Optus has paid $1,501,500 in penalties after the media watchdog, the Australian Communications and Media Authority (ACMA), found the telco company had committed a large-scale breach of public safety rules between January 2021 and September 2023.
The investigation found that during those dates, Optus left close to 200,000 mobile customers – supplied under the Coles Mobile and Catch Connect brands – at risk by failing to upload required customer information to the Integrated Public Number Database (IPND).
The IPND serves as a crucial tool for emergency services, including the Emergency Alert service, which notifies Australians of disasters such as floods and bushfires, and Triple Zero, which provides vital location information to emergency responders.
ACMA’s action against Optus is part of a broader crackdown on IPND breaches within the telecommunications industry. Over the past 18 months, ACMA has taken enforcement actions against five telcos for similar violations, resulting in total financial penalties exceeding $2 million.
In February, ACMA cracked down on five telcos – Message4U (operating as Sinch MessageMedia), SMS Broadcast, DirectSMS, Esendex Australia, and MessageBird – that allowed millions of SMSs to be sent using text-based sender IDs (such as abbreviated business names) without sufficient measures to check against potential scams.
See also: ACMA’s anti-scam crackdown continues as Telnyx hit with $106K fine
ACMA member Samantha Yorke said that ACMA started its investigation after compliance audit revealed Optus’ failure to upload data through its contracted supplier, Prvidr Pty Ltd.
“When emergency services are hindered there can be very serious consequences for the safety of Australians,” said Yorke.
“While we are not aware of anyone being directly harmed due to the non-compliance in this case, it’s alarming that Optus placed so many customers in this position for so long.
“Optus cannot outsource its obligations, even if part of the process is being undertaken by a third party.
“All telcos need to have systems in place that ensure they are meeting their obligations, including having robust oversight and assurance processes for third-party suppliers.”
In response to the investigation findings, Optus has agreed to a court-enforceable undertaking that includes an independent review of its IPND compliance when utilising third-party data providers. Furthermore, Optus is required to implement any improvements recommended by the review and adhere to the IPND industry code.
Failure to comply with the direction or the enforceable undertaking may result in legal action from the ACMA, potentially leading to penalties of up to $10 million per breach or other court orders.
See also: ACMA finds Sportsbet, Ladbrokes, Neds and bet365 breached in-play betting regulations