House debates

Thursday, 21 June 2007

Adjournment

Telstra

11:43 am

Photo of Bob SercombeBob Sercombe (Maribyrnong, Australian Labor Party) Share this | | Hansard source

I am sure that many members of the House had the opportunity last Monday evening to see the Four Corners program, which dealt with a number of issues concerning Telstra. The program highlighted, amongst other things, the tragic deaths of several Telstra employees. It also highlighted some very serious problems within the management culture of Telstra. I suppose, to my mind at least, that was best highlighted by one senior officer whose voice was heard on the program making the following remarks:

If you can’t get the people to go there, and you try once and you try twice, which is sometimes hard for me but I do believe in a second chance, then you just shoot ‘em and get them out of the way ...

It seems to me that those remarks, along with a number of other aspects of the program, highlighted some fairly serious deficiencies in the management style of Telstra.

These are matters I have spoken of in the House on a number of occasions since 2003. For example, I had the opportunity to table in this chamber some time ago Telstra’s surveillance policy, which authorises the collection of personal files on its staff, including secret dossiers on their sexual preferences, their race as well as their religious and political beliefs. There is provision within this surveillance policy for authorising in-house investigations via video surveillance and monitoring of email traffic, internet records and telephone accounts. There is capacity to authorise the quite extraordinary monitoring from time to time, via video surveillance, of staff when they are in a washroom or toilet. When I talk about serious problems in the management culture of Telstra, those are the sorts of things I am referring to. The Telstra ‘Privacy impact assessment statement’ form has also come to my attention. I seek leave to table this form.

Leave granted.

This form is to be completed by Telstra management when collecting what is regarded as sensitive information, such as of the type I have referred to. There are two aspects in particular that I would like to refer to in the limited time I have available. Firstly, this applies not just to employees; it applies to Telstra customers. So there is the implication that Telstra reserves the right to collect sensitive information about its customers as well as its staff. The questionnaire for managers asks: will customers be asked for consent? It envisages the situation where customers and staff may not be giving consent to the collection of this sort of data. In the other Telstra material I have available—a glossary that is available on the intranet site—the question of consent is dealt with fairly unconvincingly by making a fairly strong play about implied consent being capable of being given by a staff member or a customer. I think Australians do have some right to be concerned about the sort of data that Telstra collects. Given their extreme technological sophistication, their capacity to collect data is very real. I believe there are very serious questions about the way some of this data is managed.

Another very serious concern raised by this privacy impact statement—it is towards the end of the document—relates to transborder data flows. It asks managers: ‘Does your project involve the transfer of customers’ personal information to someone in a foreign country? If so, is the proposed transfer of information overseas with the customer’s consent necessary for the performance of a contract?’ Quite clearly we have a situation where Telstra is, in its own management guidelines, envisaging the transfer of data, including sensitive data about its customers, to overseas sources. I strongly suggest that this framework to protect the privacy of both staff and customers is seriously deficient. Even this embryonic attempt I suppose to force managers to carry out some sort of assessment is undermined by other Telstra material—once again, on the intranet—where they say that privacy impact assessments of the type I have referred to are part of what is called the LRUE. (Time expired)