Bird & Bird special counsel Lisa Vanderwal said this also triggers a series of requirements under the Privacy Act, so law firms need to be notifying their telco and service provider clients to update their privacy policies and alert customers to the changes.

“Law firms may also need to look carefully at how the information that these clients are collecting and storing, to make sure that they're not going beyond the ambit of the legislation,” Ms Vanderwal said.

Ms Vanderwal said most companies have sought, or are in the process of seeking, up to an 18-month extension to the new metadata retention obligations, as is permitted by the legislation but, once the 18-month extension period ends, lawyers may experience an increase in matters relating to the issue.

“For example, in relation to advice on whether these organisations can provide certain information that has been requested by an enforcement authority, or even individuals who see this as an opportunity to ask what personal information those carriers or communications services providers hold about them.”

The flow-on effects to the Privacy Act will likely create new opportunities for lawyers in relation to privacy and data protection over the next 12 months, according to Ms Vanderwal.

“Most organisations with revenues under $3 million have been exempt from the Privacy Act – but these looming legislative changes with respect to metadata collection trump that exemption, and from 13 October all communication service providers and telecommunications carriers will have to comply with the Privacy Act.”

Companies that repeatedly fail to comply with their obligations under the Privacy Act can be fined up to $1.8 million.

Like this story? Subscribe to our free newsletter and receive Lawyers Weekly every day straight to your inbox.