Last week, the Attorney-General’s Department revealed it had just no way of knowing whether the data stored as part of the mandatory data retention regime was actually being stored in Australia. One concerned constituent wrote to her local Senator, Eric Abetz, about this matter, and in a generalised response — where it is clear Abetz has sought advice from the department — Abetz talked about the current legislation rather than the data retention scheme, and said that not forcing companies to keep data in Australia was about “flexibility”:

“The Bill does not specify where or how data must be stored. The amendments support a risk-based approach to managing national security concerns to the telecommunications sector, while also retaining flexibility in decision making for industry.

The continually changing nature of this environment necessitates the need for industry to innovate and be flexible to support their changing needs and with minimal but sensible regulatory burden.”

ISP iiNet, back in the day when it was a company fighting for the interests of its customers rather than for TPG’s bottom line, suggested that if there were no restriction on where the data had to be stored, it would go for the cheapest option in China. At least now if there is a data breach they will have to inform us.

Peter Fray

Fetch your first 12 weeks for $12

Here at Crikey, we saw a mighty surge in subscribers throughout 2020. Your support has been nothing short of amazing — we couldn’t have got through this year like no other without you, our readers.

If you haven’t joined us yet, fetch your first 12 weeks for $12 and start 2021 with the journalism you need to navigate whatever lies ahead.

Peter Fray
Editor-in-chief of Crikey