The Australian Communications and Media Authority (ACMA) has issued an official warning to AAPT after it failed to protect the privacy of its customer’s personal information, as required under the Consumer Protections Code (TCP Code).

The warning is the culmination of a year long investigation into AAPT following media reports that private information of customers had been stolen.

ACMA concluded that AAPT had failed in its duty to protect private information of its small business customers, whose billing and related personal information had been harvested by unknown thieves. The personal information was stored in a server offsite managed by a third party, and was the subject of a hacking incident.

“Consumers need to have confidence that the personal information they give their provider is treated appropriately, and is only accessed by those authorised,” ACMA Chairman Chris Chapman said.

“They also want to know that their details are stored securely with appropriate access restrictions.”

Telecommunications providers are required to comply with the TCP Code and protect their customers’ personal information from unauthorised use or disclosure, ensuring it is dealt with in compliance with all applicable privacy laws. This includes having robust procedures in relation to the storage and security of the personal information in their possession.

Since the incident, ACMA has said that AAPT has taken steps to improve its security and staff awareness of the provider’s policies and obligations around customer information.