Compliance breaches have continued to dog the separation of Telstra’s wholesale and retail businesses, despite overall improvements in the process, according to a new report by the Australian competition watchdog.
The Australian Competition and Consumer Commission (ACCC) tabled its Telstra’s Structural Separation Undertaking annual compliance report in Parliament on 27 April.
In the report, the ACCC suggests that Telstra’s compliance with its Structural Separation Undertaking (SSU) has, on the whole, continued to improve, despite reports of a “small number” SSU compliance breaches.
“The compliance issues discussed in this report largely arise from errors made by Telstra staff in the course of their day-to-day work which has resulted in the unauthorised disclosure of confidential or commercially sensitive information regarding wholesale customers (protected information),” the report said.
“As with previous years, the most common SSU compliance issue during the year was Telstra’s failure to prevent unauthorised disclosure of protected information. These issues arose as a result of a number of isolated incidents that occurred due to staff error,” it said.
The report revealed that, in its own Annual Compliance Report, Telstra identified three breaches of its information security obligations in the SSU which had not previously been reported by the ACCC.
Two of the breaches relate to protected information being disclosed to staff in a retail business unit while the other relates to protected information being disclosed to a network services business unit employee. All three breaches were due to emails sent in error, the report said.
However, the ACCC stressed that, in each of the three reported instances, Telstra took action to contain the risk and sought to address the issue through coaching and ongoing training.
“Though a small number of SSU breaches have been identified, the ACCC considers that, overall, Telstra’s level of compliance has improved during the year and Telstra has responded to breaches in a positive manner,” the report said.
The latest report by the ACCC into the separation of telstra’s wholesale and retail businesses come more than five years after the competition watchdog accepted the telco’s Structural Separation Undertaking plan.
The SSU commenced on 6 March 2012, with the structural separation of Australia’s largest telco occurring progressively through its move to cease supplying fixed-line voice and broadband services over its copper and hybrid fibre-coaxial (HFC) networks and begin supplying those services over the National Broadband Network (NBN) as that network is rolled out.
The SSU arrangement contains a number of obligations that are designed to promote competition and protect other retail service providers during the interim period from the date that the SSU commenced until the NBN network is complete.
The SSU implements structural separation through the migration of Telstra’s fixed line voice and broadband services to the NBN.
It also requires Telstra to not use wholesale customer information or migration processes to favour its own retail business during the transition to the NBN.
In October 2014, Telstra completed a wide-ranging IT systems remediation program to comply with its SSU obligations.
Telstra had previously reported a series of information security issues following commencement of the SSU in 2012. These related to its SSU commitment to ensure that sensitive wholesale customer information was not disclosed to Telstra’s retail businesses.
On this count, external consultant, Ovum, has conducted a review suggesting that all outstanding issued in Telstra’s IT systems have been addressed, according to the ACCC.
“The ACCC is satisfied that Telstra’s SSU reporting can be relied on to identify any further information security issues,” ACCC chairman, Rod Sims, said.