Telco giant Optus has been fined $1.5 million (US$977,000) for violating Australian public safety rules on a large scale.
On March 6, the Australian Communications and Media Authority (ACMA) said Optus had paid the penalty after an investigation revealed that the company failed to upload the information of 200,000 mobile customers to the Integrated Public Number Database (IPND) between January 2021 and September 2023.
The IPND is a database used by emergency services such as the Emergency Alert Service to warn Australians of disasters, including bushfires, and floods.
It also provides location information of mobile phone users to police, fire, or ambulance services in an emergency.
A compliance audit found Optus did not submit the required data to IPND, prompting an investigation from the ACMA.
Samantha Yorke, an ACMA member, said Optus’ negligence might have result in “very serious” consequences for Australians’ safety.
“Optus cannot outsource its obligations, even if part of the process is being undertaken by a third party.”
Ms. Yorke also noted that all telcos needed to have adequate systems to ensure compliance with regulations while having strong oversight of third-party suppliers’ processes.
Apart from paying the fine, Optus will be required to conduct an independent review of its IPND compliance and adopt the recommendations from authorities.
The ACMA may impose another fine of up to $10 million if it finds Optus failing to comply with the requirements.
Meanwhile, an Optus spokesperson admitted a lack of proper audits to ensure the compliance of its database.
“We apologise for this and accept that we have not met community expectations,” the spokesperson said.
“Optus has now introduced those audits and checks-over its supplier’s performance to ensure this issue is not repeated. Optus accepts the ACMA’s findings and has agreed to an enforceable undertaking.”
The company suffered a massive data breach in September 2022 that exposed the personal data of 10 million old and current customers.
