Optus Mobile Pty Ltd (Optus) has paid a $1,501,500 penalty after the Australian Communications and Media Authority (ACMA) found large-scale breaches of public safety rules.
An found Optus left close to 200,000 mobile customers (supplied under the Coles Mobile and Catch Connect brands) at risk by failing to upload required customer information to the Integrated Public Number Database (IPND) between January 2021 and September 2023.
The IPND is used by critical services like the Emergency Alert service to warn Australians of disasters such as flood and bushfires, and by Triple Zero to provide location information to the police, ambulance and fire brigade in an emergency.
ACMA member Samantha Yorke said the ACMA commenced its investigation after a compliance audit indicated Optus had failed to upload data via its outsourced supplier, Prvidr Pty Ltd.
“When emergency services are hindered there can be very serious consequences for the safety of Australians,” Ms Yorke said.
“While we are not aware of anyone being directly harmed due to the non-compliance in this case, it’s alarming that Optus placed so many customers in this position for so long.
“Optus cannot outsource its obligations, even if part of the process is being undertaken by a third party.
“All telcos need to have systems in place that ensure they are meeting their obligations, including having robust oversight and assurance processes for third-party suppliers.”
In addition to the financial penalty, the ACMA has accepted a court-enforceable undertaking from Optus that requires an independent review of its IPND compliance where it uses a third-party data provider, and make any improvements recommended by the review. Optus has also been formally directed to comply with the IPND industry code.
If the ACMA finds Optus fails to comply with the direction or the enforceable undertaking, it may commence proceedings in the Federal Court, which can order penalties up to $10 million per breach or make orders in relation to the undertaking.
Over the past 18 months the ACMA has taken action against 5 telcos for IPND breaches, with financial penalties totalling more than $2 million.