ࡱ> ! *Ibjbj J8 +.l.lw@w0#x#x#x4WxWxWxhx$xWxoy'z=z:wzwzf{|{ {4666666$ZQ#x{f{f{{{Z#x#xwzwz~~~{#xwz#xwz6~{4~~ Fwzpt&CN|<0X9~9xFF9#xZ{{~{{{{{ZZ~{{{{{{{9{{{{{{{{{.lK yv: Telstras Structural Separation Undertaking Annual Compliance Report 201516 ISBN 978 1 920702 03 8 Australian Competition and Consumer Commission 23 Marcus Clarke Street, Canberra, Australian Capital Territory, 2601 Commonwealth of Australia 2017 This work is copyright. In addition to any use permitted under the Copyright Act 1968, all material contained within this work is provided under a Creative Commons Attribution 3.0 Australia licence, with the exception of: the Commonwealth Coat of Arms the ԭ and AER logos any illustration, diagram, photograph or graphic over which the Australian Competition and Consumer Commission does not hold copyright, but which may be part of or contained within this publication. The details of the relevant licence conditions are available on the Creative Commons website, as is the full legal code for the CC BY 3.0 AU licence. Requests and inquiries concerning reproduction and rights should be addressed to the Director, Corporate Communications, ԭ, GPOBox 3131, Canberra ACT 2601, or HYPERLINK "mailto:publishing.unit%40accc.gov.au?subject="publishing.unit@accc.gov.au. Important notice The information in this publication is for general guidance only. It does not constitute legal or other professional advice, and should not be relied on as a statement of the law in any jurisdiction. Because it is intended only as a general guide, it may contain generalisations. You should obtain professional advice if you have any specific concern. The ԭ has made every reasonable effort to provide current and accurate information, but it does not make any guarantees regarding the accuracy, currency or completeness of that information. Parties who wish to re-publish or otherwise use the information in this publication must check this information for currency and accuracy prior to publication. This should be done prior to each publication edition, as ԭ guidance and relevant transitional legislation frequently change. Any queries parties have should be addressed to the Director, Corporate Communications, ԭ, GPO Box 3131, Canberra ACT 2601, or HYPERLINK "mailto:publishing.unit%40accc.gov.au?subject="publishing.unit@accc.gov.au. ԭ 02/17_1142 HYPERLINK "http://www.accc.gov.au"www.accc.gov.au Executive summary In 201516, Telstra continued to demonstrate a commitment to improving its level of compliance with its Structural Separation Undertaking (SSU). There was a reduced number of breaches reported by Telstra during the year, and Telstra continued to dedicate resources to its now completed Information Security Remediation program. The compliance issues discussed in this report largely arise from errors made by Telstra staff in the course of their day-to-day work which has resulted in the unauthorised disclosure of confidential or commercially sensitive information regarding wholesale customers (Protected Information). Though a small number of SSU breaches have been identified, the ԭ considers that, overall, Telstras level of compliance has improved during the year and Telstra has responded to breaches in a positive manner. The year also marked the conclusion of Telstras Information Security Remediation program which was undertaken by Telstra to address a number of significant IT-related breaches identified in previous years. The program included a review of Telstras IT systems and remediation to prevent unauthorised disclosure of wholesale customer information. The ԭ engaged Ovum, an external consultant, to conduct a thorough review of the program in early 2015. The ԭ is satisfied that the remediation project is now complete and all outstanding issues in relation to Telstras IT systems have been addressed. The program also included the implementation of a new Compliance Management Framework which the ԭ considers should ensure a continued focus by Telstra on its SSU compliance. The ԭ also continued to monitor Telstras performance against its Migration Plan obligations. The Migration Plan outlines how Telstra will progressively migrate its voice and broadband services from its copper and HFC networks to the National Broadband Network (NBN). While Telstra generally complied with its Migration Plan obligations, it reported a small number of minor breaches. These generally relate to delays in publishing disconnection schedules and the reconnection of services to premises previously disconnected or not permitted under cease sale obligations. Breaches of the SSU and Migration Plan Information security obligations The SSU contains a number of obligations that are intended to prevent Telstra from using confidential or commercially sensitive wholesale customer information that it receives in the course of supplying regulated services (Protected Information) to disadvantage wholesale customers in retail markets. As with previous years, the most common SSU compliance issue during the year was Telstras failure to prevent unauthorised disclosure of Protected Information. These issues arose as a result of a number of isolated incidents that occurred due to staff error. In each of the three reported instances, Telstra took action to contain the risk and sought to address the issue through coaching and ongoing training. These matters are discussed further on pages 913. Price equivalence and transparency The SSU contains various price equivalence and transparency obligations that are designed to improve transparency of Telstras internal cost allocations and the prices charged to wholesale customers. These obligations include the requirement that Telstra publish and maintain a rate card specifying the prices for regulated services. During the year, the ԭ identified two breaches by Telstra of this requirement. The first instance concerned Telstra failing to update its rate card to reflect the ԭs October 2015 final access determinations (FAD) for the fixed-line services, until five days after the FADs came into effect (and 15 business days after being notified that the changes would be required). The second instance related to the ԭs April 2016 FAD for the domestic transmission capacity service. Telstra updated the rate card 40 business days after the FAD came into effect. While Telstra does not consider these matters to be breaches of the SSU, it has advised the ԭ that where necessary, a billing adjustment was made to reflect the new prices set in the FADs. In these particular circumstances, the ԭ considers that the breaches did not have a material adverse impact on wholesale customers. However, the ԭ expects that Telstra will update its rate card promptly following any future price changes for declared services. The ԭ notes that in different circumstances, relating to newly-declared services, the SSU specifies a timeframe of five business days in which Telstra must publish a new rate card. The SSU does not specify a timeframe within which a rate card must be updated following a price change to an already-declared service. In the ԭs view, in these circumstances the SSU requires a revised rate card to be published within a reasonable time, considering all the circumstances. These matters are discussed further on pages 1316. Migration Plan obligations Telstra also breached some aspects of its Migration Plan obligations during the 201516 reporting period. These breaches occurred where Telstra failed to block orders from being provisioned or other requests from being processed, as required to support migration to the NBN. Specifically, Telstra identified a small number of instances where it supplied premises that had previously been permanently disconnected, or connected services that were not permitted under Telstras cease sale obligations. These identified breaches were attributed to system or data quality issues and/or human error. Telstra reaffirmed its commitment to actively identify opportunities to improve its Migration Plan compliance. Telstra will continue to coach staff on their obligations and seek to resolve any issues within its systems in the next reporting period. These matters are discussed further on pages 1923. ԭ actions During the 201516 reporting period, the ԭ continued to focus on stopping conduct of potential concern and ameliorating its impact. The ԭ has also continued to focus on identifying areas for improvement in Telstras systems and processes to ensure its SSU and Migration Plan obligations are being implemented effectively and in a robust manner. In March 2015, the ԭ initiated an independent review of Telstras IT systems, engaging external consultant Ovum to assess whether the systems were fully remediated so as to prevent staff in a retail business unit from accessing wholesale customer Protected Information. The review identified a small number of outstanding issues in three of Telstras IT systems. During the 201516 year, Telstra has worked in cooperation with the ԭ and Ovum to resolve the remaining IT system issues, and the remediation project is now complete. The ԭ has also monitored Telstras performance against the equivalence and transparency metrics in the 201516 reporting period and will continue to monitor these in upcoming reporting periods so as to identify and prevent any patterns of concern emerging. Introduction On 27 February 2012, the ԭ accepted a Structural Separation Undertaking (SSU) from Telstra. The SSU specifies Telstras commitments to progressively migrate its fixed line voice and broadband customers onto the wholesale-only NBN and promote equivalence and transparency during the transition period. Given the timeframe required to complete the NBN build, these commitments are fundamental to promoting competitive outcomes during the transition period. Section 105C of the Telecommunications Act 1997 provides that each financial year, the ԭ must monitor and report to the Minister on breaches by Telstra of its SSU. This report outlines breaches of the SSU by Telstra for the period 1 July 2015 until 30June 2016 and the steps Telstra has taken or proposes to take in order to remedy these breaches. The ԭ has prepared this report based on whether in its view, on the balance of probabilities, a breach of the SSU occurred. The ԭ has made its findings after considering information provided by Telstra and making its own enquiries into the matters. Some of the ԭs findings that a breach has occurred do not accord with views Telstra has expressed to the ԭ. Telstras views are expressly noted in the body of this report. During the 201516 reporting period, several variations were made to the obligations contained in Telstras Migration Plan. These changes were necessary to support the June2015 variation of the Migration Plan to facilitate NBNs shift to a multi-technology mix (MTM) rollout model. The revised Migration Plan obliged Telstra to develop and publish replacement measures with updated disconnection processes to ensure that the framework supported a smooth transition for end-users to the NBN. Following the approval of the MTM variation to the Migration Plan, Telstra and NBN Co identified aspects of the Migration Plan where further changes were needed to ensure service continuity for end-users. The ԭ exercised regulatory forbearance with respect to Telstras Migration Plan obligations and permitted an interim extension of the disconnection timeframes for certain services (such as, fire alarms and lift phone services). These arrangements were permitted on the basis that they were consistent with the Migration Plan Principles and with the expectation that Telstra would proceed to incorporate these changes in a formal variation to the Migration Plan. Telstra lodged a proposal to vary the Migration Plan on 9 May 2016 and this variation was accepted by the ԭ on 20 July 2016. This report has been prepared on this basis. In responding to each of the reported breaches outlined in this report, the ԭ has continued to focus on stopping the conduct, ameliorating its impact, and ensuring that Telstras systems and processes are remediated as soon as practicable to safeguard against recurrence. The ԭ continues to encourage Telstra to keep its wholesale customers informed of any SSU equivalence and migration issues. Telstras Structural Separation Undertaking In late 2010, the Australian Government introduced legislation which created a framework for reforming the telecommunications industryeffecting structural separation of Telstra by the progressive migration of Telstras fixed line access services to the wholesale-only NBN. This reform recognised that Telstra, as the vertically integrated access provider over the ubiquitous copper network, operates at all levels of the supply chain and competes with the businesses that it supplies. This has given rise to long standing competition concerns around Telstras ability and incentive to favour its retail business over other service providers accessing its network, to the detriment of consumers. Prior to the commencement of the SSU, Telstra was subject to an operational separation framework which was intended to promote equivalence between Telstras wholesale and retail customers. The ԭ considers, and has previously publicly stated, that the operational separation regime and the ԭs limited role in investigating and reporting matters to the Minister was largely ineffective in addressing Telstras ability and incentive to discriminate against its competitors. The operational separation regime ceased to operate when the SSU commenced on 6 March 2012. The SSU measures are a substantial improvement upon the previous operational separation framework and more effectively promote equivalence and transparency. The SSU provides for stronger enforcement mechanisms which are particularly important for protecting competition and delivering outcomes in the interests of consumers and businesses during the rollout of the NBN. The SSU contains four key elements: A commitment by Telstra to cease the supply of fixed line carriage services using telecommunications networks over which Telstra is in a position to exercise control from the Designated Daywhich is expected to be the day on which the construction of the new wholesale-only NBN will be concluded. Interim equivalence and transparency obligations regarding access to Telstras regulated services in the period leading up to the Designated Day. Compliance monitoring processes, to provide the ԭ with transparency over Telstras compliance with the SSU. The Migration Plan, which forms part of the SSU. The Migration Plan sets out how Telstra will progressively transfer its fixed line customers onto the NBN. The ԭs experience in administering the SSU is that it continues to deliver significantly better outcomes in terms of equivalence for wholesale customers and enhanced transparency regarding Telstras compliance than were realised under the previous operational separation arrangements. Interim equivalence and transparency Telstras structural separation will occur progressively as Telstra ceases to supply fixed line voice and broadband services over its copper and HFC networks and commences to supply those services over the NBN as it is rolled out. In order to promote competition during the interim period from the commencement of the SSU until the NBN rollout is complete, the SSU includes a broad range of interim equivalence and transparency obligations. These obligations require Telstra to ensure equivalence of outcomes in relation to the supply of regulated services as between its wholesale customers and its own retail business units. The obligations include: Organisational structuremaintaining separate wholesale, retail and network services business units. Overarching equivalencean obligation to ensure that particular aspects of retail and wholesale regulated services will be equivalent. Information securityprinciples governing the use and protection of confidential information of wholesale customers where the information was obtained in respect of regulated services. Service quality and operational equivalenceestablishing and maintaining ticketing, order management and billing systems that comply with standards in the SSU. Telstra Exchange Building Accesscommitments around non-discriminatory access to Telstras exchange buildings and related facilities. Wholesale customer facing systemsmaintaining minimum levels of functionality and availability. Information equivalenceTelstra must keep wholesale customers engaged and provide minimum notifications about network maintenance, outages and upgrades. Equivalence and transparency metricsobjective performance measurement of equivalence regarding provisioning, fault rectification, and systems availability. Service level rebateswholesale customers may opt-in to a rebate scheme where Telstra does not meet the minimum performance standards set out in the equivalence and transparency metrics. Price equivalence and transparencyTelstra is to maintain and publish reference prices for regulated services in accordance with the methodology set out in the SSU. Accelerated investigation processa separate fast-track dispute resolution process for wholesale customers to raise equivalence complaints. Independent Telecommunications Adjudicator (ITA)a process and forum for the resolution of equivalence and NBN migration disputes between Telstra and wholesale customers. ReportingTelstra has a number of reporting obligations (further described below), including in relation to the equivalence and transparency metrics and possible breaches of the overarching equivalence commitment. Compliance reporting Telstras reporting obligations, which facilitate the ԭs ongoing monitoring of Telstras compliance with its interim equivalence and transparency commitments, comprise: A confidential monthly compliance report on any equivalence issues that have been identified by Telstra or reported to Telstra by the ԭ or wholesale customers. A confidential annual compliance report, which includes details of equivalence issues identified by Telstra or reported to Telstra by the ԭ or wholesale customers. This report also states the matters that Telstra has identified as breaches of its SSU obligations. Quarterly public operational equivalence reports, which outline Telstras performance against 33 equivalence and transparency metrics. A confidential version of these reports provides a reasonably detailed explanation of any variances in the metrics above two percentage points. Six-monthly public and quarterly confidential Telstra Economic Model (TEM) reports outlining the list of internal wholesale prices and external wholesale prices. In addition to Telstras reporting obligations, the ԭ may detect non-compliance in other ways such as directly receiving complaints from wholesale customers or through the ԭs own independent monitoring. The ԭ has considered Telstras monthly compliance reports relating to the period between 1July 2015 and 30June 2016 and Telstras Annual Compliance Report for 201516 (Annual Compliance Report). Matters reported in Telstras Annual Compliance Report In its Annual Compliance Report, Telstra reported eight matters as being possible breaches of the SSU. These matters include: three instances where Telstra possibly breached its obligation to safeguard Protected Information pursuant to clause 10.4 of the SSU four instances (all of which were reported in the ԭs 201415 report) where Telstra retail staff had access to systems that contained Protected Information in breach of clause 10.4 of the SSU, and continuing information security issues in parts of four IT systems previously reported in breach of clause 10.4 of the SSU. The ԭs approach to compliance and enforcement Telstra is obliged to comply with the SSU under the Telecommunications Act 1997. If the ԭ considers that Telstra has breached the SSU it may apply to the Federal Court for a range of remedies, including penalties, compensation and any other order that the Court considers appropriate. A breach of the SSU is also a breach of Telstras carrier licence conditions, which can attract a fine of up to $10 million. The ԭ has discretion over whether to take enforcement action in relation to breaches of the SSU and the nature of that action. The ԭ will only commence court proceedings where there are reasonable grounds for starting the proceedings and where it considers litigation to be the most suitable method of resolving a matter. As outlined in the ԭs Compliance and Enforcement Policy, the ԭ uses a range of compliance and enforcement tools in order to encourage compliance and resolve matters. These tools range from administrative resolutionsfor example, a commitment to stop engaging in the conductto litigation. Administrative resolutions are generally used where the ԭ assesses the potential risk of harm flowing from conduct as low. Legal action is more likely in circumstances where the conduct is egregious, where there is reason to be concerned about future behaviour or where the party involved is unwilling to provide a satisfactory resolution. In respect of breaches of the SSU, the ԭ is more likely to take legal action if it considers it to be necessary to prevent ongoing or systemic breaches of the SSU or to obtain a remedy to undo any harm. The ԭ would also consider litigation if it concludes that Telstra engaged in particular conduct in order to damage its competitors or otherwise provide itself with a commercial advantage. The ԭs overall objective is to ensure Telstra complies with its commitments in the SSU, in order to promote equivalence and transparency during the period of transition to the NBN. For each breach, the report notes whether the ԭ considers that Telstras remedial steps are sufficient to address any competitive detriment that may arise as a result of the breach and to ensure future compliance with the SSU. The ԭs position on the adequacy of Telstras remediation is based on the information provided to date by Telstra and its wholesale customers. Breaches of the SSU This section details several instances where the ԭ considers, on the balance of probabilities, that Telstra breached its SSU obligations. These breaches relate to Telstras information security obligations and price equivalence and transparency obligations in circumstances where: Telstra has reported that it has breached the SSU in its Annual Compliance Report, or the ԭ has identified the conduct and considers it a breach of the SSU. Information security The SSU contains information security obligations designed to safeguard Protected Information obtained by Telstra in the course of supplying regulated services to wholesale customers. By virtue of Telstras vertical integration, Protected Information could potentially be used to Telstras advantage in downstream markets. Telstras information security obligations are contained in clause 10 of the SSU. These obligations include: a strict prohibition on the disclosure of Protected Information to retail business units unless the wholesale customer has authorised the disclosure a prohibition on Telstra using or disclosing Protected Information in a way that would be likely to enable its retail business units to gain or exploit an unfair commercial advantage over its wholesale customers, and further restrictions on disclosing other information unless, with the approval of the ԭ, it makes the information available to wholesale customers at the same time. Importantly, Telstra must protect any: confidential or commercially sensitive information obtained directly from wholesale customers for the purpose of, or in the course of, Telstra supplying regulated servicessuch as the end-users name, address and service type, and confidential and commercially sensitive information derived from the above information (such as billing or service usage information) that would identify a wholesale customer or its end users. The SSU and information security Clause 10 of the SSU sets out how Telstra must act in relation to Protected Information. The definition of Protected Information includes: (a) confidential information identifying a wholesale customer or a wholesale customers end-user, supplied by that wholesale customer to Telstra for the purpose of, or in the course of, supplying regulated services to that wholesale customer (b) information that is commercially sensitive information to a wholesale customer, supplied by that wholesale customer to Telstra for the purpose of, or in the course of, supplying regulated services to that wholesale customer (c) confidential information and commercially sensitive information which is derived from information of the kind described in (a) and (b) above, whether or not in an aggregate form, that: (i) would enable the identity of that wholesale customer to be ascertained; or (ii) would enable the identity of a customer of that wholesale customer to be ascertained. These types of information will not be Protected Information if they are obtained by, or disclosed to, Telstra other than by a wholesale customer; provided by a customer of the wholesale customer directly to Telstra; or if the information was provided by the wholesale customer to a Telstra business unit other than Telstra Wholesale or other than in connection with the supply of regulated services. The SSU provides examples of information that would constitute Protected Information relating to a wholesale customer, if it was provided by the wholesale customer to Telstra in the manner outlined above. These examples include: the wholesale customers ordering and provisioning details (including details of when and where orders are submitted) details of a wholesale customers end-users, such as name, address, contact details, account and service numbers information about that wholesale customers network or facilities. Clause 10.3 of the SSU provides that, subject to clause 10.4 (outlined below), Telstra will not use or disclose Protected Information relating to a wholesale customer in a manner which would be likely to enable Telstra Retail to gain or exploit an unfair commercial advantage over that wholesale customer in any market. Clause 10.4 of the SSU provides that Telstra will ensure that Telstra Wholesale will not disclose Protected Information relating to a wholesale customer to: any retail business unit unless authorised to do so by that wholesale customer any Telstra network services business unit otherwise than on a need-to-know basis or where authorised to do so by that wholesale customer an employee (not working for a retail business unit) performing any of the functions specified in clause 8.1(f) otherwise than on a need-to-know basis or where authorised to do so by that wholesale customer. Clause 10.5 of the SSU provides that Telstra will not disclose certain wholesale customer information to Telstra Retail unless, with the approval of the ԭ, it makes the information available to wholesale customers at the same time. This clause relates to information which is not Protected Information because it has been aggregated on a national basis or has been aggregated on a sub-national basis but the identity of wholesale customers cannot be ascertained. Telstra is permitted to disclose Protected Information relating to a wholesale customer where it is authorised to do so by that wholesale customer. This provision recognises that there could be some circumstances where it would be in a wholesale customers interests to consent to a particular use or disclosure of its Protected Information. However, as a consequence, the overall efficacy of these arrangements will rely upon wholesale customers carefully considering any proposed use or disclosure of their Protected Information by Telstra. Breaches reported by Telstra In its Annual Compliance Report, Telstra identified three breaches of its information security obligations in the SSU which have not previously been reported by the ԭ. These are outlined below. Two breaches relate to Protected Information being disclosed to staff in a retail business unit while the other relates to Protected Information being disclosed to a network services business unit employee. All three breaches were due to emails sent in error. Telstra provided a description and explanation for the cause of each breach (identified in the tables below) in its Annual Compliance Report and outlined the steps it has taken to remediate the breaches. Telstra also provided further particulars in relation to each of these items at the request of the ԭ. In addition to the remediation action set out below, Telstra has indicated it will also undertake the following tasks to prevent, to the extent that it can, future similar instances from occurring: encourage staff to turn off auto-populating and suggested names in Outlook encourage staff to seek management or legal advice before any sort of information is distributed to non-Telstra Wholesale workgroups, and continue emphasising the importance of checking email recipients before hitting send in all induction and refresher SSU staff training. Item 1Email sent in error In its Annual Compliance Report, Telstra provided the following details in relation to item 1: Description of the breach An email including an attachment with wholesale customer Protected Information was mistakenly sent by a wholesale business unit staff member to one retail business unit staff member. Cause of the breach This incident was attributable to human error by an individual wholesale business unit employee who sent the email to the wrong person.  ԭ findings On 10 August 2015, a wholesale business unit employee mistakenly sent an email containing Protected Information to a retail business unit employee in breach of clause 10.4. The Protected Information disclosed to the retail business unit employee included: names of wholesale customers service numbers order numbers, and LinxOnline Ordering (LOLO) references. Remediation undertaken by Telstra Telstra considered that this was an isolated incident of inadvertent disclosure due to human error. Remediation focused on mitigating the risk associated with the disclosure and reducing the risk of recurrence. Telstra has advised that it became aware of the error on the same day and immediately contacted the retail business unit employee to delete the email and confirm the information was not distributed, disclosed, stored or used in any way. The retail business unit employee confirmed the necessary actions had been taken. Telstra also advised that it has provided coaching to the wholesale business unit employee about the importance of checking recipient names before sending emails and the importance of complying with the obligations under the SSU. The ԭ is satisfied that the actions taken by Telstra were appropriate in minimising the risk of any competitive harm occurring, and the risk of recurrence. Item 2Email sent in error In its Annual Compliance Report, Telstra provided the following details in relation to item 2: Description of the breach An email containing limited information that may constitute wholesale customer Protected Information was mistakenly sent by a wholesale business unit staff member to one network services business unit staff member who did not have a need to know the information contained in the email. Cause of the breach This incident was attributable to a human error by an individual Telstra wholesale business unit staff member who sent the email to the network services business unit staff member who had the same name as the intended recipient of the information. ԭ findings In February 2016, a Telstra network services business unit employee was sent an email containing Protected Information. The email was sent to the network services business unit employee because that employee had the same name as the intended recipient of the email. The information in the email included the name of a wholesale customer, the fact that the wholesale customer obtains particular services as a bundle and the price the wholesale customer pays for one of those services. The ԭ considers that in this instance, wholesale customer Protected Information was disclosed by the wholesale business unit employee to the network services business unit employee in breach of clause 10.4. Remediation undertaken by Telstra Telstra considered that the disclosure was an isolated incident, so its remediation efforts focused on mitigating the risk associated with the disclosure and coaching staff to minimise the risk of recurrence. Telstra advised that the mistake was identified the following business day that the email was sent, and the network services business unit employee was contacted and instructed to delete the email. Telstra has advised that the network services business unit employee confirmed that the email was deleted and that they did not forward the email or use the information contained in the email. Telstra also advised that it has provided coaching to the wholesale business unit employee about their obligations under the SSU in relation to wholesale customer Protected Information. The ԭ considers that the action taken by Telstra following identification of the issue minimised the risk of any competitive harm occurring as a result of the conduct. Item 3Email sent in error In its Annual Compliance Report, Telstra provided the following details in relation to item 3: Description of the breach An email containing information that is potentially wholesale customer Protected Information was sent in error by a network services business unit staff member to one retail business unit staff member. A second retail business unit staff member was sent this email for the purposes of submitting the web form for the SSU investigation of this matter. Cause of the breach This incident was attributable to a human error by an individual network services business unit staff member who sent the email to the retail business unit staff member in error. The email was then sent on to another retail business unit staff member for the purpose of lodging a web form to trigger an investigation.  ԭ findings On 14 January 2016, a network services business unit employee inadvertently sent an email containing Protected Information, including the service address of a wholesale customer, to a retail business unit employee. The retail business unit employee forwarded the email to another retail business unit employee for the purposes of initiating an SSU investigation. The ԭ considers wholesale customer Protected Information was disclosed by the network services business unit employee to the retail business unit employees in breach of clause 10.4. Remediation undertaken by Telstra Telstra considered that the disclosure was inadvertent and isolated in nature. As such, its remediation efforts focused on mitigating the risk associated with disclosure and minimising recurrence. Telstra has advised that upon becoming aware of the error six days later, it contacted the retail business unit employees and requested that they delete the email. Telstra advised that the retail business unit employees confirmed that they had done so and did not forward or use the information contained in the email (other than for the purpose of the SSU investigation). Telstra also advised that it has provided coaching to the network services business unit employee who sent the email to help prevent the occurrence of an email being sent with Protected Information to a retail business unit employee in the future. The ԭ is satisfied that the actions taken by Telstra were appropriate in minimising the risk of any competitive harm occurring, and the risk of recurrence. Price equivalence and transparency The SSU also contains price equivalence and transparency obligations. These are designed to ensure transparency of Telstras internal cost allocations and the prices charged to wholesale customers. Telstras price and transparency obligations are contained in clause 18 of the SSU. These obligations include a requirement that Telstra update and maintain a rate card which specifies the prices for regulated services as set by the ԭ. The SSU and price equivalence and transparency Clause 18 of the SSU sets out what Telstra must do to meet its price equivalence and transparency obligations. Clause 18.3 (in conjunction with Schedule 8) of the SSU provides that Telstra will publish and maintain a rate card with prices for: the unconditional local loop service, line sharing service, wholesale line rental, local carriage service, public switched telephone network originating access, public switched telephone network terminating access, domestic transmission capacity service, mobile terminating access service and the wholesale asymmetrical digital subscriber line service the Telstra Exchange Building Access service, and any other declared service. The relevant prices for each service are those specified by the ԭ from time to time in: a binding rule of conduct a final access determination, or an interim access determination.Telstra is not required to publish a price for the above listed services for any period that there is no final access determination (FAD), interim access determination or binding rule of conduct in force. Breaches identified by the ԭ During the reporting period, the ԭ identified two technical breaches of Telstras price equivalence and transparency obligations under the SSU. These breaches related to delays by Telstra in updating its wholesale rate card to reflect the ԭs final access determinations for the fixed-line services and domestic transmission capacity service. In each instance, Telstra provided a description and explanation for the conduct on request by the ԭ. Telstra disagrees that its failures to promptly update the rate card amount to breaches of clause 18.3 of the SSU. Telstra has noted that the SSU does not specify a timeframe in which the rate card must be updated and that it has worked on the understanding that it will update the rate card within a reasonable time for already-declared services. Item 4Failure to promptly update the rate cardFixed Line Services FAD ԭ findings Under clause 18.3 of the SSU, Telstra is required to publish and maintain a rate card setting out the prices of regulated services as determined by the ԭ. On 9 October 2015 the ԭ made a FAD setting out the price and non-price terms for the seven fixed-line services. The FAD came into force on 1 November 2015. Telstra updated the rate card on 6 November 2015. The ԭ considers the five business day delayfrom the date the FADs took effectin Telstra updating the rate card amounts to a technical breach of Telstras price equivalence and transparency obligations. Given Telstra had 15 business days notice that references prices for the seven fixed-line services were going to change, the ԭ considers it reasonable to expect the rate card to have been updated on 1 November 2015. Telstra disagrees that the failure to update the rate card on 1 November 2015 when the FAD came into effect amounts to a breach of clause 18.3 of the SSU. Telstra has argued that the SSU does not specify a particular timeframe in which the rate card must be updated when the price for an already-declared service is changed, and attributes the delay to issues around its appeal of the decision and how to address this when updating the rate card. The ԭ does not consider this interpretation aligns with Telstras express obligation to maintain a rate card setting out prices for declared services as specified from time to time by the ԭ in a FAD, interim access determination or binding rule of conduct. The ԭ considers that, when the price for an already-declared service is changed, Telstra must update the rate card to reflect the change within a reasonable period of time, taking into account the date when Telstra is notified of the price change and the date when it comes into effect. In this case, when Telstra had 15 business days notice of the price change, then took over 5 business days following the price change to update the rate card, the ԭ considers Telstra breached clause 18.3 of the SSU. Remediation undertaken by Telstra Telstra advised that where necessary, wholesale customers received a billing adjustment (for the period between 1 November 2015 and 6 November 2015 when Telstra updated the rate card) to reflect the new prices set by the ԭ in the FAD. In these circumstances, the ԭ does not consider the breach had a material adverse impact on wholesale customers. Item 5Failure to promptly update the rate cardDTCS FAD ԭ findings Under clause 18.3 of the SSU, Telstra is required to publish and maintain a rate card setting out the prices of regulated services as determined by the ԭ. On 21 April 2016, the ԭ made a FAD setting out the price and non-price terms for the domestic transmission capacity service (DTCS), with immediate effect. Telstra updated the rate card on 16 June 2016. The ԭ considers the 40 business days delay in Telstra updating the rate card from the date the price changed amounts to breach of Telstras price equivalence and transparency obligations (see the above discussion of the ԭs views on Telstras obligations under clause 18.3 in these situations). While immediately updating the rate card would not have been a reasonable expectation on Telstra given the FAD was released on the same day it took effect and the pricing model for DTCS is fairly complex, the ԭ considers that the 40 business days delay is an unreasonably long period to update the rate card and amounts to a breach of clause 18.3 of the SSU. Remediation undertaken by Telstra Telstra advised that where necessary, wholesale customers received a billing adjustment (for the period between 21 April 2016 and 16 June 2016 when Telstra updated the rate card) to reflect the new prices set by the ԭ in the FAD. Given this, the ԭ does not consider the breach had a material adverse impact on wholesale customers. Other SSU developments In 201516, Telstra completed its Information Security Remediation program that it commenced in 2012 to address a number of significant IT information security system issues. These issues related to Telstras SSU commitment to prevent the unauthorised disclosure of Protected Information to Telstra retail business units so as to not disadvantage wholesale customers. Summary of Telstras information security remediation Telstra remediated a total of 42 IT systems as part of its remediation project. The ԭ understands the remediation project has been complex and has involved systems changes, process and operational changes as well as behavioural controls where the system is unable to be fully separated. While Telstra had completed the majority of its remediation work by March 2015, it continued working during the 201516 year to address a small number of outstanding issues identified in a review by Ovuman external consultant engaged by the ԭ to assess the thoroughness of the remediation program. Remediation of all systems was completed by June 2016, with minor residual work relating to a data clean up exercise occurring in July and August 2016. The ԭ notes that as part of the IT remediation project, Telstra also developed a new Compliance Management Framework which is now part of its business as usual operations. Review of IT remediation work On 5 March 2015, the ԭ engaged Ovum as an independent expert consultant to examine and report on Telstras IT system remediation program. As part of this review, the ԭ selected a sample of eight systems for independent testing. The review identified that three of these systems still contained Protected Information that may have been visible to retail business unit users under specific, limited circumstances. These systems have now been remediated, and Ovum has verified the remediation. In February 2016, Ovum concluded in its final report to the ԭ that Telstras approach to its remediation project was appropriate considering its scale, and that Telstra has brought its systems into compliance with the SSU. Ovum recommended that the ԭ continue to rely on Telstras internal Compliance Management Framework and self-reporting mechanisms in the SSU. The executive summary of the expert consultant report is available at: HYPERLINK "http://www.accc.gov.au/regulated-infrastructure/communications/industry-reform/telstras-structural-separation-undertaking/telstra-completion-of-it-systems-remediation-program"http://www.accc.gov.au/regulated-infrastructure/communications/industry-reform/telstras-structural-separation-undertaking/telstra-completion-of-it-systems-remediation-program. Telstras internal due diligence review Following Ovums initial review which identified a small number of outstanding IT issues, Telstra decided to conduct a further due diligence review of its remediation project. As part of this review, Telstra assessed all 24 of its systems accessible by its retail business unit staff. As part of its due diligence review, Telstra identified a small number of additional issues in four of the systems which arose in specific, limited situations. These issues were reported by the ԭ in last years report. Telstra commenced remediation of these systems in December 2015 and completed remediation in the first half of 2016. Compliance Management Framework Telstras IT remediation project also included the development of a new Compliance Management Framework for the ongoing protection of wholesale customer information under the SSU. The Framework is built to help embed Telstras SSU responsibilities across the company through changes in system and product development processes, and staff training. It focuses on promoting awareness, implementing preventive controls, and detective controls to ensure preventative controls are working effectively. In its final report to the ԭ, Ovum concluded that the implementation of Telstras Compliance Management Framework should prevent new issues from arising or alternatively, allow the reporting of new issues as they arise (through compliance checks and company training). The ԭ considers the implementation of the Framework is a positive initiative which should help strengthen controls and reduce the potential for future breaches. ԭ conclusions The ԭ is satisfied that the remediation project is now complete and that the actions taken by Telstra were appropriate in remedying the outstanding IT systems issues. The ԭ is also satisfied that Telstras SSU reporting measures can be relied on to identify any further information security issues, should they arise. Telstra has dedicated a significant amount of resources to the completion of its Information Security Remediation project and appears committed to improving compliance with its Information Security obligations under the SSU. Telstras Migration Plan The Migration Plan governs the manner in which Telstra will cease to supply services over its copper and HFC networks and ultimately achieve structural separation. Telstras obligation to disconnect customers from its copper and HFC networks changed during the year, following re-negotiation of the agreements between Telstra and NBNCo. Telstra operated under regulatory forbearance from the ԭ during the period of negotiation, which allowed Telstra to implement modified arrangements which resulted in a better migration experience for end-users and industry. Interim disconnection and migration arrangements During the 201516 reporting period, Telstra operated under a revised Migration Plan that was modified to facilitate the shift to a multi-technology mix rollout model adopted by NBNCo. Following the ԭs approval of the MTM variation to the Migration Plan, Telstra and NBNCo identified aspects of the Migration Plan that required additional flexibility to ensure service continuity for some end-users that have placed an order for an NBN service, or acted late in deciding to migrate their services to the NBN. The arrangements also provided industry participants affected by the increased number of premises subject to NBN migration and disconnection activity additional time to service these premises. Specifically, the following interim arrangements were consented to by the ԭ: August 2015, the implementation of transitional managed disconnection arrangements for In-Train orders, fire alarms and lift phone services. This provided additional time for NBNCo to connect an increased number of premises to the NBN and allowed Retail Service Providers (RSPs) to complete the installation of their servicing equipment. September 2015, an extension to the Disconnection Date for registered fire alarm and lift phone services, so these services do not face mandatory disconnection until after 30June 2017. October 2015, the implementation of transitional arrangements for premises with disconnection scheduled to occur over the 201516 Christmas and New Year period. This also provided a short extension to promote customer awareness and minimise disruption to customers before disconnection steps were taken. February 2016, a further extension of the interim arrangements for In-Train order premises that allowed RSPs additional time to connect NBN services prior to Telstra commencing service disconnection. an extended disconnection timeframe equivalent to In-Train order premises for some Service Class 0 premises (i.e. premises that are planned to be serviced by fibre) with a Disconnection Date occurring between February and October. a deferred Disconnection Date for some premises that were subject to a change in NBN technology from fibre to the premises to fibre to the basement. This also provided additional time for RSPs to develop products to service these premises. On 9May2016, Telstra proposed a revision to the Migration Plan for ԭ approval. These changes were designed to formalise the interim migration and disconnection arrangements that had already been implemented by Telstra and NBN Co with ԭ consent. It also included a proposal to amend the framework for disconnecting Special Services (business grade services) to accommodate NBN Cos release of additional wholesale product functionality by access technology. The ԭ approved the variation on 20 July 2016 as the proposed variations were considered to be consistent with the Migration Plan Principles. The ԭs role in approving the revised Migration Plan was limited to determining whether the proposal was consistent with the legislative requirements and complies with the Migration Plan Principles issued by the Australian Government in 2015. Compliance activity for ԭ approval Under the revised Migration Plan approved in June 2015, Telstra was required to reassess its disconnection and migration related processes set out in the Migration Plan, and develop and publish changes to those processes to reflect the transition to the multi-technology NBN rollout model. During the reporting period, the ԭ accepted the following replacement Required Measures: Pull Through Consents and Pull Through Exception Event and Installation of Temporary Cable Notifications (Required Measures 1 (a) and (b)) Process for Managed Disconnection of Copper Services from the Disconnection Date (Required Measure 2) Process for Managed Disconnection of HFC Services from the Disconnection Date (Required Measure 3), and Process for Telstra to Build Copper Paths at Premises which had been Permanently Disconnected in order to Supply Special Services and Special Service Inputs (Required Measure 4). Telstra was also required to consider whether its business-as-usual disconnection processes that are outlined in Schedules 1 and 2 of the Migration Plan were appropriate. The ԭ accepted the revision to Schedule 1 and noted its consistency with the industry guidelines developed by the Communications Alliance. The revision of Schedule 2 (relating to the disconnection processes for HFC services) remains outstanding, however, pending the finalisation of the relevant Communications Alliance guideline. Breaches of the Migration Plan During the reporting period, a further 348 NBN rollout regions reached their Disconnection Date. There are now 452 NBN rollout regions that have reached their Disconnection Date with managed disconnections occurring on a monthly basis. Telstra has indicated that a further 142 NBN rollout regions will occur during the first half of the next reporting period. Whilst Telstra generally complied with its Migration Plan obligations during the period, it reported a number of minor breaches. Prior to the approval of the May 2016 variation proposal of the Migration Plan, Telstra adopted a number of interim disconnection arrangements. The ԭ has considered Telstras compliance with the Migration Plan having regard to these interim disconnection arrangements which were adopted in order to promote service continuity and to ensure that end-users were not left without a working service. The following sections detail Telstras specific breaches of the Migration Plan. Notification of the disconnection schedule Under clause 7 of the Migration Plan, Telstra is obliged to publish a disconnection schedule for the benefit of wholesale and retail customers, and to update that schedule within five business days of receiving notification of a change. Following the approval of the varied Migration Plan in June 2015, the disconnection schedule was expanded to include a number of additional reportable fields relating to key roll-out or Disconnection Dates. Telstra has advised that there were some instances where Telstra published the disconnection schedule later than the prescribed five days after receipt of notification from NBN Co of a new or updated rollout region Ready for Service Date. Telstra attributes the short delay to human error in not adhering to established processes. Telstra advised that in April 2016, arrangements were implemented to prevent a delay from reoccurring. These measures include republishing the disconnection schedule on a weekly basis, irrespective of whether NBN Co has provided any updates. Since the implementation of these new arrangements in April 2016, Telstra has identified an additional instance it published the disconnection schedule outside the specified timeframe. This breach was attributable to human error, however it was rectified within one business day after the specified timeframe. The ԭ has confirmed that the regular updates have occurred and considers that the revised disconnection arrangements implemented are likely to further reduce the risk of reoccurrence and help to keep consumers well informed. Reconnection of premises previously permanently disconnected Telstra is required to ensure that no new copper paths or HFC lines are connected to premises that have previously been permanently disconnected, except in some circumstances regarding special services or where a disconnection has occurred in error. Telstra identified a small number of instances where a copper service was supplied to premises that had previously been permanently disconnected. These instances included where: Telstras processes did not prevent or detect the reconnection order being accepted the end-customers were priority assistance customers that had experienced delays or issues in obtaining a service on the NBN, and the disconnection of the copper or HFC service was successful but there was a delay in a customers premises becoming NBN serviceable. Telstra advised that the majority of instances where services were connected without complying with this obligation occurred during the migration window or shortly after the relevant Disconnection Date and prior to managed disconnections commencing. Telstra also advised that most of the non-compliant services have now been disconnected. Telstra has advised that the small number of premises that remain on the network will be disconnected in accordance with the relevant rollout region Disconnection Date. Consistent with previous years, Telstra has provided coaching on the rules that apply to the staff involved. During the reporting period, Telstra also advised that it had identified address matching inconsistencies in its systems. The system had attributed new paths and lines, not previously associated with premises, to premises that had previously been permanently disconnected. Although not a breach under clause 19.1 of the varied Migration Plan, Telstra has identified this system issue and advised the ԭ that it is working to resolve the anomalies. The ԭ considers that Telstras actions were appropriate in this instance, and further investigations into resolving address matching inconsistencies should help to improve compliance with this obligation in the future. Cease sale Telstras cease sale obligations are set out in clause 17 of the Migration Plan. The cease sale obligations generally prohibit Telstra from supplying new copper and HFC services to premises after it becomes NBN serviceable, except in limited circumstances. Telstra has advised that it identified some instances during the year where services were connected that were not permitted under cease sale obligations. These non-compliant connections were attributable to system and data quality issues, and to a lesser extent human error associated with the use of manual processes. Telstra considers that the number of instances is insignificant compared to the overall population of order requests made or rejected. Telstra has advised that it is working to promote internal compliance with the obligation by improving its automated processes, the quality of service data and has reiterated the importance of compliance to staff through various communications activities. In this regard, Telstra has advised the ԭ that it has regular engagement with NBN Co to analyse identified data inconsistencies and improve the quality of premises data it receives. Telstra has also provided the ԭ with relevant compliance policy and training documents prepared and disseminated by Telstra. Telstra is required to provide data to the ԭ in its quarterly Migration Plan compliance reports on the volume of copper, wholesale copper and retail HFC services where an override code applies or a service is incorrectly provisioned without an override code during the relevant period. The ԭ has not identified any potential equivalence concerns arising from the limited instances of non-compliance by Telstra with its cease sale obligations and considers the measures Telstra has taken to address these limited instances are appropriate. Communication with retail customers about Disconnection Dates Under clause 8.2 of the Migration Plan, Telstra is obliged to advise retail customers no less than three months before the Disconnection Date of the impending disconnection of their premises from the copper and HFC networks. Telstra has advised that it complied with this obligation in the majority of instances. However, Telstra identified some retail customers who were given less than the specified notification timeframe set out in the Migration Plan. Telstra has stated that this was primarily attributable to limitations with internal processes and systems issues. In these instances, further communications were provided to the relevant customers, including catch-up notifications. Telstra has advised that it has implemented measures to reduce the likelihood of this reoccurring and promoted awareness of the need for these communications. The ԭ considers that the steps taken by Telstra, including an ongoing retail customer communication campaign and catch up notifications for those notified later than the mandated timeframe set out in the Migration Plan, have reduced the risk of consumer detriment associated with the late notification of disconnection in these instances. Order Stability Period Clause 13 of the Migration Plan allows Telstra to apply an order stability period in each rollout region immediately prior and after the Disconnection Date for that rollout region. This provides Telstra sufficient time to clear any remaining pending orders before the managed disconnection process commences. Telstra has advised that there were some instances where it connected services that were not permitted within the order stability period. These instances arose due to data quality issues and human error associated with manual processes. Telstra considers that the volume of these instances is insignificant compared to the number of orders that were completed (or rejected) in accordance with the obligation. Telstra has advised that it is continuing to promote compliance with this obligation by imposing stricter rules to govern the types of orders allowed, improving the quality of service data and reiterating the importance of compliance with staff. The ԭ considers that the steps taken by Telstra should help to improve compliance with this obligation in the future. Managed disconnections During 201516, Telstra applied the revised arrangements for Managed Disconnection in the first 31 NBN rollout regions. Telstra advised that it had completed managed disconnections for all remaining legacy services by 30 June 2016 with the exception of a small number of premises which received an interim extension to managed disconnection (for example, in the case of premises with a registered fire alarm or lift phone services, premises identified as a multi-dwelling unit common area, or where the service is a Direct Special Service). Telstra advised there were 13 Disconnection Dates that occurred during the reporting period affecting 348 NBN rollout regions. By the end of the reporting period, the obligation to complete mandatory disconnections for all remaining premises with the exception of those with In-Train Orders (i.e. made within 45 business days after the rollout region Disconnection Date), had occurred for a total of 264 NBN rollout regions. Telstra noted some instances where disconnection of services (wholesale and retail) did not occur on the required date. Telstra advised that these instances were mainly due to the potential threat to the customers well-being if their copper service was disconnected before they had a working NBN service, or for similar reasons of concern regarding the disconnection of safety- or security-critical services. Where this had occurred, Telstra advised that it sought to ensure that disconnection was only suspended for a short period of time, and that any extensions were granted on an equivalent basis across retail and wholesale. The ԭ considers that the revised disconnection arrangements provide an appropriate set of protections for end-users to promote service continuity and provides end-users with a sufficient opportunity to nominate a RSP supplying NBN services prior to the Disconnection Date. The ԭ has confirmed that the instances where disconnection did not occur on the required date have now been addressed by subsequent disconnection or are now subject to a later Disconnection Date that is yet to be reached. ԭ actions During the 201516 reporting period, the ԭ has continued to focus on stopping conduct of potential concern as it comes to light and ameliorating its impact. The ԭ has also focused on identifying areas for improvement in Telstras systems and processes to ensure its SSU and Migration Plan obligations are being implemented effectively and in a robust manner. In each case of Telstras non-compliance during the 201516 reporting period, the ԭ has assessed and found that no instances warrant further enforcement action. The ԭ considers that remediation undertaken by Telstra has been sufficient to address any competitive detriment that may arise as a result of Telstras non-compliance. The ԭ has also monitored Telstras performance against the equivalence and transparency metrics in the 201516 reporting period. The ԭ receives several reports from Telstra in relation to its obligations under the SSU and the Migration Plan. The ԭ continues to monitor and critically examine these reports to ensure that any potential equivalence concerns or migration issues are identified, considered and addressed. The SSU requires Telstra to report publicly on its costs, revenues and demands associated with its regulated services, and the internal and external prices that apply to those services. In July 2016, the ԭ commenced publishing a time series comprising internal and wholesale price data taken from the TEM reports. The ԭ continues to encourage Telstra to provide relevant updates to wholesale customers on interim equivalence and migration plan issues as they arise so that steps can be taken to minimise any impact on their business. In this regard, the ԭ ran a Wholesale Telecommunications Consultative Forum in April 2016 to facilitate greater engagement between Telstra and industry in relation to potential issues arising under the SSU and Migration Plan. Theforum covered a wide range of issues, including Telstras IT systems remediation program, NBN migration arrangements and Telstras price equivalence reporting. Further information Telstras SSU and Migration Plan are available at: the ԭ website: HYPERLINK "http://www.accc.gov.au"http://www.accc.gov.au the Telstra Wholesale website: HYPERLINK "https://www.telstrawholesale.com.au/why-telstra-wholesale/structural-separation-undertaking.html"https://www.telstrawholesale.com.au/why-telstra-wholesale/structural-separation-undertaking.html HYPERLINK "https://www.telstrawholesale.com.au/nbn/overview/nbn-transition.html"https://www.telstrawholesale.com.au/nbn/overview/nbn-transition.html. The legislation and legislative instruments underpinning the SSU and Migration Plan are available at the Department of Communications and the Arts website: HYPERLINK "http://www.communications.gov.au/policy_and_legislation/telecommunications_regulatory_reform_separation_framework"http://www.communications.gov.au/policy_and_legislation/telecommunications_regulatory_reform_separation_framework. ԭ contacts ԭ Infocentre: business and consumer inquiries: 1300 302 502 Website: HYPERLINK "http://www.accc.gov.au"www.accc.gov.au Translating and Interpreting Service: call 13 1450 and ask for 1300 302 502 TTY users phone: 1300 303 609 Speak and Listen users phone 1300 555 727 and ask for 1300 302 502 Internet relay users connect to the NRS (see HYPERLINK "http://www.relayservice.com.au"www.relayservice.com.au and ask for 1300302502). ԭ addresses National office 23 Marcus Clarke Street Canberra ACT 2601 GPO Box 3131 Canberra ACT 2601 Tel: 02 6243 1111 Fax: 02 6243 1199 New South Wales Level 20 175 Pitt Street Sydney NSW 2000 GPO Box 3648 Sydney NSW 2001 Tel: 02 9230 9133 Fax: 02 9223 1092 Victoria Level 35 The Tower 360 Elizabeth Street Melbourne Central Melbourne Vic 3000 GPO Box 520 Melbourne Vic 3001 Tel: 03 9290 1800 Fax: 03 9663 3699 Queensland Brisbane Level 24 400 George Street Brisbane Qld 4000 PO Box 12241 George Street Post Shop Brisbane Qld 4003 Tel: 07 3835 4666 Fax: 07 3835 4653 Townsville Suite 2, Level 9 Suncorp Plaza 6173 Sturt Street Townsville Qld 4810 PO Box 2016 Townsville Qld 4810 Tel: 07 4729 2666 Fax: 07 4721 1538 South Australia Level 2 19 Grenfell Street Adelaide SA 5000 GPO Box 922 Adelaide SA 5001 Tel: 08 8213 3444 Fax: 08 8410 4155 Western Australia 3rd floor, East Point Plaza 233 Adelaide Terrace Perth WA 6000 PO Box 6381 East Perth WA 6892 Tel: 08 9325 0600 Fax: 08 9325 5976 Northern Territory Level 8, 9"11 Cavenagh St Darwin NT 0800 GPO Box 3056 Darwin NT 0801 Tel: 08 8946 9666 Fax: 08 8946 9600 Tasmania Level 2 70 Collins Street (Cnr Collins and Argyle Streets) Hobart Tas 7000 GPO Box 1210 Hobart Tas 7001 Tel: 03 6215 9333 Fax: 03 6234 7796  Hybrid fibre-coaxial.  See for example pages 8 and 9 of the ԭs submission to the Governments 2009 National Broadband Network: Regulatory Reform for the 21st Century Broadband discussion paper.  Regulated Services include the declared services and the Telstra Exchange Building Access service described in the Telecommunications (Regulated Services) Determination (No.1) 2011.  Pursuant to section 577BE of the Telecommunications Act 1997, when a final Migration Plan comes into force, the SSU has effect as if the provisions of the plan were provisions of the SSU.  An equivalence issue means a possible breach of clause 9.1 (Telstras overarching commitment to equivalence) or a breach of a specific non-price equivalence and transparency commitment.  Available at /about-us/australian-competition-consumer-commission/compliance-enforcement-policy.  ԭ, Public inquiry into final access determinations for fixed line services, Final Decision, October 2015. Accessed here: HYPERLINK "http://www.accc.gov.au/system/files/FSR%20FAD%20Final%20Decision%20Report%20-%20Public%20Version.pdf"http://www.accc.gov.au/system/files/FSR%20FAD%20Final%20Decision%20Report%20-%20Public%20Version.pdf. The fixed line services are: the unconditioned local loop service, line sharing service, fixed originating access service (previously the public switched telephone network originating access service), fixed terminating access service (previously the public switched telephone network terminating access), wholesale line rental, local carriage service and wholesale ADSL service.  ԭ, Public inquiry to make a Final Access Determination for the Domestic Transmission Capacity Service, Final Report, April 2016. Accessed here: HYPERLINK "http://www.accc.gov.au/system/files/ԭ%20final%20report%20%28public%29_0.pdf"http://www.accc.gov.au/system/files/ԭ%20final%20report%20%28public%29_0.pdf.  Last years report can be found here: HYPERLINK "http:///publications/telstras-s4M> P   P Q l m o FG'(''f..<<@@EAFAgMhMNNV4VXYwYxYg'h:7Wh)5B*CJPJ\aJphQbo#h:7Wh)5B*CJPJ\phjh)0JU,h:7Wh)B*CJ OJPJQJ\aJphQboh)h)0J> h)0J h)0Jjh)0JU h)0J h)h)h)4,EMd  r o C>Kkgd)^gd)Ex D"" $T$o$%'''(_)w+{,,R../e1Q3556-8Y8l9;O=>>@@AABBDEEvF0GGXHHSIIJUKKL8LfMhM}M+NNOPQkR3SjSSnT6UUUWXL[\] __;````5b85bb9cddddeg^g;h.ij{k mminno`ppNqqrt8$If$If$If$If8g gg^gpgo*o`pkprrtt{{_|y|1}E}}}|Ʉ…Å_sU`CDbcefgh:7Wh:7W5B*PJph(07h:7Wh:7Wh)0J>jh:7Wh)0J>Ujh)0JU)h:7Wh)56B*CJPJ\]phQboh:7Wh)OJQJh:7Wh)0J h:7Wh)h)h)OJPJQJ^Jo(6tttvvxyzzX{{{|_|y|1}E}}$If8Pkd$$If<p#p#  2` ap yt:7W}}}}~~~  Gi<{b8skd$$If40%$  62` af4pyt)|Ʉ…Åх܆|kskd&$$If40%$  62` af4pyt)$Ifk_s. ϒ=skd$$If40%$  62` af4pyt:7W$If=ݕǖUۘ;m"CDUkd\$$If4<%$  62` af4p yt:7W8$If$If$If2UǢLZǪ`lԮ\}-KK<eg%(̿ݿ!Q=Hu;8uufzcJoeU8 :^`gd:7W  C D Z [ } ~   L M O P         w x     &'CDa5vxy67lnovƼh)h)0J> h)0Jjh)H*UhJ<0 h)0Jjh)0JUjh)0JU'h:7Wh:7W5B*CJPJ\aJphQboh:7Wh)D##aC !W_w=#s\    ] } O   z {   TrCDSc &JS{f8$[$Pm%8>vfx6nBHHHIIIIII I I&I'I(I)I*IAgdDKv^_BCJ34HTHUHHHHHHHHIIIIII I I"I#I$I%I'I)I*IȾȾhJ<0jhiUmHnHuhimHnHuhijhiUjhtUhtUh)0JCJaJjh)0JCJUaJjh)H*Uh:7Wh)0J>jh:7Wh)0J>Uh) h)0J/tructural-separation-undertaking/telstras-structural-separation-undertaking-201415"/publications/telstras-structural-separation-undertaking/telstras-structural-separation-undertaking-201415.  Clause 19 of the Migration Plan.      PAGE \* MERGEFORMAT 1 21h:pi. A!"#$% 9 01h:p:7W. A!"#$% P 5 01h:p:7W. A!"#$% $$If!vh#vp#:V <  5p#/ 24` ap yt:7W$$If!vh#v:V 4 65 24` f4pyt)$$If!vh#v:V 4 65 24` f4pyt)$$If!vh#v:V 4 65 24` f4pyt:7W$$If!vh#v%:V 4<  6524` f4p yt:7Wj 8>>>>.666666666xxxpppppp066>>6>666666666666666666666666666666666666686666666666>6hH6666666666666666666666666666666666666666666666666666666666666666662 0@P`p2( 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p6VV~ OJPJQJ_HmH nH sH tH D`D pZ;NormalCJ_HaJmH sH tH Z@Z Fk0 Heading 1 @&$B*CJ OJPJQJ\^JaJphQboj`j :7W0 Heading 2$d@&+5B*CJPJ\_HaJmH phQbosH tH R@R Fk0 Heading 3 @&5B*CJPJ\^JphX@X Fk0 Heading 4 @&!56B*CJPJ\]^JphQbof`f )0 Heading 5$d@&(5B*CJPJ_HaJmH ph(07sH tH H@H Fk Heading 6 @&56PJ]^JN@N DFk Heading 7 @&6B*PJ]^Jph@@@L@L EFk Heading 8 @&B*PJ^JaJphQbo @ F%`d Heading 9,Numbered Table FxT@&5B*CJPJ]^JaJphDA`D Default Paragraph FontRi@R 0 Table Normal4 l4a (k ( 0No List XoX FkHeading 1 Char$B*CJ OJPJQJ\^JaJphQbo\o\ :7W0Heading 2 Char'5B*CJOJPJQJ\^JaJphQboXoX FkHeading 3 Char#5B*CJOJPJQJ\^Jph^o!^ FkHeading 4 Char)56B*CJOJPJQJ\]^JphQboNo1N )0Heading 5 Char5OJPJQJ^Jph(07NoAN Fk Heading 6 Char56OJPJQJ]^JXORX ~ Chapter title xB*CJ4OJQJaJ4phO-VoaV ~Chapter title CharB*CJ4OJQJaJ4phO-<Or< MX Table text x<CJTOT R0Copyright text dhm$B*CJaJphQboXoX 7Jr Copyright text CharB*CJOJQJaJphQboB@B@IpTOC 8d8# ^ mHnHuB@B@IpTOC 9d8# ^J mHnHuDD  Numbered 1 F ^`XTO!T  Numbered 1.1 & F ^`5^JRO1R Numbered 1.1.1 & F Q^Q`m$TOAT Numbered 1.1.1.1 & F Q^Q`XOQX  Numbered 1.1.1.1.1 & F ^`[\Oa\  Numbered 1.1.1.1.1.1! & F ^`[F@"F #D0Header"xB# B*CJphQboDo1D "D0 Header CharB*CJOJQJphQboH`BH 7Jr No Spacing$CJ_HaJmH sH tH BORB &MX Table title %x5aJHoaH %MXTable title Char5OJQJaJ6OQr6 &\ Chart title'CJ@+@@ :&0 Endnote Text(CJaJrOr *W Boxed text?)M NOPQaJPoP )Boxed text CharOJQJaJq dOd ,B=Pull quote heading +xm$5B*CJOJQJaJphP4bob +Pull quote heading Char5B*CJOJQJaJphP4hoh . Pull quote text-x)B*CJOJQJ_HaJmH phP4sH tH \o\ -Pull quote text Char5B*CJOJQJaJphP44O4 0cVNote/x 6CJaJ>o> /cV Note Char6CJOJQJaJ4O4 2cVSource1<CJaJ>o!> 1cV Source CharCJOJQJaJ.q2. 4 @ Footnotes3DoAD 39@Footnotes CharCJOJQJaJ:@: 6^Quote5^6B*]phDoaD 5^ Quote Char6B*OJQJ]phDOrD Og Bullet point7 F^T`^JJ0@J /T0 List Bullet8 F xT^T`LL OgBullet point 29 F ^`D1@D h#0 List Number : Fx B*phR6@R /T0 List Bullet 2; Fx ^`t At Hp TOC Heading<dx4B*CJ OJPJQJ\^JaJmH nHphQbosH tHb:`b L0 List Number 2= & F xCJ_HaJmH sH tH >U`> )0 Hyperlink>*B*OJQJphL@L @50 Balloon Text?CJOJQJ^JaJNoN ?50Balloon Text CharCJOJQJ^JaJF @F B}0FooterAxB# B*CJphQboDo!D A}0 Footer CharB*CJOJQJphQboH2H  List ParagraphC F xTToAT Fk Heading 7 Char6B*OJPJQJ]^Jph@@@RoQR Fk Heading 8 CharB*OJPJQJ^JaJphQbooa %`d "Heading 9 Char,Numbered Table Char'5B*CJOJPJQJ]^JaJph`q`  Numbered 1.1.1.1.1.1.1G & F ^`dd  Numbered 1.1.1.1.1.1.1.1H & F ^`` Z;Table Grid,ACCC Table:VI0jg LI<<f!dxx4$XDYD[$\$fxx4$XDYD[$\$HCJOJQJ5CJOJQJ5CJOJQJ5CJOJQJ` Z; Light Shading:VJ0jDjQ |4 RJxxf!dxx4$XDYD[$\$f!dxx4$XDYD[$\$DCJ5\ 5CJ\ 5CJ\5CJOJQJ\` qLight Shading - Accent 1G:VK0QboQboj;@ j; jDQboQbojDQboQbo44,Kfdfd5B*ph`^ _)Title^x@&m$)@B*CJHKHOJPJQJ^JaJ4phO-}RoR ^) Title Char&@CJHKHOJPJQJ^JaJ4phO-}^o^ Og Cover Date`)B*CJOJQJ_HaJmH phP4sH tH HaH N Book Title6:;@CJOJQJ\`# NLight List - Accent 1:Vb0QboQboQboQboj.@QboQboQboQboj.QboQboQboQboj.QboQboQboQboj Qbo44,bfdfd55\5\5\5B*\ph`3 NLight List - Accent 3:Vc0j.@j.j.j 44,cfdfd55\5\5\5B*\ph`C <[Light List - Accent 5:Vd0j.@j.j.j 44,dfdfd55\5\5\5B*\ph.X`Q. p@Emphasis6]:@b: cV0 Normal Indentf^R@rR h?g: Footnote Textg<T^T`CJaJLoL g?g: Footnote Text CharCJOJQJaJ@&`@ p0Footnote ReferenceH**W`* Q`Strong5\^J`^ lD0Subtitle khx)B*CJ4OJQJ_HaJ4mH phO-sH tH LoL kD Subtitle CharB*CJ4OJQJaJ4phO-` ntLight Shading - Accent 4G:Vm0j;@ j; jDjD44,mfdfd5B*phM5\5\5\5\` ntLight Shading - Accent 6G:Vn0P4P4j;@ j; jDP4P4jDP4P444,nfdfd5B*ph55\5\5\5\B@B@IpTOC 4od8# ^ mHnHuB@B@IpTOC 5pd8# ^ mHnHuB@B@IpTOC 6qd8# ^O mHnHuB@B@IpTOC 7rd8# ^ mHnHuL,L ]0Table of Authorities s^`$o Z;Light Shading1:Vt0jG|4jQ Rtxxf!dxx4$XDYD[$\$f!dxx4$XDYD[$\$UB*CJph5\ 5CJ\5CJOJQJ\5CJOJQJ\`S aLight List - Accent 2:Vu0O-}O-}O-}O-}j.@O-}O-}O-}O-}j.O-}O-}O-}O-}j.O-}O-}O-}O-}j O-}44,ufdfd55\5\5\5B*\ph`c aLight List - Accent 4:Vv0j.@j.j.j 44,vfdfd55\5\5\5B*\ph`s aLight List - Accent 6:Vw0P4P4P4P4j.@P4P4P4P4j.P4P4P4P4j.P4P4P4P4j P444,wfdfd55\5\5\5B*\ph` a Light Grid:Vx0jF@ j9j; j.jDjD44,xfdfdl5OJ&PJQJ&\^J5OJ&PJQJ&\^J5OJ&PJQJ&\^J5OJ&PJQJ&\^J` aLight Grid - Accent 1:Vy0QboQboQboQboQboQbojF@QboQboQboQboQbo j9QboQboQboQboQboj;QboQboQboQbo j.QboQboQboQbojDQboQboQboQboQbojDQboQboQboQboQbo44,yfdfdl5OJ&PJQJ&\^J5OJ&PJQJ&\^J5OJ&PJQJ&\^J5OJ&PJQJ&\^J` aLight Grid - Accent 2:Vz0O-}O-}O-}O-}O-}O-}jF@O-}O-}O-}O-}O-} j9O-}O-}O-}O-}O-}j;O-}O-}O-}O-} j.O-}O-}O-}O-}jDO-}O-}O-}O-}O-}jDO-}O-}O-}O-}O-}44,zfdfdl5OJ&PJQJ&\^J5OJ&PJQJ&\^J5OJ&PJQJ&\^J5OJ&PJQJ&\^J` aLight Grid - Accent 4:V{0jF@ j9j; j.jDjD44,{fdfdl5OJ&PJQJ&\^J5OJ&PJQJ&\^J5OJ&PJQJ&\^J5OJ&PJQJ&\^J` aLight Grid - Accent 5:V|0jF@ j9j; j.jDjD44,|fdfdl5OJ&PJQJ&\^J5OJ&PJQJ&\^J5OJ&PJQJ&\^J5OJ&PJQJ&\^JrO!r FO0 Header Right }B#!a$ OJQJ^JaJmH nHsH tHhh ] Numbered 1.1.1.1.1.1.1.1.1~ & F M ^M `@"@@ mq0Caption x5CJ\aJ8/8 Og0ListxT^T`<2< Og0List 2x^`<3"< Og0List 3x^`<42< Og0List 4xQ^Q`<5B< |T0List 5x^`R7RR #0 List Bullet 3 Fx ^`R8bR |T0 List Bullet 4 Fx Q^Q`R9rR |T0 List Bullet 5 Fx ^`FDF |T0 List ContinuexT^TJEJ |T0List Continue 2x^JFJ |T0List Continue 3x^JGJ /T0List Continue 4xQ^QF;F L0 List Number 3 FxF<F L0 List Number 4 Fx>=> L0 List Number 5 FxBOqB MX Table Heading<5CJPOq P G2Table text - righta$ PJ^JaJH  H G2Table text - centreda$ZO" Z MXTable Heading - righta$PJ\^JaJ^o1 ^ G2Table text - right CharCJOJPJQJ^JaJBoA B MXTable text Char CJOJQJLoQ L MXTable Heading Char5CJOJQJjoa j MXTable Heading - right Char5CJOJPJQJ\^JaJboq b G2Table text - centred CharCJOJPJQJ^JaJ^O ^ MXTable Heading - centreda$PJ\^JaJJo J (L30Endnote Text CharCJOJQJaJD#D yfg0Table of Figures xo Z;0 ACCC Table 37:V0@CJ5CJOJQJ5CJOJQJ5CJOJQJJ*` J Og0Endnote ReferenceCJH*OJQJdO d U4Numbered paragraph 1.1 @& ^`XB*CJ\phZo Z Numbered 1 Char$B*CJ OJPJQJ\^JaJphQbobO b ]Numbered paragraph F^`XB*PJ^JaJphfo f yList alphabet 2 & F xCJ_HaJmH sH tH fo f yList alphabet 3 & F xCJ_HaJmH sH tH fo" f yList alphabet 4 & F QxCJ_HaJmH sH tH fo2 f yList alphabet 5 & F xCJ_HaJmH sH tH JHB J /T0List Continue 5x^joR j )0 List alphabet TTx^T`CJ_HaJmH sH tH 8O8 0 Note HeadingBoq B 0Note Heading CharOJQJHa H ]Subtle Reference:>*B*phO-}@1 @ y List Legal F TD D 9g List Legal 2 F D D y List Legal 3 F QD D y List Legal 4 F QD D h# List Legal 5 F P P _Legal Numbering FTQo )0 04 footnote7 d*$1$7$8$9DH$^`1@B*CJOJPJQJ^JaJmH phsH tH Po P )001 body italic6B*OJQJ]^JphFo F )0 01 hyperlink>**ɳ<o! < )0 01 body bold OJQJ^J@o1 @ )001 superscript B*H*phPK![Content_Types].xmlN0EH-J@%ǎǢ|ș$زULTB l,3;rØJB+$G]7O٭V*[sIISJgT*>b zI7-ubu9cF?6V1;eL>.nv}Z}f9c3;u.iNN?2x|UgS{&Ni0p0ʦXsN:s'P56@HձP2ĵ1 ?J~P{< BbD< ex8*#65лu .d'dÜ%iAjZmB6imRj puOSg@?;е2MݛA١:OF=w s%Z{>D>Tad(wtwIY&֥8yh;*|=Âh&>- IA( U3/d% &D+S5Ԫ&/U giOIUbxe QUX[@Yu H~*\[ ީucOORc EsAa\ ]m2l9({n'up'qPM-w8ԃΒ5l~ھ]0[)m#y1e\{Vkk !Il,X\368{$og+Yx`k;wԠl?Ea*>(ו ;ܸKxj>* H5$H[oPK! ѐ'theme/theme/_rels/themeManager.xml.relsM 0wooӺ&݈Э5 6?$Q ,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JЊT8V"AȻHu}|$b{P8g/]QAsم(#L[PK-![Content_Types].xmlPK-!֧6 0_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!9theme/theme/theme1.xmlPK-! ѐ'theme/theme/_rels/themeManager.xml.relsPK] '48E9FwQ\ @xLD7 \J4JoJ *************-gv*I5L5bt}k=Ku *IPlFbCZ}LOw&\XXXXXXXXXX $&-!h=NXXXL# @0(  B S  ?_GoBack]]aa v*vF N       8 0235689;<<WWZ]  %'%A A6M@MXX\\]]eehhXr`rmp"$gmeh\_    8 : O 8  .0235689;<<WWZ]33333333333333333333333333333\\rr||DDDDceguuffCD6 7 8 .  ..]|֪4} 3~=b}j sb;(B:+T `|Cs> "Do,vNH: !GH~#4jT 6-M}4#9H\8_}(~}|X&g}4#9+T  6~.qkzp vMGY#4_}<rKsJa,IDoRfh         tޏrj&>~D4}G Z>fbO-`x        B>@        h        NSj        ll                7p        )\                 -        Z\l                 ,8        +V>_%WG2{cV^, rlh#n FsV.#AW#wo&:k$E^.Im7'!M"E%:&-w&th()ek)}*y/J<0m0w1q23 3d3L3U4Y45A7F8?g:pZ;]GK H]HDK4LUM8P7R(Sg$S{T|TMJV5WW:7W zWx XMXBmYM@Z<[$\&\l^k\am-c>,d%`d=fyfgiLkzkUmwmpcup4r7Jrs#2tnt]>v@wv~w.xr,{S|&~I~L~k3lNDQ ~7E}XT1p,3aV+`;btDFk@I[fGRH}& FOq,d2o H0Ymqzn]~ 9|eF/3F4GLX9g8Z;ZOUyfkfty*DDTM,8-P/TyN UHBd9[Og\aUMbB=k(QX sYu {Lv&Z?R<RtV 9d8 :  currentname Document1@D@@{L^_B B 2\@f@,@@Unknown G*Ax Times New Roman5Symbol3. *Cx Arial=Lucida FaxK=   jMS Gothic-3 0000CMGotham-Medium5. .[`)TahomaAMGotham-LightMMGotham-LightItalic?= *Cx Courier New;WingdingsA$BCambria Math"1ThRG/RG'V8)Q0 BHX !)2 xx [Document title] [subtitle] Hoare, Kevin Hoare, Kevinx                      Oh+'0l  ( 4 @LT\d[Document title] [subtitle]Hoare, Kevin E0E27C62Hoare, Kevin1Microsoft Office Word@캃@w@@2C'V՜.+,D՜.+,@ hp  ԭ  [Document title] Titled  8@ _PID_HLINKSA N6& http://www.relayservice.com.au/ 3http://www.accc.gov.au/rhttp://www.communications.gov.au/policy_and_legislation/telecommunications_regulatory_reform_separation_frameworkB Ehttps://www.telstrawholesale.com.au/nbn/overview/nbn-transition.htmlMahttps://www.telstrawholesale.com.au/why-telstra-wholesale/structural-separation-undertaking.html 3 http://www.accc.gov.au/cm http://www.accc.gov.au/regulated-infrastructure/communications/industry-reform/telstras-structural-separation-undertaking/telstra-completion-of-it-systems-remediation-program 3http://www.accc.gov.au/.mailto:publishing.unit%40accc.gov.au?subject=.mailto:publishing.unit%40accc.gov.au?subject=D! http://https//www.accc.gov.au/publications/telstras-structural-separation-undertaking/telstras-structural-separation-undertaking-2014 15"Ihttp://www.accc.gov.au/system/files/ACCC final report %28public%29_0.pdfdtWhttp://www.accc.gov.au/system/files/FSR FAD Final Decision Report - Public Version.pdf  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~     #$Root Entry Fpt&C"Data 1TableWordDocument JSummaryInformation( DocumentSummaryInformation8MsoDataStore`t&Cpt&CGVXG3LPP==2 `t&Cpt&CItem  PropertiesJEURXVM==2 `t&Cpt&CItem  PropertiesUCompObjr [pick the date]   F Microsoft Word 97-2003 Document MSWordDocWord.Document.89q