Optus has forked out $1.5 million to the Australian Communications and Media Authority (ACMA) after it found large-scale breaches of public safety rules.
A recent ACMA investigation found that the telco giant left 200,000 mobile customers from the Coles Mobile and Catch Connect brands at risk.
Optus failed to upload required customer information to the Integrated Public Number Database (IPND) between January 2021 and September 2023.
What is the IPND?
An IPND is used for critical services like the emergency service alert to warn Aussies of disasters like bushfires and floods. It’s also used by Triple Zero to provide location information to the police, ambulance and fire in an emergency.
In addition to the financial penalty, the ACMA has accepted a court-enforceable undertaking from Optus that requires an independent review of its IPND compliance where it uses a third-party data provider, and makes any improvements recommended by the review. Optus has also been formally directed to comply with the IPND industry code.
ACMA said if it finds Optus failed to comply with the direction or the enforceable undertaking, it may commence proceedings in the Federal Court, which can order penalties up to $10 million per breach or make orders concerning the undertaking.
ACMA member Samantha Yorke said the authority commenced its investigation after a compliance audit indicated Optus had failed to upload data via its outsourced supplier, Prvidr.
“When emergency services are hindered there can be very serious consequences for the safety of Australians,” Yorke said.
According to Yorke, there wasn’t anyone directly harmed due to this non-compliance.
“It’s alarming that Optus placed so many customers in this position for so long. Optus cannot outsource its obligations, even if part of the process is being undertaken by a third party,” she said.
“All telcos need to have systems in place that ensure they are meeting their obligations, including having robust oversight and assurance processes for third-party suppliers.”
Commenting on the $1.5m penalty, an Optus spokesperson said, “Optus accepts that proper audits and checks were not in place to ensure IPND obligations were being met for services we supply through our partner brands. We apologise for this and accept that we have not met community expectations.
“Optus has now introduced those audits and checks-over its supplier’s performance to ensure this issue is not repeated.”
The telco said it accepts ACMA’s findings and has agreed to an enforceable undertaking to complete an independent review of the processes used to manage compliance with its IPND obligations for these partner brands and make any further improvements if required.
“Optus accepts the ACMA’s findings and has agreed to an Enforceable Undertaking to complete an independent review of the processes used to manage compliance with our IPND obligations for these partner brands and make any further improvements if required.”
Over the past 18 months, ACMA has taken action against five telcos for IPND breaches, with financial penalties totalling more than $2 million. This included Aussie Broadband and Circles.Life.