The Critical Infrastructure Bill 2020 passed both House of Representatives and the Senate last week. The legislation expands the number of sectors classified as critical infrastructure, including the communications and data storage and processing sector. It also enforces mandatory reporting requirements and provides Home Affairs with the ability to issue information gathering, intervention and action direction requests.
In August, IAA responded to the Treasury’s Consumer Data Rights (CDR) Sectoral Assessment for telecommunications, where we argued the CDR could add to existing compliance requirements for ISPs and inhibit competition within the sector. Last week, the Treasury released their Sectoral Assessment wherein they recommend the telco sector be designated for the CDR. Now, the Treasury is finalising the classes of information and who is required to share it as a data holder to be covered by the CDR. They have recommended that carriers and CSPs be designated as data holders who should provide access to generic and publicly available product data, product data that relates to particular products used by consumers and basic consumers and account data.