Global consulting firm Protiviti says Australian businesses support data retention but are nervous about cybercrime and cost implications.

A national ‘security vs privacy’ survey of managers and executives from organisations in the listed, private and government sectors showed that almost two thirds of respondents supported the government’s push to require telecommunications and internet companies to retain customer communications data for national security purposes for up to two years. 

The firm received responses from 40 organisations. 

Of these, 78 per cent say said support was strictly on the proviso that authorities have a court-issued warrant to access the data – a restriction that does not currently apply to law enforcement agencies.  In the event the government proposes to allow security authorities warrant-less access to such information, a majority of respondents said this should be limited only to high risk national security investigations such as terrorism cases (88 per cent) or to serious crimes involving physical or community harm such as murder or paedophilia (66 per cent). 

“The business community appreciates that national security risks are a legitimate focus for the government at present.  However they also feel that retaining customer ‘metadata’ can amount to a significant privacy incursion as it can reveal a great deal about a person’s movements, relationships and day to day lives. 

“Ultimately, they believe that the best way to balance these opposing and competing interests is to ensure law enforcement and intelligence agencies receive Court authorisation through a warrant, before they can access the information,” says Protiviti managing director Mark Harrison.

The survey also found that 62 per cent thought the proposed data retention scheme would lead to greater data security risks and 32 per cent expected the measures to increase their costs for telecommunications and ISP charges, as well as compliance.

Of respondents, 89 per cent thought it should be mandatory for organisations to notify the public and stakeholders of a data security breach resulting in the exposure of personal data. Only 36 per cent said the measures should also apply to social media platforms such as Facebook, Twitter and Google.