Rachael Falk was legal counsel in Telstra’s dispute resolution group for more than 10 years before she stepped into the role of digital privacy manager of Telstra Security Operations four months ago.

Later this week she will appear with Telstra executives to represent the telecommunications giant as part of the Parliamentary Joint Committee on Intelligence and Security (PJCIS) examining the Government’s reform proposals described in the Equipping Australia against Emerging and Evolving Threats discussion paper.

Falk said she had been channelling her legal skills in preparation for her appearance.

“It’s a bit daunting to move out of being a lawyer to being someone who’s then appearing before a committee in a different capacity but …lawyers certainly appreciate the gravity of being a witness. I think lawyers are very good at preparing, so all those skills can cross fertilise,” said Falk, who worked at Freshfields, Blake Dawson and Clayton Utz before joining Telstra.

Telstra is one of a number of companies concerned about plans that would see internet and phone companies storing the data of every user for up to two years.

Telstra’s submission to the inquiry was one of 201 from individuals, industry and government bodies, including the Australian Federal Police (AFP), the Law Council of Australia and members of iiNet, Vodafone Hutchison Australia and Optus.

The focus of Falk’s role is data security. She runs projects on Telstra’s overall security risks from a data-privacy perspective; looking at how Telstra works data security into its contractual framework with vendors and how it manages that on a contract lifecycle.

“I want to make sure we’re looking at all aspects of what we do and keeping ahead of the game. We want to make sure all we do, our procedures, appropriately manage that data,” she said.

 According to its submission, Telstra believes the plans impose a significant impost on normal operations and reduce vendor competition.

It claims the current data retention proposals “would create ambiguity and uncertainty as to what is expected of carriers/carriage service providers (C/CSPs)”.

“At face value it would appear that C/CSPs would need to accept government advice on what equipment they could or could not procure, how C/CSPs could or could not configure their networks and systems, and possibly how they conduct their day-to-day business activities. It would also appear that this proposed obligation will only apply to a few ‘nominated’ C/CSPs, such that the impost would not be competitively neutral,” reads the submission.

“Telstra does not support this approach.”

Risk management

While Falk no longer has the capacity to provide legal advice in her role, her time as a lawyer has made her well aware of how to assess and manage risks.

“What we might need to potentially look at is our data security and customer privacy and what the risk might be, so in a sense it’s taking all that knowledge, and I think every lawyer, whether they’re in insurance law or ligation, assesses risks,” said Falk, adding that she’s now the one who’s assessing the options, briefing senior managers and working out, based on the evidence she has, what Telstra might want to pursue.

Part of her role involves research on policy issues but mostly it’s a strategic role of directing traffic, she says.

“I’ve got a project I can’t quite talk about specifically but I’ll have to have a team working on that. [I’m] learning to shift away, research comes quite naturally to a lawyer; to get stuck on a problem and work it through, but the interesting thing is the research isn’t legal, I’m doing sort of policy issues that take you into broader research,” she said.

In a deliberate move to make sure she didn’t fall back into the “very comfortable” patterns of legal thinking, Falk has started a master in national security policy at Australian National University.

“That’s much more a policy, arts-based, political science based [course], so u have to think in a different way,” she said.