George Brandis (Queensland, Liberal Party, Attorney-General) Share this | Hansard source

The answer to your question, Senator Xenophon, is yes. Let me give you an example. Let us say that there is a particular ISP, for example, that at the moment has the practice of retaining metadata for 18 months. Obviously the imposition of a two-year standard would mean in that theoretical case that the retention obligation would expand the industry practice in the case of that particular company by six months. But, as I said to you before—and this would be in evidence given to the PJCIS—there are some cases where telephone companies retain metadata for up to seven years and there are some cases in which ISPs retain metadata for up to five years. I refer you to page 120 of the PJCIS report. The obligation in those cases will be reduced significantly by a period of either five or three years. That is the duration of the retention obligation.

As to the substance of the retention obligation, that is to be standardised. It is to be standardised to the table which appears in proposed section 187AA of the bill. Just as with the duration of the retention of metadata, so with the dataset there will be some ISPs and telephone companies that retain all of that data, some that retain some but not other of that data and some that retain data that is beyond the obligation described in the table. That obligation is also standardised. So the dataset is standardised and the duration is standardised. That will mean in respect of some industry participants a lower obligation. In respect of some industry participants, it may mean a higher obligation. We are trying to capture an industry standard and apply it uniformly across the industry.