue for dealing with all complaints about breaches of the privacy code for telecommunications. It is ATUG's view that consumers should refer all complaints to AUSTEL's Consumer Affairs Branch which could, in turn, refer them to the Privacy Commissioner or to the Telecommunications Ombudsman for alleged breaches by the carriers, as appropriate.ö 6.37 From the perspective of some of the consumer groups, the problem with the proposal to use the Telecommunications Industry Ombudsman is not so much that it is an unreasonable imposition on the carriers, as that the office will not have jurisdiction over service providers, far less over users of the telecommunications network who are not service providers. This point is endorsed by the Department of Transport and Communications which says it has difficulty with the proposal. The Communications Law Centre also expressed concern that - "The Minister has proposed that membership of the Industry Ombudsman should be voluntary for service providers. Many service providers will therefore not be covered, let alone the telemarketers. Secondly, the carriers who must fund the Industry Ombudsman, are unlikely to want to see it devote resources to issues and complaints which they are unable to do anything about... There may, however, be a very limited role for the Industry Ombudsman in providing a shopfront for consumer complaints raising privacy issues. Ultimately, responsibility for enforcement of the privacy principles must, however, rest with AUSTEL and the Privacy Commissioner.ö 6.38 The response from AOTC was, however, clear that the Ombudsman should have a role in implementing the voluntary approach to the promotion of appropriate standards in unsolicited telecommunications, although the response does not specifically address the point of whether it is appropriate for the Ombudsman to have the ôshop frontö role - ôthere are many smaller organisations which are not part of the organised industry and which make unsolicited telephone calls, Consequently, AOTC considers that if calls from businesses/organisations which are not members of industry associations which subscribe to the Code of Practice are found to be a significant source of complaint, then the TIO should encourage those organisations to develop their own internal Codes of Practice and Preference Lists of people who do not wish to receive telemarketing calls.ö 6.39 Optus was also clear about the Ombudsman being involved in this area - ôOptus suggests that the TIO is the most appropriate body to consider individual complaints arising under the proposed industry privacy code.ö 6.40 The carriers' willingness to support an Ombudsman carrying out functions involving complaints about unsolicited telecommunications makes longer term sense. If the voluntary approach fails, the more stringent solutions include some that involve carriers in high costs and exposure to public criticism, such as the provision of a free directory marking scheme (which is supported by some submitters and respondents). 6.41 Other respondents also saw the proposed Telecommunications Industry Ombudsman as the appropriate body. Organisations endorsing the proposal include the Australian Direct Marketing Association, the Association of Market Research Organisations (which specifically mentioned its willingness to take up complaints referred by the Ombudsman), the Federal Bureau of Consumer Affairs (rejecting the alternative proposition that it might have a role here), the Women's Electoral Lobby, the Consumers' Telecommunications Network, the Australian Telemarketing Association (which mentioned the importance of ownership of complaints from beginning to end) and Consumer Affairs NSW. 6.42 The Privacy Commissioner points out the dangers in splitting regulatory responsibility for privacy - ôThere would, I think, be less public confusion if privacy protection responsibilities were vested in the Privacy Commissioner's office. There is always a difficult public policy issue about whether to proliferate privacy oversight through a series of regulatory agencies. I am inclined to think that investing privacy protection in a range of agencies will weaken not strengthen the actual level of privacy protection... Ideally the Ombudsman/Privacy Commissioner distinction which applied between 1989 and 1992 should be preserved. The TIO if established would, under this approach, inherit the work previously done by the Ombudsman (in relation to billing and charging) with the Privacy Commissioner handling data protection issues and privacy and telecom privacy matters. There would need to be liaison to avoid double- handling, but there were no difficulties in this regard under the old system.ö 6.43 The issue is whether it is better to have a central place for all the privacy issues to go, whether or not they involve the carriers or indeed telecommunications, or whether it is better to have a central place for all the issues regarding unsolicited telecommunications to go. It may be easier to work out the best approach when more of the details of the Telecommunications Industry Ombudsman's office are clarified. It seems certain that the Telecommunications Industry Ombudsman will play a significant role in handling complaints about unsolicited telecommunications, even when these are complaints about service providers or ordinary businesses. AUSTEL recommends that subject to the agreement of the carriers which will fund the proposed Telecommunications Industry Ombudsman scheme, the Telecommunications Industry Ombudsman should take responsibility for the initial collection and collation of complaints relating to unsolicited telecommunications, referring them to other agencies as appropriate. Accommodating preferences not to receive unsolicited telecommunications{tc "Accommodating preferences not to receive unsolicited telecommunications"} 6.44 Unless there is some way to limit unsolicited telecommunications made to people who object strongly to receiving such calls, the voluntary system will fail, and those people will call for stronger measures. This will be a challenge for the Telecommunications Privacy Committee and the developers of the relevant codes. 6.45 A variety of ways of meeting the challenge have been suggested to the inquiry and/or are in use in other jurisdictions. These include - o a system of directory marking, such as an asterisk in the printed White Pages, which serves as a single indication of a simple desire not to be rung by any maker of unsolicited telecommunications (whether telemarketer, fund raiser or researcher) or which is a reference to a more detailed set of preferences in the Electronic White Pages [EWP] o the keeping of a separate list. People would apply to be on this Preference List and then the list is distributed in some way to makers of unsolicited telecommunications so that they can ôscrubö their lists and ensure that listed people are not to be called. The Australian Direct Marketing Association currently keeps such a list. 6.46 These methods both have the difficulty that the more people participate in the system the harder it will be to operate, and the greater the costs will be, both to the operators of the method and to the makers of unsolicited telecommunications. Some submitters regard such considerations as secondary to the right of the consumer to be protected against intrusion, but a workable scheme must take these practicalities into account, as well as the right of makers of unsolicited telecommunications to go about their business in a legal and competitive way. There is an issue whether this protection from intrusion is - o part of the status quo on privacy which, under a set of principles like the New York ones, would mean consumers were entitled to that level of protection without charge (State of New York Public Service Commission, Privacy Principle in Telecommunication., 1991) o a premium level of protection, in which case it may be reasonable to expect those seeking such extra privacy to pay the associated costs. 6.47 AUSTEL's draft report posed the question whether charging consumers administrative costs to be either on the preference list or to have their directory entry marked might be a way of ensuring that the scheme did not balloon beyond manageable proportions. The Federal Bureau of Consumer Affairs responded to the effect that a charge could not be condoned and that it would be analogous to paying ôprotection moneyö. An individual respondent, Peter Flanagan, said that while he did not want to be pestered he did not want to pay extra for the ôprivilegeö. Consumer Affairs NSW commented that it is - ô...difficult to see how the costs associated with the administration of a truly effective list could be justifiedö. 6.48 Another possibility is to set up the scheme in such a way that the consumer must take the initiative. This is what is envisaged in the British Preference Scheme which has been set up as a company. The list is advertised and interested consumers write away for a free information kit. It is recommended that toll-free numbers or freepost services not be used. (Business Plan for the British Direct Marketing Association Telephone Preference Scheme, July 1991) This approach may be a better compromise between accessibility and practicality than charging consumers, although it still leaves open how the schemes are to be paid for. 6.49 One consequence of not having an effective mechanism to limit unsolicited telecommunications may be an increasing percentage of people choosing to have unlisted numbers. Currently the percentage in Australia is about 12%, while in parts of the United States of America it can be as high as 40%. The impact of this on the White Pages as a community resource that is used for a range of purposes would be unfortunate. c.Directory marking 6.50 Directory marking has to be done by the telephone company or its subsidiary responsible for publishing the White Pages. Representatives of AOTC have said it would be reluctant to be involved in a directory marking scheme. They have expressed opposition to any form of marking which is coded and which therefore needs decoding. There is also concern that if a mark was placed against somebody's name and that person continued to receive unsolicited telecommunications, AOTC would be held responsible and would be required to deal with the customer complaint. 6.51 There appear to be three funding options - o the carriers or in essence AOTC which, under its General Carrier Licence, has the obligation to produce White Pages Directories o the individuals who wish to be on such a list or have their directory entry marked o the makers of unsolicited telecommunications. 6.52 There are difficulties with each of these options. AOTC is reluctant to incur increased costs, especially ones that do not seem related to its core business or to bring it benefits. There may be ways in which it could recoup such costs, either by passing them on through increased charges so that in effect everybody was paying for the preference list whether or not they chose to be on it, or by selling products to the makers of unsolicited telecommunications. In some States in the USA telemarketers and others making unsolicited telecommunications are obliged to buy the preference list, and some telephone companies have experimented in providing the lists as a computer application which can filter through the list on the basis of various parameters. Another example of such an approach is the use of directory asterisks to indicate the need to determine further details of customer preferences from the Electronic White Pages. If AOTC were able to develop some marketable products which met particular telemarketers' needs, there might be sufficient incentive to tackle a directory marking scheme. 6.53 Charging the individuals who wish to have their directory entry marked would be unacceptable to many consumers. Consumers may well object to being charged not to be offered goods and services. On the other hand, it could be argued that directory marking would become increasingly difficult to manage if there were no inbuilt checks to control its size and that a charge would encourage people to think carefully about how much they really did object to receiving telephone solicitations. The Association of Market Research Organisations (AMRO) has specifically argued for such charges: ôAMRO rejects as complex and unworkable alternate proposals for a preference list or directory marking...However, if a preference list process were to be embraced, we would strongly argue for the principle that people who wish not to take unsolicited calls should pay for the privilege either by directory exclusion (silent line) or some other cheaper form of directory marking.ö 6.54 Charging telemarketers could require that telemarketers be defined and delineated as a category of telephone users and individually identified. This is currently impossible. Even a regulatory regime that required telemarketers to register themselves may involve practical difficulties. 6.55 Currently it seems that directory marking is not a viable option. In its response to the Draft Report AOTC gave support to the idea of ôindustry-based Preference Listsö and did not mention directory marking. Preference lists{tc "Preference lists"} 6.56 The same cost considerations apply to preference lists. Some of the costs are - o advertising the availability of such a list o maintaining a database o receiving and registering requests o sending out updates and correcting errors. 6.57 If such lists were maintained by individual industry associations, the costs may become so high that members may drop out, making the costs for the remaining members even higher. An effective list might need to give consumers a chance to specify particular preferences (such as no sales calls, but market research or charity calls are acceptable). If a list incorporated such preferences it would become even more unwieldy and expensive. 6.58 A preference list might be administered by - o the relevant trade association o AUSTEL o the proposed Telecommunications Industry Ombudsman o Commonwealth, State or Territory consumer affairs agencies o a private company selling the preference list as a commercial venture o a combination of the above. 6.59 One difficulty for voluntary associations of maintaining these lists has already been canvassed. Others include that the association reaches only its members (and some associations have relatively small memberships while others have a high percentage of industry participants belonging), and that there may be problems coordinating separate lists. 6.60 AUSTEL has some experience of maintaining such a list with its ôJunk Fax Registerö, which relates to unsolicited facsimiles. This Register, which could be expanded to cover unsolicited telephone calls, carries no force of law. That would require an amendment to the Telecommunications Act 1991. If the Act were amended and if AUSTEL were to be responsible for maintaining both a telephone and facsimile preference list, AUSTEL would clearly require additional funding and resources before it could undertake the tasks. 6.61 The proposed Telecommunications Industry Ombudsman who will have a customer complaint focus might be well placed both to receive complaints about unsolicited phone calls and to administer an effective preference list by taking over and building upon the list currently with the trade association and AUSTEL's Junk Fax Register, but it would be taking the office further away from the role envisaged in the carrier licences. 6.62 The Federal Bureau of Consumer Affairs has said it favours directory marking over preference lists and has expressed unwillingness to be involved in complaint handling in this area. The only State consumer affairs department to respond recommends that the Telecommunications Industry Ombudsman take up the role. 6.63 It may be possible that a company currently dealing in lists and databases for direct marketing could turn its expertise to the construction and maintenance of a list of people not to be directly marketed. The company would make its profit by selling the list to makers of unsolicited telecommunications, or by taking the lists used in direct marketing campaigns and removing the names of people who had asked not to be approached. While AUSTEL has not investigated this idea, it has had one discussion with a company dealing in such lists and the initial reaction was that it might be viable. 6.64 The British Direct Marketing Association has set up a Telephone Preference Service, the objectives of which are to - o provide a means for consumers to record their wish not to receive sales and marketing telephone calls from companies with whom they have had no active contact o enable companies and individuals employed by, or working on behalf of, companies to access this information in an appropriate timely and cost effective manner o to be self financing. While AUSTEL does not have specific information about how effective this project is, it seems that preference listing may be a practical way of giving effect to the wish of some consumers not to receive ôcold callsö. This is an issue that the Telecommunications Privacy Committee will need to consider, with support from the relevant sub-committees. It should be recognised that whatever approach is chosen will limit, not eliminate, ôcold callingö. AUSTEL recommends that the Telecommunications Privacy Committee should oversee the development of a cost-effective process by which consumers who prefer not to receive unsolicited telecommunications may, as far as possible, exercise that preference. Other mechanisms for handling unsolicited telecommunications{tc "Other mechanisms for handling unsolicited telecommunications"} 6.65 Since the recommended approach in this report is the voluntary co-regulatory one outlined in general in chapter 4 and with specific application to unsolicited telecommunications in this chapter, discussion of other mechanisms has been largely excluded. These mechanisms are set out here so that they are on record. 6.66 One such mechanism was utilising the contract that implicitly exists between carriers and telemarketers. AOTC and Optus could incorporate in their contracts (currently largely unwritten) either with particular groups of users or else with all customers a clause requiring adherence to privacy principles or a code of conduct. It is a complex idea and some problems with it are immediately apparent, eg - o it relies on the carriers agreeing to formulate their contracts in this way. AUSTEL has been advised that as the law currently stands it does not have the power to direct the carriers in this area. The code could be set up in such a way that consumers complained about breaches of the code to another body, rather than the carriers, lessening the responsibility that would rest on the carriers if they chose to adopt this idea. o the involvement of the carriers is, in some ways, an artificial device. Any complaint would be by one customer of a carrier about another customer of a carrier, and in a way the only involvement of the carrier is that its network enabled the two to make contact. o existing customers may not be compelled to accept the new contracts. Even if the carriers decided to alter their contracts in this way as an act of corporate good citizenship, they may only be able to offer contracts on these terms, not insist. Where customers did not accept the contractual condition, service would be offered to them on the terms published in the carriers' Basic Carriage Services (BCS) tariffs. 6.67 The idea put forward by the Australian Consumers Association that all cold calling be banned except where undertaken by companies or individuals who are members of industry associations with approved codes of conduct has found favour in some quarters. It is a concept to be considered if voluntary co-regulation is unsuccessful, when such points as its possible anti-competitive effects and enforcement mechanisms would need to be more carefully considered. CHAPTER 7 EQUIPMENT AND OTHER ISSUES{tc "EQUIPMENT AND OTHER ISSUES"} Customer equipment issues - the legislative background 7.2 Telephone Information Management Systems 7.10 Automatic Calling Equipment 7.15 Unsolicited facsimiles 7.26 Reverse directories 7.28 Customer Information Issues 7.34 7.1 While most submitters focused on the CLI /CND and unsolicited telecommunications issues, the following matters also attracted comment - o use of customer equipment, in particular - - Telephone Information Management Systems (TIMS) - Automatic Calling Equipment (ACE) o unsolicited facsimiles (ôjunk faxö) o reverse directories o the carriers' respective customer data bases. Customer equipment issues - the legislative background{tc "Customer equipment issues - the legislative background"} 7.2 The Telecommunications Act 1991 (section 246) provides that AUSTEL may only determine a standard relating to customer equipment where it believes it necessary or desirable in order to - o protect the integrity of a network and the safety of people working on it or using services supplied by means of it o ensure that the customer equipment and the network are interoperable o ensure compliance with recognised international standards o maintain or improve end-to-end quality of telecommunications services. 7.3 The Telecommunications Act 1991 also provides that - o the Minister may notify AUSTEL of general policies of the Commonwealth Government that are to apply in relation to AUSTEL (section 49) o the Minister may give direction to AUSTEL about how it is to perform its functions and exercise its powers relating to the issuing, varying or cancelling of permits (section 250). 7.4 AUSTEL has received one relevant notification of Government policy under section 49, namely, that in issuing a permit AUSTEL is to have regard to the Government's industry development arrangements for the customer equipment manufacturing sector, set out in the booklet entitled ôIndustry Development Arrangements Customer Equipmentö issued by the Department of Industry, Technology and Commerce and dated September 1989 ("the booklet") and any amendments to those arrangements set out in any amended version of the booklet. It is clear that taking the course of legislative controls requires amendment to the Telecommunications Act 1991. 7.5 AUSTEL has advice from the Attorney General's Department to the effect that neither AUSTEL's powers under section 246 nor the Minister's powers under sections 49 or 250 enable AUSTEL to impose a condition of use in a permit it issues. 7.6 As the law currently stands, privacy issues can not be considered in assessing whether a permit should be issued. Nor can such issues be included as a condition in a permit. A permit issued at the point of manufacture or importation could not, in any case, dictate or influence the way in which the equipment was used by those who purchase it. Even if AUSTEL were to be given the power to impose a condition of use, there would be practical difficulties in enforcing such a condition, eg - why should a permit holder be disadvantaged for a user's breach of a condition of use. 7.7 Accordingly, in considering whether there should be changes in the law, a distinction needs to be drawn between - o empowering AUSTEL to impose a condition of use, on the one hand, o empowering AUSTEL to take into account broad general public interest criteria in issuing a permit, on the other. That is, by extending the matters set out in section 246 (summarised in paragraph 7.2 above) or by way of Ministerial notification or direction of the kind set out in paragraph 7.3 above. 7.8 If the matters AUSTEL may take into account in issuing permits were broadened then it might be a matter for AUSTEL, after appropriate consultation, to decide to issue permits for, say - o Telephone Information Management Systems only if the equipment were configured or programmed in such a manner as to mask the last two digits of any number called o Automatic Calling Equipment only if the equipment were configured or programmed in such a manner as to be incapable of sequential dialling, capable of operating only during certain hours and on selected lists of numbers only. 7.9 Whether such a power is necessary or desirable is an issue on which comment was specifically sought in AUSTEL's draft report. Some respondents commented on the limitations of legislation to deal with equipment issues. Technology-specific legislation cannot cope with technological developments, nor is legislation about equipment a good way of dealing with the behaviour of users of the equipment, which is the real source of intrusion. Another point made is that the level of detail needed is inappropriate for legislation. Some respondents disagreed and advised AUSTEL to seek enhanced powers in the area of permits. For example, the Consumers' Telecommunications Network said - ôCTN believes AUSTEL should have a role in evaluating public interest issues with regard to customer equipment. Accordingly, AUSTEL should be empowered to take into account general public interest criteria when issuing a technical permit. If this process operated effectively and in a stable and predictable fashion, CTN believes this would enhance rather than restrict competition. It is better to have an effective protection regime in place as early as possible than to react to a consumer backlash as has occurred in other countries, especially in the United States. The voluntary compliance approach has potential to disadvantage reputable equipment users who may suffer loss of public support for their business practices due to the unwillingness of more unscrupulous operators to adhere to the standards agreed upon. An adequate regulatory regime in this area will provide maximum benefits for all concerned.ö Telephone Information Management Systems{tc "Telephone Information Management Systems"} 7.10 Telephone Information Management Systems (or TIMS equipment) record and store information about the calls made to and from PABXs. The information collected may include the originating extension, the time of day, the duration of each call, the telephone number called and the cost. TIMS is not a new technology, but, as noted in paragraph 2.1, the privacy issues it raises remain unresolved. 7.11 As discussed in the draft report, opinion was divided on whether there should be a condition of use imposed on the equipment such that the last digits of the numbers recorded are masked (which was largely the situation when Telecom had responsibility for issuing permits). The weight of the argument, however, seemed to be against such a condition. The following points were made - o the privacy implications can be better dealt with by applying the principle of "informed choice", ie - informing individuals using extensions to a PABX with a TIMS that information about their calls is being recorded o other technological developments have overtaken the TIMS issue. For example, employers get like information from itemised bills provided by the carriers o the person paying the bill is entitled to the information o in the ten year history of TIMS there has not been a significant level of complaints about breaches of privacy o there are circumstances in which a full record of the calls is essential, eg - where a hotel is billing its guests. 7.12 Those considerations do not, however, cover the situation where the person handling the TIMS record is not responsible for paying the bill. For example, in a shopping mall individual shopkeepers may pay their bills according to the allocation provided by a TIMS record. Another example is hotels and motels. Guests using the phone in their room may well require a detailed telephone account so that they know their bill is correct. In some cases, the information may be needed for reimbursement from their employer for work-related calls. This full information recorded by the hotel or motel could be regarded as sensitive personal information about its guests. An added complication with TIMS usage in hotels and motels is that where guests are using credit cards which require a personal Identification number (or PIN), the TIMS will record both a number dialled by a customer as well as the customer's PIN, opening the door to fraud. British Telecom has recently advised its credit card customers not to use the cards in connection with hotel phones for this reason. The potential for fraud has been raised with AUSTEL's Standards Advisory Committee which is planning to put a non-mandatory note into the relevant technical standards to inform suppliers and manufacturers of this possibility so that they may offer a masking option to their customers as a way of avoiding the problem. 7.13 The TIMS issue does not offer a compelling reason to seek legislative amendment so as to be able to reinstate the Telecom masking requirement. It is more appropriate to make it clear that there are no regulations enforcing the masking of digits although the owner of a TIMS may wish to configure it in that way for management, industrial relations reasons or other reasons. 7.14 The development by TIMS users of codes of conduct under the auspices of the Telecommunications Privacy Committee faces practical difficulties - TIMS users have in common only the fact that they own a particular piece of equipment. It could be, however, that some groups of users of TIMS, especially owners of hotels and motels, would have an interest in developing a code of conduct under the umbrella of the Telecommunications Privacy Committee. Likewise suppliers of such equipment might provide a focus for the development of a relevant code that they might pass on to their customers when supplying the equipment. It may also be that hotel and motel operators who provide telephone service to their guests and make a surcharge for this are providing an eligible service under the terms of the Telecommunications Act 1991 and may be subject to AUSTEL's Service Providers Class Licence. If that be so, it would provide another avenue for developing and implementing a voluntary code such as through relevant hotel/motel associations. AUSTEL recommends that - o individuals affected should be informed by appropriate means whenever data resulting from the use of a Telephone Information Management System (TIMS) is being collected and processed o in the case of the use of TIMS by hotels and motels, the owners and operators of motels and hotels using TIMS to charge guests for telephone calls be encouraged to develop a code of conduct with regard to the use and re-use of the data so collected. Automatic Calling Equipment{tc "Automatic Calling Equipment"} 7.15 AOTC's submission defined Automatic Calling Equipment as - ô... a generic term for a range of telephone management systems which automatically originate and supervise the establishment of calls over a variable number of telephone lines.ö Some examples are - o Predictive diallers. These are machines that set up calls, ie - dial and wait for an answer - and then hand the call over to an operator. The machines are programmed to call busy and unanswered lines again at specified time intervals. They are essentially labour saving devices and it may not even be apparent to the recipient of the call that a machine is involved. The efficiency of the system depends on there being an operator available to take the call that has been set up, and when it happens that there is not, the called party will generally hear a recorded message requesting that he or she wait. This can be perceived by the called party as rude, odd or intrusive, and certainly the caller has to take the risk that the called party will not wait. It can also be a problem that such calls tie up phone lines which may be required for other calls, or even emergency calls. o Auto diallers. These automatically dial a programmed set of numbers which may comprise a numerical sequence or numbers extracted randomly or according to a pattern from a phone directory or list. Automatic dialling equipment that is connected to the network requires a permit. Another method of setting up an auto dialling system is using cards or programs in computers which are then connected to the network. There are also permit requirements for such data terminal equipment and its associated cards. Existing voluntary codes of practice for telephone marketing prohibit random or sequential dialling - it has inherent problems in that it can result in unlisted numbers, fax machines, businesses, hospitals and counselling services being called inadvertently. Some potential equipment suppliers, on the other hand, argue that random or sequential auto dialling is the most cost effective way for small business to reach out to new customers. Telemarketers do not necessarily share that view. o A range of equipment which wholly or partially replaces operators, eg - machines which deliver recorded messages. In conjunction with an auto dialling facility, such equipment constitutes the basis of a simple telephone marketing operation. More sophisticated machines include interactive voice so that called parties have the opportunity to respond should they wish to do so. Voice message systems allow operators to be bypassed and phone calls to be ôtime-shiftedö. While the use of recorded voice messages rather than ôliveö operators is considered inappropriate by certain sectors of the telemarketing industry, some submitters argued that the recorded messages are more acceptable to consumers than a ôliveö operator and give consumers more control - ôour research indicates that many people feel less imposed upon by having to respond to a fully automatic system, including a recorded voice, than they do when having to say no to a live caller.ö (Data View Mapping Pty Ltd.) 7.16 Calls placed by automatic equipment, either wholly or partly, are not inherently more intrusive than calls made by people. In fact, some submitters argue that it is easier to hang up on a machine than a person and that automated telemarketing puts less pressure on consumers. While automation does not change the essence of the issues surrounding unsolicited telecommunications it does facilitate a dramatic growth in the volume of telephone marketing. The Australian Direct Marketing Association has expressed disquiet about potential consumer resistance if there is an increase in telephone marketing undertaken by many companies, not necessarily with trained personnel. Other commentators have remarked that such concerns could smack of anti-competitive practices. 7.17 While ACE is likely to be used for telemarketing, in particular for cold calling, it also raises specific issues relating to equipment and the process by which equipment is approved for connection to the network. 7.18 Just as AOTC used its regulatory power to enforce the masking of final digits on TIMS equipment, so it permitted the connection of ACE only subject to the following conditions - o ôin-houseö use o where there was an identified client group, such as shareholders of a company o essential services use o other uses, eg - ôpermission for connection of ACE systems for other uses was restricted to circumstances where a written agreement has been reached between the operator of the service and each customer of the serviceö. 7.19 Although AOTC uses Automatic Calling Equipment in circumstances which would not have met its own conditions (eg - contacting customers who have had a fault repaired or whose phone is about to be disconnected) the application of such conditions served to control the commercial and telemarketing applications of this equipment AOTC points out - ôAustralian experience, where ACE has created no consumer hostility, contrasts starkly with the United States experience where ACE applications have created a significant consumer backlash.ö 7.20 As observed above in relation to TIMS equipment, AUSTEL does not have the power under the Telecommunications Act 1991 to impose conditions of use in the permits it issues. Even if it could, it would be difficult to enforce such conditions. The same options exist, ie - seeking amendment of the legislation so that controls in the public interest or for the sake of consumer protection could be applied at the stage of the granting of permits or seeking other methods, of which codes of conduct are probably the most viable, to ensure that public interest and consumer protection are taken into account. 7.21 Most submitters who addressed the question of Automatic Calling Equipment were uneasy about some aspect of the equipment. Some were opposed to the widespread use of random and sequential dialling, especially in conjunction with either a recorded voice message or an artificial voice. There were a number of suggestions about the kinds of controls that needed to exist: limiting when calls could be made, how often, having access to a ôlive operatorö, giving people a chance to say ônoö early in the call, using ôtargetedö lists rather than working through the phone book or a sequence of numbers. Most submitters were vague about how these controls could be achieved. 7.22 Another relevant viewpoint is that of companies and individuals involved in businesses which manufacture or provide equipment or facilities to telemarketers. Some were keen to make AUSTEL aware that its Inquiry was delaying their product development process, their importation of equipment or some other part of their operations. AUSTEL has been aware that some planned developments have been put on hold or delayed during the Inquiry, but considers that this consequence has to be weighed against the longer term advantages of giving the industry a more certain framework in which to operate. 7.23 Marketplace uncertainty has also resulted from the move from Telecom-imposed restrictions to AUSTEL's taking over the regulatory function without a power to impose such restrictions. Notwithstanding this move, the marketplace seems to have adjusted and the absence of restrictions has not led to a flood of complaints. 7.24 AUSTEL's draft report sought comment on the idea of a voluntary code of conduct relating to Automatic Calling Equipment. Most respondents supported it, although some commented that AUSTEL should be prepared to seek legislative amendment if the code did not succeed, a suggestion in keeping with the approach being recommended in this report. 7.25 While AUSTEL agrees that a voluntary code of conduct may have little influence on the behaviour of ôunscrupulous operatorsö, it believes that a code of conduct should be given a chance to succeed, before seeking legislative amendments to enable a regulatory regime that would be, as AAP put it, ôunwieldyö. Further, the level of goodwill that exists in the industry is an encouragement to believe that a code may well be successful. Even those business interests which have been impeded by the Privacy Inquiry have expressed sympathy with the privacy and intrusion concerns and want to know what the rules are, rather than seeking a situation in which there will be no rules. It may be that the success of a code of conduct in this area will depend as much on people using ACE knowing about it as on their goodwill. AUSTEL recommends that at this stage, the development of a code of conduct under the auspices of the Telecommunications Privacy Committee, rather than legislative amendment, is the most appropriate way of resolving issues relating to the use of Automatic Calling Equipment. Unsolicited facsimiles{tc "Unsolicited facsimiles"} 7.26 Unsolicited facsimiles or ôjunk faxesö clearly anger some people in a way similar to unsolicited phone calls. While AUSTEL did not receive any submissions defending the sending of junk faxes, it did receive a number calling for their prohibition or control. A range of measures for regulating/controlling junk faxes were suggested, including - o banning or legislating o a licence system o the maintenance of a preference list o disclosure of the originating number and other information about the sender o length limitations. 7.27 At this stage there would appear to be no grounds for treating junk fax differently from other intrusion issues such as unsolicited telephone calls. A code of conduct, to be adopted by those using facsimiles as a marketing tool, drawing on the general privacy framework to be established by the Telecommunications Privacy Committee would, on the information presently available to AUSTEL, be an appropriate approach. The Committee could give a higher profile to the existing junk fax register, maintained by AUSTEL as a result of an earlier inquiry into the incidence of junk fax, by associating it with a telephone preference system and bringing the various measures that might be taken to address intrusion issues under the one umbrella. AUSTEL recommends that at this stage, the development of a code of conduct under the auspices of the Telecommunications Privacy Committee, rather than legislative amendment, is the most appropriate way of resolving issues relating to the use of unsolicited facsimiles. Reverse directories{tc "Reverse directories"} 7.28 Conventional directories may be searched only if the user knows a name or a category of business, but computer-based reverse directories allow the user to ascertain a name and address by reference to a known phone number or the name and phone number by reference to an address. Since such directories are essentially a body of information and no means of telecommunications needs to be used to access them, they do not give rise to a telecommunications specific issue. Like the re-use of data gained through CLI, they are something that should be taken into account in trying to calculate the impact of technological developments which are within the terms of reference. 7.29 AUSTEL knows of two Australian reverse directories -Australia on Disk and Desk Top Marketing System . They are compiled through a process of re-keying the entries in the conventional directories. Accordingly they do not include silent numbers and become outdated as quickly as the conventional directory upon which they are based. Australia on Disk costs approximately $1500 while a single user licence for the Desk Top Marketing System, depending on the nature of the user, is about $1500 or $2000. Such amounts may be relatively small for many businesses but would appear of sufficient magnitude to deter many individuals from using such directories. AOTC's access to its directory database allows searching by number or address within its own organisation. That is a prerequisite for the provision of address and number details for calls to the 000 emergency service. 7.30 While currently people may feel they can give their phone number as a single piece of information without disclosing other personal information, if reverse directories become generally available, a phone number would also result in the disclosure of name and address. There is clearly potential for such information to be used in contravention of the Information Privacy Principles for purposes other than those for which it was given. 7.31 Address information is highly sensitive for some people and vulnerability to reverse directory listings may become a reason for choosing a silent number and avoiding being listed in the White Pages. Likewise, it may become a reason for consumer resistance to allowing their numbers to be used to be used in a Caller Number Display. This lessens the usefulness and comprehensiveness of the White Pages and CND services. 7.32 Although the provision of a White Pages directory is a licence condition for AOTC, it has no monopoly in the production of directories. In a deregulated industry, there is nothing to prevent a company or individual from entering into competition with AOTC in the production of directories. While the duplication of standard hard copy White Pages may not be profitable, the provision of a reverse directory is a more attractive proposition. Neither AOTC nor AUSTEL would appear to have the power to prevent the production of reverse directories. 7.33 Reverse directories are an example of what the Privacy Commissioner has described as the ôaggressive re-useö of data which is in the public domain. Other public domain data that can be ôaggressively re-usedö includes electoral rolls and public registers of shareholders. If the Privacy Act 1988 were to be amended in the way discussed in paragraph 4.20 - 4.25, it is possible that this issue could be addressed. While reverse directories are produced only by a couple of companies, it may also be possible, with the cooperation of those companies, to reach the owners of the directory disks and CD-ROMs in order to raise the issues of privacy and the re-use of data. An encouragement to develop a code of conduct in relation to the use of reverse directories may forestall a trend to an increasing preference for unlisted numbers. AUSTEL recommends that compilers and purchasers of reverse directories be encouraged to develop a code of conduct that recognises the sensitivity of a reverse telephone directory compared to one that can only be accessed when the name of the subscriber is known. Customer Information Issues{tc "Customer Information Issues"} 7.34 The submission of the Privacy Commissioner and one or two individuals pointed to some issues that relate to the kind of information carriers have about their customers and access to that information. The competitive implications of customer information issues were discussed in Chapter 3. 7.35 Carriers and service providers have access to information in two broad categories - o the name, address, telephone number and credit worthiness information of the kind that any commercial organisation billing its customers has. However, given that almost all households in Australia have a phone service, it is, at least at this stage for AOTC, a particularly comprehensive database. Much of this data is on public record because it appears in the White Pages directories, is partially available through the directory assistance service and is available to some through reverse directories. The exceptions are the credit records and the silent number information. o information about customers' calls, both made and received. This second kind of data is becoming more extensive as the network is modernised and computerisation permits the collection and storage of increasing amounts of the information that is generated in the network. This information is already used commercially to a limited extent. For example, a subscriber to Telecom's 008 toll-free service may be provided with the first four digits of the numbers of the people who called it on the 008 line, thus allowing the subscriber to target its marketing and advertising. Some 0055 information service providers would also like access to the CLI information, so that they can bill their own customers direct, rather than through AOTC as they do at the moment. 7.36 One of the issues raised in this context relates to itemised billing. The Privacy Commissioner points out that there are circumstances in which itemised billing may lead to a breach of privacy, especially where there is joint use of a telephone service. Some submitters and callers have also raised issues of the privacy of household members where the numbers called by them can be discovered by other members of the household. It is, however, a condition in the General Carrier Licence that carriers ômust provide itemised billing for all of its customers as soon as practicable, and, in any case, not later than 30 June 1997ö. (Clause 8.1 of Telecommunications (General Telecommunications Licences) Declaration (No 1) of 1991). 7.37 The Privacy Commissioner suggests that consumers should be offered some choices of how their bill is itemised, including deletion of the last few digits. Currently consumers who are in areas that have itemised billing can ask not to have it, but cannot have the information presented in a different format. One of the recent amendments made to the European Commission's draft directive on ISDN, mentioned in paragraph 3.38, is the offering of more flexible options on itemised billing to consumers to meet the privacy problems that can occur. 7.38 Another issue relates to call charging records, that is the carrier-held records of calls made by customers, the same kind of information as is used in the provision of itemised billing. The use of these records by third parties or for any purpose other than billing and dispute resolution or law enforcement purposes would be a cause of concern. As mentioned in paragraph 3.11, there are interim guidelines in operation to assist the carriers in exercising their discretion with regard to the provision of this kind of information to law enforcement agencies. These guidelines form Appendix 9 of this report. 7.39 Chapter 3 (at paragraphs 3.26 - 3.27) referred to the ways in which information about customers is exchanged between companies as a privacy concern that should be addressed in a code of conduct. The code of conduct should also take up issues that relate to the handling of customer information within companies. AUSTEL recommends that - o carriers develop a code of conduct that relates to their handling of customer information, including - - the exchange of customer information between them, service providers and within the divisions of their own organisation - the provision of options with regard to itemised billing. LIST OF APPENDICES 1 Terms of Reference 2 The Inquiry process 3 Submissions to the Privacy Inquiry 4 Submitters and respondents who met with AUSTEL's Privacy Inquiry 5 Public Seminars held in conjunction with AUSTEL's Privacy Inquiry 6 Respondents to the draft Report 7 Information privacy principles 8 Section 88 of the Telecommunications Act 1991 9 Draft guidelines for disclosure of Call Charge Recording (CCR) information TERMS OF REFERENCE{tc "TERMS OF REFERENCE"} The following terms of reference for AUSTEL's Privacy Inquiry were released on 20 October 1991 - AUSTEL, the Australian Telecommunications Authority, is undertaking a public inquiry into the privacy implications of telecommunications services made possible by new technologies. AUSTEL invites submissions addressing the following issues: o conditions of use or operation, if any, which are needed to protect the privacy of individuals with particular reference to the following: - developments within the telecommunications system such as calling number display (Caller ID) - the availability and use of services which incorporate technologies such as automatic calling equipment (ACE), voice response systems and telephone information management systems (TIMS) - telemarketing services and other like services and activities including unsolicited phone calls and unsolicited facsimiles(junk fax) o whether these matters should be dealt with as a telecommunications specific matter or according to general privacy considerations o in considering conditions of use or operation, the weight which should be given to privacy considerations in assessing the potential economic and social impacts of telecommunications services, taking into account the benefits and costs involved. Suggestions for, and comments on, possible mechanisms by which privacy issues can be addressed are welcome. THE INQUIRY PROCESS{tc "THE INQUIRY PROCESS"} see Chapter 2 The Privacy Inquiry is the first public inquiry held by AUSTEL under section 328 (b) of the Telecommunications Act 1991 . This section gives AUSTEL the power to initiate public inquiries where appropriate and practicable. The Inquiry was carried out as follows - o AUSTEL initiated a round of preliminary consultations with interested parties including the Department of Transport and Communications, the office of the Privacy Commissioner, the Privacy Committee of NSW, the Australian Direct Marketing Association and AOTC. o The inquiry was advertised in metropolitan and regional daily newspapers. o Letters of notification were sent to politicians, interested individuals and organisations. o A detailed discussion paper was published, advertised and distributed. The Discussion Paper was made available through AUSTEL's State registries, Australian Government Bookshops and some other places. o AUSTEL received 141 submissions in response to the initial Discussion Paper. These are listed in Appendix 3. o Submissions were acknowledged and a number of submitters took the opportunity to discuss their submissions with AUSTEL in more detail. A list of submitters with whom individual meetings were held is given in Appendix 4. o Eight public seminars were held, one in each State capital and one in each of Canberra and Wollongong. Details are given in Appendix 5. A decision was made to hold informal seminars rather than formal hearings in order to encourage positive discussion and an open exchange of views and ideas. The seminars were organised in a way which maximised the time available for public discussion and questioning. The aim of these seminars was to - - inform people about some of the emerging and future telecommunications services which might have privacy implications - give people the opportunity to air their views on the privacy issues encompassed by the Inquiry; and - provide a forum for public discussion of privacy issues relevant to the inquiry The seminars were advertised in the local press and advertisements for them were sent to individuals and organisations who had indicated an interest in the inquiry. o A Draft Report was issued in June 1992. This Draft Report summarised submitters' views, canvassed suggested approaches and asked for comment on a number of specific issues. As well, two seminars, one in Melbourne and one in Sydney, were held, both so that AUSTEL could explain the suggestions it had made and hear what interested individuals and groups thought of them. Details of these meetings are also given in Appendix 5. o 41 responses to the Draft Report were received, most from organisations and most responding to some or all of the specific issues raised in the Draft Report. A list of respondents is given in Appendix 6. o Discussions were held with interested parties about the recommendations of the Final Report so that as far as possible these recommendations could be issued on the basis of consensus. .c.SUBMISSIONS TO THE PRIVACY INQUIRY{tc ".c.SUBMISSIONS TO THE PRIVACY INQUIRY"} AAP Communications AGB Australia Dr R Anderton-Crookall AOTC Artcraft Association of Marketing Research Organisations Austin & Partners Australian Civil Liberties Union Australian Consumers' Association Australian Direct Marketing Association The Australian Institute of Fundraising Australian Privacy Foundation Australian Telecommunications Users Group Australian Telemarketing Association Aviation Security Branch - DOTAC Mr. R.E.Balchin Richard Barnes & Associates Mr L Barrett Mr Craig Beard Mr Richard Bennett Bennett Research (Aus) Pty Ltd Mr John Bills Professor R. Bowden Brand Strategies Mr S J Broughton H.J.Campbell Pretty & Associates M G Campbell Mr Jamie Catlin - CIRCIT Centre for Information Technology & Communications (CITEC) P Chamen Chant Link & Associates Christian Children's Fund of Australia Ltd Mr Stephen Coates Coles Myer Commonwealth Fire Board Communications Law Centre Consumers Telecommunications Network (CTN) Mrs Dulcie Cook Correctional Services, Dept. of (SA) Criminal Justice Commission (QLD) Country Fire Service (SA) Dangar Research Group Data-View Mapping Pty Ltd Miss Dorothy Davies DAVOX Nanette Dykes Market Research Education Department of South Australia EKAS Marketing Research Services Elder Marketing Services Elliot & Shanahan Research Federal Bureau of Consumer Affairs Mrs Field Financial Market Research Consultants Mr Peter Flanagan T. Ford Mr Brian Garth Mr John Graham Greer Wire Industries Guide Dog Association of NSW & ACT D.S & J Hall Harrison Market Research Pty Ltd Mr Robert Hermann K Herzog Mr G Hodskiss House With No Steps Mr Alan Hughes Hydro Electric Commission (TAS) Intercode Research Mr Philip Jackson Mr. I R Jenkin Kenning Market Research Consultants Law Society of SA Legislation & Policy Division, VIC Police Levita Group Mr Dennis List (ABC Radio, SA) Mr Doug McKenzie Ms Amy Mahan - CIRCIT Market Research Society of Australia The Marketing Centre Marketshare Pty Ltd Metropolitan Fire Brigade (VIC) MRA Research Pty Ltd Myer Stores Ltd National Mutual Life Association Nationwide Research Services Neill, Riley and Associates NSW Dpt. of Business & Consumer Affairs New South Wales Fire Brigade NSW Police Service - State Intelligence Group Command Newspoll Northern Field Services Optus Communications K. Patterson & Associates Ms Winifred Peart Ms Patricia Prendergast Privacy Commissioner, HREOC Privacy Committee of New South Wales Prospect Electricity Quantum Queensland Police Service Mr Reinhold Quillen The Reark Group Research International Retailers Council of Australia Mr Myles Ruggles - CIRCIT Mr Mike Russell SETEL Shire of Seymour (Ms. Shelley Frawley) Shire of Seymour (Cliff Nicholson) Frank Small & Associates Mr Charlie Sorel South Australia Police Department Staddon Consulting Services State Electricity Commission of Victoria Ms Mandy Swaney Telogy: Talking Technology Australia Trade Practices Commission Mr Rodger Tremlett Mr Tony Tritschler Mr Greg Tucker Vitalcall Pty Ltd WA Police Department Wells Australasia West Street Research Services Mr Robin Whittle City of Whittlesea Mr J Wilson Womens Electoral Lobby Woolcott Research Worthington Di Marxio Pty Ltd Yann Campbell Hoare Wheeler In addition, there were two anonymous submissions, four where submitters asked that their submissions be regarded as commercial-in-confidence and two where submitters were prepared to have the text used but wished to have their name and address withheld. SUBMITTERS AND RESPONDENTS WHO MET WITH AUSTEL'S PRIVACY INQUIRY{tc "SUBMITTERS AND RESPONDENTS WHO MET WITH AUSTEL'S PRIVACY INQUIRY"} AAP Alcatel Australian Direct Marketing Association Australian Market Research Organisation AOTC CIRCIT Mr Stephen Coates Communications Law Centre Consumer Telecommunications Network Federal Bureau of Consumer Affairs Levita Group Market Research Society of Australia New South Wales Fire Brigades Nortel Optus Communications Privacy Commissioner Prospect Electricity Mr Greg Tucker Mr Robin Whittle Other meetings Office of the Status of Women, Department of Prime Minister and Cabinet Telecommunications Policy Division, Department of Transport and Communications National Directory Services, AOTC Portmack Pty Ltd Trade Practice Commission PUBLIC SEMINARS HELD IN CONJUNCTION WITH AUSTEL'S PRIVACY INQUIRY{tc "PUBLIC SEMINARS HELD IN CONJUNCTION WITH AUSTEL'S PRIVACY INQUIRY"} (1) After submissions were received Brisbane Monday 9 March 1992 Carindale Hotel Motel, Carindale Sydney Wednesday 11 March 1992 Square House, University of New South Wales Wollongong Thursday 12 March 1992 Union Function Room, University of Wollongong Perth Wednesday 18 March 1992 City West Centre, West Perth Adelaide Thursday 19 March 1992 South Park Motor Inn, Adelaide Hobart Thursday 26 March 1992 Westside Hotel, Hobart Canberra Tuesday 31 March 1992 Haydon Allen Building, Australian National University Melbourne Thursday 2 April 1992 CIRCIT, South Melbourne (2) After the publication of the Draft Report Melbourne Tuesday 30 June 1992 Dallas Brooks Conference Centre East Melbourne Sydney Thursday July 2 1992 Golden Gate Park Plaza Hotel Haymarket RESPONDENTS TO THE DRAFT REPORT{tc "RESPONDENTS TO THE DRAFT REPORT"} AAP Communications Alcatel Australia Mr John Allen AOTC Association of Marketing Research Organisations Attorney-General's Department, Human Rights Branch Australian Direct Marketing Association Australian Telecommunications Users Group Australian Telemarketing Association Mr L Barrett Communications Law Centre (CLC) Consumer Affairs, New South Wales Consumers Telecommunications Network (CTN) Department of Communications, Canada Mr Michael Doyle Elliot & Shanahan Research Federal Bureau of Consumer Affairs Mr Peter Flanagan Mr Ian Gunn Mr Lindsay MacDonald Market Research Society of Australia N.D. & B.A. May New South Wales Fire Brigades NorTel Optus Communications Privacy Commissioner, HREOC Prospect Electricity Queensland Police Service Mr Myles Ruggles - CIRCIT Shire of Seymour (Ms. Shelley Frawley) Shire of Seymour (Cliff Nicholson) South Australia Police Department Telecommunications Policy Division, Department of Transport and Communications Telephone Service Against Sexual Assault Telsol Mr Greg Tucker, David Syme School of Business, Monash University Western Australian Police Department Mr David Whittle Mr Robin Whittle Womens Electoral Lobby Women's Information Switchboard There was one anonymous submission, and one where the respondent did not wish publication of her details. INFORMATION PRIVACY PRINCIPLES{tc "INFORMATION PRIVACY PRINCIPLES"} see paragraph 4.2 Principle 1 Manner and purpose of collection of personal information 1. Personal information shall not be collected by a collector for inclusion in a record or in a generally available publication unless: (a) the information is collected for a purpose that is a lawful purpose directly related to a function or activity of the collector; and (b) the collection of the information is necessary for or directly related to that purpose 2. Personal information shall not be collected by a collector by unlawful or unfair means. Principle 2 Solicitation of personal information from individual concerned Where: (a) a collector collects personal information for inclusion in a record or in a generally available publication; and (b) the information is solicited by the collector from the individual concerned the collector shall take such steps (if any) as are, in the circumstances, reasonable to ensure that, before the information is collected or, if that is not practicable, as soon as practicable after the information is collected, the individual concerned is generally aware of: (c) the purpose for which the information is being collected; (d) if the collection of the information is authorised or required under law - the fact that the collection of the information is so authorised or required; and (e) any person to whom, or any body or agency to which, it is collector's usual practice to disclose personal information of the kind so collected, and (if known by the collector) any person to whom, or any body or agency to which, it is usual practice of that first mentioned person, body or agency to pass on that information. Principle 3 Solicitation of personal information generally Where: (a) a collector collects personal information for inclusion in a record or in a generally available publication; and (b) the information is solicited by the collector; the collector shall take such steps (if any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose for which the information is collected; (c) the information collected is relevant to that purpose and is up to date and complete; and (d) the collection of the information does not intrude to an unreasonable extent upon the personal affairs of the individual concerned. Principle 4 Storage and security of personal information A record-keeper who has possession or control of a record that contains personal information shall ensure: (a) that the record is protected by such security safeguards as it is reasonable in the circumstances to take, against loss, against unauthorised access, use, modification or disclosure, and against other misuse; and (b) that if it is necessary for the record to be given to a person in connection with the provision of a service to the record-keeper, everything reasonably within the power of the record-keeper is done to prevent unauthorised use or disclosure of information in the record. Principle 5 Information relating to records kept by record-keeper 1. A record-keeper who has possession or control of records that contain personal information shall, subject to clause 2 of the Principle, take such steps as are, in the circumstances, reasonable to enable any person to ascertain: (a) whether the record-keeper has possession or control of any records that contain personal information; and (b) if the record-keeper has possession or control of a record that contains such information: (i) the nature of that information; (ii) the main purposes for which that information is used; and (iii) the steps that the person should take if the person wishes to obtain access to the record. 2. A record-keeper is not required under clause 1 of this Principle to give a person information if the record-keeper is required or authorised to refuse to give that information to the person under the applicable provisions of any law of the Commonwealth that provides for access by persons to documents. 3. A record-keeper shall maintain a record setting out: (a) the nature of the records of personal information kept by or on behalf of the record-keeper; (b) the purpose for which each type of record is kept; (c) the classes of individuals about whom records are kept; (e) the persons who are entitled to have access to personal information contained in the records and the conditions under which they are entitled to have that access; and (f) the steps that should be taken by persons wishing to obtain access to that information. 4. A record-keeper shall: (a) make the record maintained under clause 3 of this Principle available for inspection by members of the public; and (b) give the Commissioner, in the month of June in each year, a copy of the record so maintained. Principle 6 Access to records containing personal information where a record-keeper has possession or control of a record that contains personal information, the individual concerned shall be entitled to have access to that record, except to the extent that the record-keeper is required or authorised to refuse to provide the individual with access to that record under the applicable provisions of any law of the Commonwealth that provides for access by persons to documents. Principle 7 Alteration of records containing personal information 1. A record-keeper who has possession or control of a record that contains personal information shall take such steps (if any), by way of making appropriate corrections, deletions and additions as are, in the circumstances, reasonable to ensure that the record: (a) is accurate; and (b) is, having regard to the purpose for which the information was collected or is to be used and to any purpose that is directly related to that purpose, relevant, up-to-date, complete and not misleading. 2. The obligation imposed on a record-keeper by clause 1 is subject to any applicable limitation in a law of the Commonwealth that provides a right to require the correction or amendment of documents. 3. Where: (a) the record-keeper of a record containing personal information is not willing to amend that record, by making a correction, deletion or addition, in accordance with a request by the individual concerned; and (b) no decision or recommendation to the effect that the record should be amended wholly or partly in accordance with that request has been made under the applicable provisions of a law of the Commonwealth; the record keeper shall, if so requested by the individual concerned, take such steps (if any) as are reasonable in the circumstances to attach to the record any statement provided by that individual of the correction, deletion or addition sought. Principle 8 Record-keeper to check accuracy etc of personal information before use A record-keeper who has possession or control of a record that contains personal information shall not use that information without taking such steps (if any) as are, in the circumstances, reasonable to ensure that, having regard to the purpose for which the information is proposed to be used, the information is accurate, up to date and complete. Principle 9 Personal information to be used only for relevant purposes A record-keeper who has possession or control of a record that contains personal information shall not use the information except for a purpose to which the information is relevant. Principle 10 Limits on use of personal information 1. A record-keeper who has possession or control of a record that contains personal information that was obtained for a particular purpose shall not use the information for any other purpose unless: (a) the individual concerned has consented to use of the information for that other purpose; (b) the record-keeper believes on reasonable grounds that use of the information for that other purpose is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or another person; (c) use of the information for that other purpose is required or authorised by or under law; (d) use of the information for that other purpose is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue; or (e) the purpose for which the information is used is directly related to the purpose for which the information was obtained. 2. Where personal information is used for enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue, the record-keeper shall include in the record containing that information a note of that use. Principle 11 Limits on disclosure of personal information 1. A record-keeper who has possession or control of a record that contains personal information shall not disclose the information to a person, body or agency (other than the individual concerned) unless: (a) the individual concerned is reasonably likely to have been aware, or made aware under Principle 2, that information of that kind is usually passed to that person, body or agency; (b) the individual concerned has consented to the disclosure; (c) the record-keeper believes on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or of another person; (d) the disclosure is required or authorised by or under law; or (e) the disclosure is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue. 2. Where personal information is discloser for the purposes of enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue, the record-keeper shall include in the record containing that information a note of the disclosure. 3. A person, body or agency to whom personal information is disclosed under clause 1 of this Principle shall not use or disclose the information for a purpose other than the purpose for which the information was given to the person, body or agency. . c.TELECOMMUNICATIONS ACT 1991 SECTION 88 see paragraphs 4.5 - 4.9 Carriers' employees etc. not to disclose or use contents of communications etc. 88. (1) A person who is an employee of a carrier must not disclose or use any fact or document that: (a) relates to: (i) the contents or substance of a communication that has been carried by the carrier or a communication in the course of telecommunications carriage; or (ii) telecommunications services supplied, or intended to be supplied, to another person by the carrier; or (iii) the affairs or personal particulars (including any unlisted telephone number or any address) of another person; and (b) comes to the person's knowledge, or into the person's possession, because the person is an employee of the carrier. Penalty: Imprisonment for 2 years. (2) A person who has been an employee of a carrier must not disclose or use any fact or document that: (a) relates to a matter mentioned in paragraph (1) (a); and (b) came to the person's knowledge, or into the person's possession, because the person was an employee of the carrier. Penalty: Imprisonment for 2 years. (3) This section does not prohibit a disclosure by a person of a fact or document: (a) if the disclosure is made in the performance of the person's duties as an employee of the carrier; or (b) if the disclosure is made as a witness summoned to give evidence or to produce documents; or (c) if the disclosure is made: (i) to an officer or employee of the Australian Security Intelligence Organisation authorised in writing by the Director-General of Security to receive the disclosure; and (ii) in connection with the performance by the Organisation of its functions; or (d) if: (i) the fact or document came to the person's knowledge, or into the person's possession, because of a call to the emergency number 000; and (ii) the disclosure is made to a member of a police force or fire service or of an ambulance service to which the call was connected; or (e) if the fact or document relates to the affairs or personal particulars (including any unlisted telephone number or any address) of another person and: (i) the other person is reasonably likely to have been aware or made aware that information of that kind is usually disclosed in the circumstances concerned; or (ii) the other person has consented to the disclosure in the circumstances concerned; or (iii) the person who makes the disclosure believes on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of a person; or (f) if the disclosure is required or authorised by or under law; or (g) if the disclosure is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue; or (h) if: (i) the person who made the disclosure is an employee of the carrier; and (ii) the disclosure is made to, or to an employee of, another carrier or a supplier of an eligible service; and (iii) the fact or document relates to: (A) the operation or maintenance of a telecommunications network or facility operated by the other carrier or the supplier; or (B) the supply of services by the other carrier or the supplier by means of a telecommunications network or facility; and (iv) the disclosure is made for the purpose of the carrying on by the other carrier or the supplier of its business relating to the supply of services by means of a telecommunications network or facility operated by the other carrier or the supplier; or (i) if: (i) the person who made the disclosure is an employee of the carrier; and (ii) the disclosure is made to, or to an employee of, another carrier or a supplier of an eligible service; and (iii) the fact or document relates to: (A) the operation or maintenance of a telecommunications network or facility operated by the first-mentioned carrier; or (B) the supply of services by the first-mentioned carrier by means of a telecommunications network or facility; and (iv) the disclosure is made for the purpose of the carrying on by the other carrier or the supplier of its business relating to the supply of services by means of a telecommunications network or facility operated by the first- mentioned carrier; or (j) if the disclosure is reasonably necessary for the purpose of the preservation of human life at sea; or (k) if the disclosure: (i) relates to the location of a vessel at sea; and (ii) is made for maritime communications purposes; or (l) if: (i) the person who made the disclosure is or has been an employee of the carrier; and (ii) the disclosure is made to, or to a member of the staff of, AUSTEL; and (iii) the fact or document may assist AUSTEL in the performance of any of its functions or the exercise of any of its powers under this Act or any other law of the Commonwealth; or (m) if the disclosure is made in prescribed circumstances. (4) This section does not prohibit a use by a person of a fact or document: (a) if the use is made for the purposes of or in connection with a disclosure of the fact or document by the person, being a disclosure to which subsection (3) applies; or (b) if the use is made in the performance of the person's duties as an employee of the carrier; or (c) if the fact or document relates to the affairs or personal particulars (including any unlisted telephone number or any address) of another person and: (i) the other person is reasonably likely to have been aware or made aware that information of that kind is usually used in the circumstances concerned; or (ii) the other person has consented to the use in the circumstances concerned; or (iii) the person who makes the use believes on reasonable grounds that the use is necessary to prevent or lessen a serious and imminent threat to the life or health of a person; or (d) if the use is required or authorised by or under law; or (e) if the use is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue; or (f) if: (i) the person who made the use is an employee of the carrier; and (ii) the fact or document relates to: (A) the operation or maintenance of a telecommunications network or facility operated by another carrier or by a supplier of an eligible service; or (B) the supply of services by another carrier, or by the supplier of an eligible service, by means of a telecommunications network or facility; and (iii) the use is made for the purpose of the carrying on by the other carrier or the supplier of its business relating to the supply of services by means of a telecommunications network or facility operated by the other carrier or the supplier; or (g) if: (i) the person who made the use is an employee of the carrier; and (ii) the fact or document relates to: (A) the operation or maintenance of a telecommunications network or facility operated by the carrier; or (B) the supply of services by the carrier by means of a telecommunications network or facility; and (iii) the use is made for the purpose of the carrying on by another carrier, or by a supplier of an eligible service, of its business relating to the supply of services by means of a telecommunications network or facility operated by the first-mentioned carrier; or (h) if the use is reasonably necessary for the purpose of the preservation of human life at sea; or (i) if the use: (i) relates to the location of a vessel at sea; and (ii) is made for maritime communications purposes; or (j) if the use is made in prescribed circumstances. (5) In this section: "communication in the course of telecommunications carriage" means a communication that is being carried by a carrier, and includes a communication that has been collected or received by a carrier for carriage by it but has not been delivered by it; "employee", in relation to a carrier or a supplier of an eligible service, includes: (a) a person who performs services for or on behalf of the carrier or supplier; and (b) an employee of such a person. Note: This section was being amended as this report was being produced. The above version does not include these amendments. DRAFT{tc "DRAFT"} GUIDELINES FOR DISCLOSURE OF CALL CHARGE RECORDING (CCR) INFORMATION see paragraph 3.11 1. Section 88(3)(g) of the Telecommunications Act, 1991 permits the disclosure of information by a carrier or its employees if the disclosure is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue. 2. The "reasonableness test" in section 88(3)(g) shall be satisfied where disclosure of CCR information is made in relation to investigation of conduct which, if proved, would constitute - (i) an offence punishable by two years' imprisonment or more; or (ii) specific conduct, or a specific offence (whether criminal or civil), which, while not carrying a penalty of two years' imprisonment or more, is agreed between the carrier and the agency concerned to be sufficiently serious, or to have such special circumstances for its investigation, as to justify the release of CCR information, and provided the following procedures are followed - (a) requests for CCR information to be made to a specified area or unit of the carriers for processing; (b) requests to be made/authorised at an appropriately senior level and to be accompanied by a statement of reasons for the request so that the carrier may be satisfied that any disclosure made in response would be in the circumstances specified in paragraphs 88(3)(g); (c) the statement of reasons to contain an assurance or certificate that the disclosure requested is in fact reasonably necessary for the enforcement of the criminal law, etc; (d) records to be kept by the carriers in relation to requests submitted, and disclosures made, in relation to CCR information. 3. The agencies to which these guidelines apply are Commonwealth or State Government agencies which administer the criminal law, or laws imposing a pecuniary penalty, or laws protecting the public revenue. 4. A carrier may request an agency to whom CCR information is disclosed in accordance with those guidelines to give an undertaking that the information so acquired shall only be further disclosed in the circumstances contemplated by Information Privacy Principle 11. Executive Summary and Recommendations Executive Summary and Recommendations {page|1} Executive Summary and Recommendations {page|1} The Inquiry: Reasons and Support for, the Consultative Process and Developments during The Inquiry: Reasons and Support for, the Consultative Process and Developments during Telecommunications ôPrivacyö in Context Telecommunications ôPrivacyö in Context An Australian Approach to Telecommunications Privacy Issues An Australian Approach to Telecommunications Privacy Issues {page|1} An Australian Approach to Telecommunications Privacy Issues {page|1} Calling Line Identification /Calling Number Display Calling Line Identification/Calling Number Display {page|1} Unsolicited Telecommunications Unsolicited Telecommunications Unsolicited Telecommunications Equipment and Other Issues Equipment and Other Issues Appendix 1 Appendix 3 Appendix 3 Appendix 3 Appendix 3 Appendix 4 Appendix 5 Appendix 5 Appendix 6 Appendix 7 Appendix 7 Appendix 8 Appendix 8 Appendix 9