On 4 Oct 2017, at 20:02, Paul Templeton <paul@coffswifi.net> wrote:

The extent of data retention obligations for your relevant service would relate to the extent to which elements of the data set “visible” to you. For example, where a provider does not have “visibility” of a customer’s IP address, it is likely that the IP address was assigned as part of a different relevant service.
For example, if you have a record of the MAC addresses of users who access your network then this information must be retained for the required period.  You are not obliged to retain the identity of the user if this is not information to which you have access.

Tor Guards have access to client IP addresses.
So I'm not sure if you gave inaccurate information to the department,
or they misunderstood what you said.

But, even if you know the client IP address, you may be exempt under
section 4.3 of the FAQs, because the IP address is allocated by the
client's ISP, and you don't know the destination.

4.3. If provider offers an internet access service, is it required to retain IP addresses allocated by other providers?

If the service in question only offers connection to the internet, a service provider will not be required to retain IP addresses allocated by other providers.

However, if a provider offers an additional OTT service, such as VoIP, it will be required to retain the relevant destination communication information.

For example, if a provider operates both an internet access service and an OTT service—it will be required to retain destination information only for the OTT service.

https://www.ag.gov.au/NationalSecurity/DataRetention/Documents/DataRetentionIndustryFAQS.pdf

But I'm not a lawyer, so you should get your own lawyer.
Or run a relay outside Australia.

T