This article contains information from our recent webinar, Telco Compliance: What you need to know.
Nothing discussed in this article constitutes legal advice. This article is not intended to be a substitute for legal advice and should not be relied upon as such.
This article contains general information only. We have not taken into consideration your personal circumstances or needs when developing the content of this article.
You should seek legal advice or other professional advice in relation to any particular issues you or your organisation may have.
The telecommunications industry landscape is forever changing. Products, customer requirements and regulations are becoming more complex. Trying to keep up with it all can be time consuming, exhausting and can become quite expensive.
In this article, we’ll cover some areas of compliance, what they mean and finally how Emersion can help you meet compliance requirements. We’ll focus on some of the key areas of compliance in the telecommunications industry, however this is not a full list of your compliance obligations. To obtain your full list of obligations, please seek your own legal and compliance advice.
Whether you’re a startup looking to add telco products to your offering or an existing business who offers telco products to consumers or business, compliance will apply to you.
If you resell, on-sell or manage telecommunications that are provided to consumers or business, compliance will still apply to you.
So let’s begin with some of the governing bodies you may deal with and a brief description of who they are.
The Australian Communications and Media Authority (ACMA)
The ACMA is a regulator who was created to oversee the convergence of telecommunications broadcasting, radio communications and the internet.
The Australian Competition and Consumer Commission (ACCC)
The ACCC is an independent commonwealth statutory authority whose role is to enforce additional legislation and promote competition, fair trading and regulating national infrastructure for the benefit of Australians.
Communications Alliance is the primary telecommunications industry body in Australia. Their objective is to facilitate open effective and ethical competition between service providers whilst ensuring efficient and safe operation of networks, the provisioning of innovative services and the enhancement of consumer outcomes. Being a member of the communications alliance, you will have the benefit of being able to make meaningful contributions to the future of the industry and be able to participate in the governing operations.
The IPND Manager (Telstra)
Telstra manages the IPND on behalf of the telecommunications industry. Data is supplied to the IPND by carriage services providers, also known as data providers.
Police divisions of Victoria, New South Wales, Queensland, South Australia, North Territory and Western Australia all deal with the enforcement of the criminal law, as well as the Attorney General’s office, Intelligence Division Department of Home Affairs and the Department of Border Intelligence.
The Telecommunications Industry Ombudsman Limited (TIO)
The Telecommunications Industry Ombudsman provides a free and independent dispute resolution service for small business and residential customers who have an unresolved complaint about the telephone or internet service in Australia. Powers of the TIO to handle complaints under the code are to receive, investigate, and facilitate the resolution, make determinations in relation to, give directions in relation to, and report on complaints made by the end users of a listed carriage service.
Now we’ll look at some of the laws that you should be familiar with in the telco industry.
The Telecommunications Act of 1997
The objective of this act is to provide a regulatory framework that promotes a long term interest of end users of carriage services, the efficiency and international competitiveness of the Australian telecommunications industry, and the availability of accessible and affordable carriage services that enhance the lives of Australians.
The Telecommunications Interception and Access Act 1979
The objective of this act prohibits the interception of, and other access to, telecommunications, except where authorised in special circumstances or for the purpose of tracing the location of callers in emergencies, and for related purposes such as for the enforcement of criminal law. From time to time, you may be contacted by a law enforcement agency across the country, where you may be requested to provide subscriber information or call records for one or many of your customers. The law enforcement agencies will normally issue a notice to you, where they will enact clauses 178 and subsection 184 of the act to gain access to this information.
The Australian Consumer Law
This law includes:
- A national unfair contract terms law covering standard form consumer and small business contracts.
- A national law guaranteeing consumer rights when buying goods and services.
- A national product safety law and enforcement system.
The Privacy Act 1988
Australian legislation protecting the handling of personal information about individuals. This includes the collection, use, storage, and disclosure of personal information in the federal public sector and in the private sector.
Now we’ll look at some of the industry codes you should be familiar with.
The Telecommunications Consumer Protection Code (TCP Code)
The TCP Code is the code of conduct for the telecommunications industry in Australia. It provides community safeguards in the areas of sales, service and contracts, billing, credit and debit management, and changing suppliers. It also sets out a framework for code compliance and monitoring. It applies to all carriage service providers in Australia, and is enforceable by the ACMA. The code protects consumers who use mobile phones, landline, and internet services including the NBN.
The Integrated Public Number Database (IPND)
The IPND is a centralised database that contains the record of each telephone number issued by carriage service providers to their customers in Australia.
Mobile Number Portability
The industry code developed to specify the procedural arrangement required to port a mobile service number between carriage service providers. Where there is a change in a mobile carrier network, the code provides an automated interface between mobile carriers and carriage service providers to support mobile number portability.
Local Number Portability
The Local Number Portability sets out the procedures for porting a local phone number between telcos. The key requirements include rules for porting applied to you if you issue a number for your customer and to any upstream telco that provides your customer with a local service.
Inbound Number Portability
The industry code developed for operational procedures between carriers, carriage service providers and other industry participants for the implementation of inbound number portability. This is the portability of 1800 numbers and local 1300 numbers.
The Privacy Act 1988 is a federal law that governs the way in which businesses and federal government agencies must handle personal information.
For the purpose of the act, personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether the information or the opinion is true or not, and whether the information or opinion is recorded in a material form or not.
This is a very broad definition, and it’s important to keep in mind when you’re collecting information from individuals such as your customers.
Who does the act apply to?
The Privacy Act applies to what are referred to as ‘APP entities’. An APP entity is, generally speaking, Federal Government entities and office holders, and organisations which can include individuals, body corporates, partnerships, trusts, etc.
An APP entity does not include registered political parties, state or territory authorities, or ‘small business operators’. A small business operator is a business with an annual turnover of $3M AUD or less.
However, a small business operator will be deemed to be an APP entity, and therefore be required to comply with the act, if they operate another business with an annual turnover of $3M AUD or more, provide a health service or otherwise hold health information, disclose or collect personal information about another individual for a benefit service or advantage, if they are a contracted service provider for a Commonwealth contract, or are a credit reporting body. So again, the scope of who the act applies to is quite far reaching.
The Australian Privacy Act has an extra-territorial application. What this means is that an organisation does not necessarily have to be located in Australia to be captured by the act, they merely need to have an Australian link.
An Australian link will include situations where the entity was formed in Australia, has central management control in Australia, or is otherwise carrying on a business and collects or holds personal information in Australia. So if you have a website where you’re offering goods or services in Australia, or if you’re collecting personal information on someone who is physically in Australia, this would be enough to be an ‘Australian link’.
If you collect personal information from customers located overseas, you may also be subject to their home legislation. Eg. GDPR in the UK/EU.
The 13 Australian Privacy Principles (APPs)
The 13 APPs are one of the key features of the Privacy Act. As the name suggests, the APPs are a number of principles that seek to protect privacy while not burdening agencies or organisations with inflexible, prescriptive rules. So, to give you a bit of a taste of what the APPs cover, we’ll run through a couple of them.
APP 2: Anonymity and pseudonymity
APP 2 highlights the need to give individuals the option not to identify themselves. There are limited exceptions to this requirement, such as if an entity is required or authorised under Australian law to deal with individuals who have identified themselves, such as providing a prepaid mobile phone to an individual, where legislation requires that they be identified, another example could be opening a bank account.
APP 7: Direct marketing
This states that an organisation must not use or disclose personal information that it holds about an individual for the purpose of direct marketing, unless an exception applies. One of the exceptions could be that the personal information has been collected directly from an individual, and that individual could reasonably expect that their personal information may be used for the purpose of direct marketing. If an exception does apply, then you must give the individual the ability to opt out of direct marketing.
APP 8: Cross-border disclosure of personal information
This outlines the steps that an APP entity must take to protect personal information before it’s disclosed overseas. This is an important principle to keep in mind if you have suppliers or related body corporates located overseas that want to have access to personal information. The principle generally requires an APP entity to ensure that the overseas recipient will handle the individual’s personal information in accordance with the APPs. It also makes the APP entity accountable if the overseas recipient mishandles the information.
The Notifiable Data Breaches Scheme
Another important part of The Privacy Act is the Notifiable Data Breaches Scheme. This commenced on the 22nd of February 2018. This scheme imposes an obligation on organisations and agencies who must comply with the act to notify affected individuals and the office of the Australian Information Commissioner when a data breach has occurred that is likely to result in serious harm to an individual whose personal information is involved.
A data breach occurs when personal information an organisation holds is lost or subject to unauthorised access or disclosure. For example, when a device with customers’ personal information is lost or stolen, or when a database containing personal information is hacked, or when personal information is mistakenly sent to the wrong person.
Breaches of The Privacy Act
Breaches of The Privacy Act can result in penalties of up to $1.8M for corporate bodies, so this is definitely not an area to overlook. If you’re unsure of whether the act applies, or if any international acts apply, or if you’re just unsure of what you need to do to actually comply, then it’s best to seek your own legal advice.
The ACL is a uniform legislation that is focused on protecting consumers. It’s a national generic law which applies in the same way to all sectors in all Australian jurisdictions. The ACL covers a lot of different areas such as imposing general standards of business conduct, it prohibits unfair trading practices, provides basic consumer guarantees to goods and services and regulates specific types of business-to-consumer transactions. We’re really only going to scratch the surface of the ACL in this article.
Generally speaking, for the purposes of the ACL a person is a ‘consumer’ if they acquire goods and services that are priced at less than $40,000. A person is also a ‘consumer’ if they acquire goods and services that are priced at more than $40,000 but they are ‘of a kind ordinarily acquired for personal, domestic or household use or consumption’.
Unfair contract terms
So now that we have a bit of an understanding of who a consumer is for the purposes of the ACL, we’ll look at what contract terms may be considered unfair when you’re entering into agreements with consumers.
Standard form consumer contracts
The unfair contract terms provision of the ACL applies to standard form consumer contracts.
A standard form contract is a contract that is prepared by one party to the contract and not negotiated between the parties – it is offered on a ‘take it or leave it’ basis.
A consumer contract is a contract for the supply of goods or services, or the sale or grant of an interest in land, to an individual for personal, domestic or household use or consumption.
A term is considered ‘unfair’ when:
- It causes a significant imbalance in the parties’ rights and obligations arising under the contract;
- It is not reasonably necessary to protect the legitimate interest of the supplier; and
- It would cause detriment (whether financial or otherwise) to a party if it were to be relied on.
All three of these elements must be proven to exist for a court to decide that a term is unfair. Once a term is deemed to be unfair by a court, it will be void, which means it will have no effect. The rest of the contract will continue to apply, if it can continue to apply without the void term.
Misleading or deceptive conduct
This is an important area to keep in mind, particularly when it comes to marketing or advertising your products and services.
It is unlawful for a business to make statements in trade or commerce that are misleading or deceptive or are likely to be misleading or deceptive.
‘Conduct’ can include actions and statements such as advertisements, promotions, quotes, statements and any representation made by a person.
It’s really important to consider whether the overall impression created by the conduct is false or inaccurate. Failing to disclose relevant information, or providing predictions or opinions can also sometimes be misleading or deceptive in certain circumstances.
Disclaimers and small print are not sufficient to avoid misleading or deceptive conduct.
The Integrated Public Number Database (IPND) is a centralised database that contains the record of each telephone number issued by Carriage Service Providers (CSPs) to their customers in Australia. Each IPND (or Public Number Customer Data) record includes the customer’s phone number, name, service and directory addresses, the type of service, whether the service is listed or unlisted and details about the CSP who provides the service.
The types of services recorded in the IPND include:
- Fixed telephone services;
- Mobile phone services;
- VoIP services associated with a telephone number;
- Freecall and local rate numbers (including 13 and 1800 numbers); and
- Payphone services.
How to provide data to the IPND
To provide data to the IPND, you will need to apply to the IPND Manager and may:
- Request to provide the data to the IPND yourself; or
- Nominate and authorise a data provider to act on your behalf.
The provision of your data to the IPND is run by an automated and scheduled process. The IPND will receive the files, and they will also return files on a daily basis.
What’s important to know about your compliance to the IPND?
- Ensure the data you are providing is accurate and up to date;
- Making sure that you’re looking at the data that has come back from the IPND and needs to be fixed and resubmitted; and
- Conduct a reconciliation of your data every 6 months.
The TCP code protects customers who use mobile phone, landline and internet services, including NBN.
TCP Code overview
The key rules set out in the code include:
- How to communicate with or deal with customers
- What you can say in advertising and sales information
- Handling bills and disputes
- The ways customers can pay
- How to assess credit for new customers
- How to help customers switch services providers
Providers who sell telco services are required to be a registered TIO member.
It’s important to know that when you continue to comply with the TCP code, the handling of complaints through the TIO will be easier to deal with. The TIO, as you may already know, can be very expensive, time consuming and frustrating for both you and your customers.
What can you look at to see if you’re complying?
- Your invoice templates and the information you are presenting
- Your usage threshold notifications
- Your contract termination fees
- Billing and usage information you provide your customers
- Credit assessment for your customers whose contract value is $1,000 or more
- Your complaint handling statistics and procedures
- The structure of your CIS and any advertising matieral on your website
If you sell NBN services, there are some other requirements. So you may wish to review the content inside your key fact sheets.
Now let’s talk about how Emersion’s billing and business automation platform can help your telco business grow and become more profitable while staying compliant.
We can be your IPND data provider
Emersion currently serves as a data provider for a number of our customers. We’re fully integrated with the IPND. We’ll submit your data everyday, and also give you access to the data the IPND rejects so that you can tidy it up.
Compliant invoice templates
We offer a selection of compliant invoice templates for you to choose from, to be automatically sent to your customers each month.
TCP usage notifications
We can send usage notifications using our TCP compliant notifications platform
We can give you access to a service desk so you can track and manage your customers’ communication and compliance.
We can provide you access to a large pool of reports covering anything you need to know about your customers’ services and usage.
We can also help you protect your data, offer you solutions for identity and credit verification, and offer you consulting time to ensure we’re delivering a billing & business automation solution that meets your needs.
To learn more about Emersion and what it can do for your business, contact our sales team now.
Understanding relevant legislation, codes and acts
- Office of the Australian Information Commissioner – The Privacy Act
- Australian Consumer Law – Resources and Guides
- The Telecommunications Act of 1997
- ACMA 2021-2022 Compliance Priorities – E.g. Protecting vulnerable telco customers and Telco Complaints Handling
- ACMA 2021-2022 Corporate Plan on a Page
- The Personal Property Securities Acts Impact on Technology and Telecommunications Businesses
- Telecommunications Consumer Protections (TCP) Code
- ACMA – The Integrated Public Number Database (IPND)
- Emergency Call Standards Requirements – Explanatory Statement
- ACMA – Porting a Customer’s Phone Number
- ACMA – Register of Telco industry codes and standards
- ACMA – NBN Services rules for telcos
- ACMA – Information NBN telcos must give you