As the Australian Federal Government poises to toughen laws to crack down on terrorist threats on home soil, a new survey has found that Australian corporates generally support the data retention proposals, but insist on strict safeguards to protect against the heightened privacy and cyber-crime risks, while harbouring deep concerns about the measure’s ‘knock- on’ costs.

A survey of managers and executives from organisations in the listed, private and government sectors conducted by global risk consulting firm, Protiviti, has revealed that 64 per cent of respondents support the government’s push to require telecommunications and internet companies to retain customer communications data for national security purposes for up to two years.

However, 78 per cent say this is strictly on the proviso that authorities have a Court- issued warrant to access the data – a restriction that does not currently apply to law enforcement agencies.   In the event the government proposes to allow security authorities warrant-less access to such information, a majority of respondent s said this should be limited only to high risk national security investigations such as terrorism cases (88 per cent) or to serious crimes involving physical or community harm such as murder or pedophilia ( 66 per cent).

“The business community appreciates that national security risks are a legitimate focus for the government at present.   However they also f eel that retaining customer ‘metadata’ can amount to a significant privacy incursion as it can reveal a great deal about a person’ s movements, relationships and day to day lives.   Ultimately, they believe that the best way to balance these opposing and competing interests is to ensure law enforcement and intelligence agencies receive Court authorisation through a warrant, before they can access the information,” said Mr Mark Harrison, managing director of Protiviti.

The survey also found that 62 per cent of respondent s believed the proposed data retention scheme would lead to greater data security risks in the form of more targeted hacking and cybercrime activity as telcos and ISPs become obliged to store larger volumes of personal data for longer periods.   In fact, the risks are perceived to be so great, that 87 per cent of respondent s considered that those companies should have to apply specific security standards to the information held.