Telstra will store data that it is forced to retain under the government's new data retention regime within Australia, the telco has revealed.
The controversial legislation, which forces telcos and ISPs to keep for two years a range of customer data, has no requirement for on-shore storage.
"While geography alone is not a good measure of security, storing the data in Australia should help allay the concerns of some customers," Telstra'a chief information security officer, Mike Burgess, wrote in an entry on the telco's Exchange blog today.
"We are still developing our implementation plans but we have already decided to store our customer metadata encrypted at facilities located here in Australia," Burgess wrote.
Telcos are obliged to encrypt data retained to comply with the scheme, but the legislation does not mandate any particular level of security.
"Any security strategies we implement for data retention will build on the existing measures we have already have in place to secure our networks and customer data, including intrusion detection systems and other active network monitoring of our network to detect, analyse, and respond to identified security incidents," Burgess wrote.
"We understand that customer metadata has enormous value not just to our customers and law enforcement agencies but also to a range of malicious actors who may seek to gain access to our systems. Our commitment to you is to work diligently every day to protect our networks and your data."
The Coalition and Labor last night combined to push the data retention bill through the Senate in the face of tenacious opposition from the Greens, the Liberal Democratic Party’s David Leyonhjelm, and Nick Xenophon and other independent senators.
The major parties rejected all attempts to amend the legislation, including an amendment by Greens Senator Scott Ludlam that would have required service providers to "take all reasonable steps" to keep data within Australia.
Telstra earlier this month revealed it would expand the personal data customers would be able to access.
"We believe that if the police can ask for information relating to you, you should be able to as well," Telstra's chief risk officer, Kate Hughes, argued at the time.
In line with recommendations from the inquiry into the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, the government inserted provisions to give customers the right to access their data under existing provisions in the Privacy Act.