Today’s correspondent works:
… in a control centre in Australia where we handle 000 calls and the dispatch of emergency vehicles. Quite frequently I get asked to access and share recordings of conversations had by our staff to assist in internal case reviews and the like.
My question is- are we in fact allowed to do this, under the Telecommunications Act (or other suitable acts)?
The triple zero call taking process is a two-stage process. Triple zero calls are first taking by Telstra operators who pass the call to the relevant emergency response/dispatch service. Relevant law will the Telecommunications Act 1997 (Cth) (dealing with the Telstra triple zero call takers) and state law dealing with state agencies.
Telecommunications Act 1997 (Cth) s 278
This section says:
Current emergency call persons
(1) An emergency call person must not disclose or use any information or document that:
(a) relates to:
(i) the contents or substance of a communication that has been carried by a carrier or carriage service provider; or
(ii) the contents or substance of a communication that is being carried by a carrier or carriage service provider; or
(iii) the affairs or personal particulars (including any unlisted telephone number or any address) of another person; and
(b) comes to the person’s knowledge, or into the person’s possession, in connection with the operation of an emergency call service….
Offence
(3) A person who contravenes this section commits an offence punishable on conviction by imprisonment for a term not exceeding 2 years.
Some of those terms are defined in s 7 as follows:
“emergency call person” means:
(a) a recognised person who operates an emergency call service; or
(b) an employee of such a person; or
(c) an emergency call contractor; or
(d) an employee of an emergency call contractor.
emergency call service” means a service for:
(a) receiving and handling calls to an emergency service number; and
(b) transferring such calls to:
(i) a police force or service; or
(ii) a fire service; or
(iii) an ambulance service; or …
(v) a service for despatching a force or service referred to in subparagraph (i), (ii), (iii), (iv) or (iva).
Section 19(1) says:
A reference in this Act to a recognised person who operates an emergency call service is a reference to a person who:
(a) operates an emergency call service; and
(b) is specified, in a written determination made by the ACMA for the purposes of this paragraph, as:
(i) a national operator of emergency call services; or
(ii) a regional operator of emergency call services.
Telstra Limited is a national operator of emergency call services (Telecommunications (Emergency Call Persons) Determination 2019 (Cth)). A company, like Telstra, is a legal entity that can enter contracts, own property and sue and be sued. When an Act refers to a ‘person’ it includes a company (Acts Interpretation Act 1901 (Cth) s 2C). Telstra limited is therefore a ‘person who operates an emergency call service’ (s 19(1)) and an ‘emergency call person’ (s 7, definition of ‘emergency call person’).
As the emergency call person Telstra receives the triple zero calls and passes them onto to the relevant jurisdictional emergency services.
A Telstra call taker is also an emergency call person but they take the call on behalf of Telstra. Telstra may be a legal person but it can only act through natural persons, relevantly in this context, employees. An employed call taker has an obligation not to ‘disclose … any information’ that comes to them via a triple zero call other than to give that information to the response agencies (Telecommunications Act 1997 (Cth) s 286) nor is disclosure prohibited if it is part of the employee’s duties (s 279).
A Telstra employee giving information to another Telstra employee for the purposes of quality assurance purposes is not going to be a breach. First the information is held by Telstra so Telstra is in effect finding out what it already knows. Second, and assuming there are policies in place to ensure people only access the information on a ‘need to know’ basis a manager or internal auditor accessing the data is doing so as part of their duties. Provided the information remains ‘in house’ there is no improper disclosure.
The emergency services
After the call has been received by Telstra it is passed to the relevant emergency service for action. There call takers receive the call and they will be subject to similar confidentiality obligations (see Secrecy provisions for Victoria’s Emergency Services Telecommunications Authority (June 20, 2017)). Victoria is unique in having the centralised telecommunications authority. The other jurisdictions have call centres operated by the police, fire and ambulance services without overarching legislation.
National Privacy principles will however apply to these government agencies and there may be specific duties of confidentiality in their governing legislation. In any event, however, the conclusion is going to be similar to that discussed with respect to Telstra. If the request to ‘access and share recordings of conversations’ is ‘in house’ ie the agency that operates the call centre wants to access them for its own quality assurance purposes, then there is no breach as the agency is accessing its own data. It is like you telling yourself what you already know.
Conclusion
As I say often, context is everything and I don’t have the full context. I don’t know whether my correspondent works for Victoria’s ESTA or a call centre operated by a state based police, fire or ambulance services. My answer is going to be similar in any event. The call centre is the ‘person’ receiving the call and it can use the data for its own legitimate purposes which must include quality assurance reviews. It should ensure that only those with a need to know access the information and that they are aware of their ongoing duty to keep any information confidential.
In most cases relevant legislation will be the state privacy laws that apply the national privacy principles. Those principles allow for private information to be used in many circumstances including where a reasonable person might expect that it would be used which, I would suggest, includes internal reviews and quality assurance.
In conclusion, and speaking generally because of a lack of specific context, I would anticipate that there is no issue with agencies ‘recordings of conversations’ with their call centres, or Victoria’s ESTA, for case reviews and quality assurance. Such access should be governed by policy, limited to those with a ‘need to know’ and ensure that all those taking part are aware of the duty to keep the information confidential.
This blog is made possible with generous financial support from (in alphabetical order) the Australasian College of Paramedicine, the Australian Paramedics Association (NSW), the Australian Paramedics Association (Qld), Natural Hazards Research Australia, NSW Rural Fire Service Association and the NSW SES Volunteers Association. I am responsible for the content in this post including any errors or omissions. Any opinions expressed are mine, and do not necessarily reflect the opinion or understanding of the donors.
Australian Emergency Law 
I would have thought such issues are addressed by internal organisational directives or policies informed by legal advice.