Optus gained exemption to store metadata unencrypted

From zdnet.com

optus-logo-store.jpg

Optus has confessed it received an exemption to keep its legacy systems free from encryption when complying with Australia’s data retention scheme.

“The legislative provisions which allow for certain exemptions to be granted were an important factor in Optus achieving compliance in an efficient and timely manner,” Optus said in a submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) review of the mandatory data retention regime.

“Because part of its overall data retention architecture involved storing some data in legacy systems, Optus applied for and received limited exemption from the encryption obligation.”

The telco said there had been no reported “security incident or breaches” related to the retained data.

Read more…