Government officials have no idea where Australians' metadata, compulsorily retained under its mass surveillance laws by communications providers, is being stored.

Officials of the Attorney-General's Department made the extraordinary admission today in hearings of the Joint Committee on Intelligence and Security, which is examining the Telecommunications and Other Legislation Amendment Bill 2016. That bill establishes new notification requirements relating to Australian companies' data security and requires them to "do their best to manage the risk of unauthorised access and interference to networks and facilities" as well as giving AGD and the Attorney-General additional powers of information-gathering and direction.