Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications

A Data Retention Implementation Plan and/or Exemption and/or

advertisement 
COMMERCIAL-IN-CONFIDENCE (after first entry)
<Service Provider Name>
<Write ABN and/or ACN Here>
<Write Carrier Licence No. (if applicable) here>
Data Retention Implementation Plan
and/or Exemption and/or Variation
Application
Pursuant to section 187E/187K of the Telecommunications (Interception and Access) Act
1979, I am applying to the Communications Access Co-ordinator for approval of an
implementation plan/exemption and/or variation application(s).
Knowingly producing a document in compliance with a law of the Commonwealth that is
false or misleading can constitute an offence under section 136.2(1) of the Criminal Code.
Accordingly, I certify that the statements in this application are true, complete and correct to
the best of my knowledge and beliefs, and are made in good faith.
Signed:
Position:
Date:
__ __/__ __/__ __ __ __
When completed, the information contained in this document is Commercial-in-Confidence. Disclosure
may breach section 187L of the Telecommunications (Interception and Access) Act 1979. If in doubt,
contact the Communications Access Co-ordinator (cac@ag.gov.au) or the service provider to which the
document relates before using or disclosing the document.
This is a live document and subject to periodic review. To ensure that you have the latest version,
please contact the Communications Access Co-ordinator at cac@ag.gov.au or (02) 6141 2884.
COMMERCIAL-IN-CONFIDENCE (after first entry)
Version 1.0 – May 2015
Page 1 of 11
COMMERCIAL-IN-CONFIDENCE (after first entry)
1. DETAILS OF SERVICE PROVIDER
Business Name:
Australian Business Number (ABN):
Australian Company Number (ACN):
Carrier License Number (if applicable):
Physical business address:
Provide your address details:
Provide the address of your central office, your physical address and the physical address for
the delivery of authorisations. Note where these addresses are different.
Are there any other Service Providers in the company’s corporate structure?
Yes ☐
No
☐
Names of other CSPs:
If you ticked ‘yes’ provide the details of any related service providers. This should explain the
relationship between the providers and, if multiple Data Retention Implementation Plans are
submitted, how the Plans relate to one another.
COMMERCIAL-IN-CONFIDENCE (after first entry)
Version 1.0 – May 2015
Page 2 of 11
COMMERCIAL-IN-CONFIDENCE (after first entry)
2. EMPLOYEES
First point of contact
Full Name:
Position:
Roles and responsibilities:
Telephone:
Mobile:
Email:
Best point of contact to receive authorised requests for data from agencies
Full Name:
Position:
Roles and responsibilities:
Telephone:
Mobile:
Email:
Other data retention contacts
Full Name:
Position:
Roles and responsibilities:
Telephone:
Mobile:
Email:
COMMERCIAL-IN-CONFIDENCE (after first entry)
Version 1.0 – May 2015
Page 3 of 11
COMMERCIAL-IN-CONFIDENCE (after first entry)
3. APPLICATION DETAILS
Data retention obligations commence on 13 October 2015. However, service
providers can apply for up to a further 18 months to achieve compliance by lodging
an Implementation Plan. A service provider may also apply for an exemption from, or
a variation of, some or all of its data retention obligations.
You can use this template for your Implementation Plan, exemption and/or variation
application.
Note: Service providers that are already compliant with their data retention
obligations are not obliged to lodge an Implementation Plan.
Please refer to the Data Retention Implementation Plans, Exemptions and Variations
Guidelines for Service Providers document and the legislation for guidance.
Please indicate in the boxes below whether you are lodging an implementation
plan, exemption or variation, or both.
Data Retention
Implementation Plan
☐
Exemption and/or variation
application
☐
(Answer questions 4 and 5 and their
parts, below)
(Answer questions 4 and 6, below)
COMMERCIAL-IN-CONFIDENCE (after first entry)
Version 1.0 – May 2015
Page 4 of 11
COMMERCIAL-IN-CONFIDENCE (after first entry)
4. RELEVANT SERVICES
If you require more space for your responses, you may modify the document.
Compliant Services
4.1. Please list all services for which your organisation is fully compliant with its
data retention obligations:
List each service you provide that is fully compliant with the obligations.
Exempt or Varied Services
4.2. Please list all services offered for which your organisation is seeking
exemptions and/or variations and/or for which you have been granted
exemptions or variations:
List services you offer that are the subject of exemption or variation applications and
exemptions or variations that the Communications Access Co-ordinator has granted.
COMMERCIAL-IN-CONFIDENCE (after first entry)
Version 1.0 – May 2015
Page 5 of 11
COMMERCIAL-IN-CONFIDENCE (after first entry)
5. Services that are the subject of the Data Retention
Implementation Plan
Replicate all questions within question five for each service included in the Implementation Plan. For
instance, complete once for an internet access service and complete this section again for an email
service.
5.1. Service:
Provide the name of the service and other relevant information about what the service is. A
link to a website where the product is offered or described should be provided where
available. If there is no page describing the product, alternative information should be
provided.
5.2. Date by which the service will be fully compliant with data retention
obligations:
Provide a date, not later than 13 April 2017, by which the service will be fully compliant with
the obligations.
COMMERCIAL-IN-CONFIDENCE (after first entry)
Version 1.0 – May 2015
Page 6 of 11
COMMERCIAL-IN-CONFIDENCE (after first entry)
5.3. Detail your current retention practices, interim milestones and data to be retained at the end of your data retention implementation
period for each item in the data set. Please replicate this table for each service for which you are lodging an implementation plan.
Item within data set
Modify the size of this table as
required.
Current retention practice
for this service
Interim milestones for this
service
Use this column to detail the data currently
retained for the particular service. Refer to
the full data set in the guidance material for
additional explanation Include details about
what you retain and how long you retain it
for.
Detail milestones within the Data Retention
Implementation Plan. Milestones could
involve beginning to retain data not
previously retained or increasing the
retention periods for data not currently kept
for two years. Milestones could also refer to
key dates for internal development of
systems or dates contained in vendor
contracts. Milestones should evidence the
fact that you are working towards achieving
full compliance and should be appropriate
for the size and complexity of your business.
1. The subscriber of, and
accounts, services,
telecommunications devices
and other relevant services
relating to, the relevant service
2. The source of a
communication
COMMERCIAL-IN-CONFIDENCE (after first entry)
Version 1.0 – May 2015
Page 7 of 11
Data retained at the end of
your data retention
implementation period for
this service
Use this column to detail the retention
practices that will be achieved by the date
listed at question 5.2. These practices
should represent either full compliance or
partial compliance consistent with an
exemption and or variation application at
question 6.
COMMERCIAL-IN-CONFIDENCE (after first entry)
3. The destination of a
communication
4. The date, time and duration
of a communication, or of its
connection to a relevant service
5. The type of a communication
or of a relevant service used in
connection with a
communication
6. The location of equipment, or
a line, used in connection with a
communication
COMMERCIAL-IN-CONFIDENCE (after first entry)
Version 1.0 – May 2015
Page 8 of 11
COMMERCIAL-IN-CONFIDENCE (after first entry)
5.4. Describe how you will secure data retained pursuant to the obligation for this
service, including in general terms how it will be encrypted:
Detail how you will secure retained data and what measures you will have in place to protect
the information from unauthorised interference or access. If you will be unable to encrypt
and/or secure the data, you may apply for an exemption or variation.
Do not include encryption keys, usernames, passwords or other similar information.
5.5. Anticipated cost (capital & operational) of compliance with data retention
obligations for this service:
Provide details of the anticipated cost of achieving compliance and maintenance of the
equipment. This could include an analysis of costs developed internally or specifications and
quotes provided by third parties. Information provided here will assist the Communications
Access Co-ordinator to assess the regulatory burden of the obligation and the extent to which
agreeing to the Data Retention Implementation Plan would reduce that burden.
5.6. Business information:
Information requested
Connectivity
Size
Response
Target market
Geographic distribution
Eg. Universal, domestic, business, niche, government.
Eg. Any to any, fixed multipoint, point to point.
Eg. Customer numbers, market share, or any other relevant
metric.
Eg. Universal, capital cities, regional, international.
COMMERCIAL-IN-CONFIDENCE (after first entry)
Version 1.0 – May 2015
Page 9 of 11
COMMERCIAL-IN-CONFIDENCE (after first entry)
5.7. Any other relevant information
Provide any additional information that might help the Communications Access Co-ordinator
to agree to the Data Retention Implementation Plan or better explain any aspect of your
approach to implementation.
COMMERCIAL-IN-CONFIDENCE (after first entry)
Version 1.0 – May 2015
Page 10 of 11
COMMERCIAL-IN-CONFIDENCE (after first entry)
6. EXEMPTION/VARIATION APPLICATION
6.1. Use the box below to explain why you are submitting an exemption or
variation application for a specific service. The document ‘Data
Retention Implementation Plans, Exemptions and Variations Guidelines for
Service Providers’ and subsections 187K(7) and 187K(8) of the
Telecommunications (Interception and Access) Act 1979 detail the factors that the
Communications Access Co-ordinator must and may take into account when
considering the application.
You may use the red text to guide your response, however the red text is not
intended to be an exhaustive guide to what information you may include. If you
require more space to complete your response you may modify the document.
Please replicate the box below for each exemption or variation for which you are
applying
Explain the scope of the exemption and/or variation application and why you are seeking an exemption
and/or a variation. Does it apply to all of your services or just one of your services. Does it apply to the
whole data set or part of the data set? Are you seeking an exemption from retaining the data for all the
mandated two year period, or can the data still be retained for part of that period? Are you seeking an
exemption from securing and protecting the data from unauthorised access? Are you seeking a temporary
exemption while capability is developed or a standing exemption?
Explain the operation of the relevant service so that the Communications Access Coordinator can be
informed about how it relates to the broader industry and the objects of the Telecommunications Act 1997.
This could include the business needs that the service meets and the number of subscribers using the service.
Please do not mention whether or how many requests for data or lawful warrants have been served with
respect to the services or by which agencies.
Explain the extent to which the service in question is compliant and the extent to which other services you
offer are compliant. Please also cross-reference any data retention implementation plan you have lodged or
which has been approved. Exemptions are more likely to be granted where the exemption sought has a
narrow scope and other compliance is relatively broad and comprehensive by comparison.
Explain forecast costs of compliance if the exemption is not granted. If agency experts consider that the cost
estimate is unjustified this may affect the credibility of the application
Explain any alternative data retention arrangements that the service provider has identified (for example, if
the service provider is requesting to be exempted from some items of the data set but proposes to fully
comply with other items).
COMMERCIAL-IN-CONFIDENCE (after first entry)
Version 1.0 – May 2015
Page 11 of 11
Related documents
Records Retention and Disposition Schedule (Page 1)
Records Retention and Disposition Schedule (Page 1)
Application form for academic credit and exemption
Application form for academic credit and exemption
Membership Engagement & Retention Director
Membership Engagement & Retention Director
WE SPEAK: Faculty & Staff Survey 2012
WE SPEAK: Faculty & Staff Survey 2012
Student Retention, Faculty Can Help!
Student Retention, Faculty Can Help!
Records Management Web Site - Northern Michigan University
Records Management Web Site - Northern Michigan University
Minority Recruitment and Retention Grant
Minority Recruitment and Retention Grant
Download
advertisement