Media Release: Amend Privacy Act to address security breaches, biometrics and data-matching, says Privacy Commissioner

8 March 2007

While noting that the Privacy Act has generally worked well, the Privacy Commissioner, Karen Curtis, has recommended to the Australian Law Reform Commission (ALRC) that changes to the Privacy Act may be necessary to reflect technological developments.

"New technologies can offer immense benefits but we need strong protections in place to ensure that these benefits can be enjoyed while not unnecessarily impacting on individual privacy rights," Ms Curtis said.

In her 474-page submission to the ALRC's Review of Privacy, Ms Curtis identified a range of issues to address in areas as diverse as health, technology and telecommunications.

Some of the key technology-related proposals in the submission include:

  • Technology neutrality

    The Privacy Act should remain technology neutral to allow for sufficient regulatory flexibility to accommodate technological change.

  • Security breaches

    Organisations should be required to notify customers of a security breach that has made their personal information vulnerable in certain circumstances. This would provide a strong market incentive to organisations to adequately secure databases to increase consumer trust and avoid potential brand damage and negative publicity.

  • Biometrics

    Biometric information should be classified as sensitive information under the Privacy Act to ensure that it is afforded a higher level of privacy protection than other forms of personal information.

    In addition, all organisations - including small businesses that are generally exempt under the Privacy Act - that handle biometric information should be covered by the Act when handling the information.

  • Data-matching

    Owing to the risks posed by data-matching, the voluntary public sector data-matching guidelines should be reviewed and made mandatory. 

Aside from these proposals, Ms Curtis also called for a multi-faceted approach to the protection of privacy in the context of developing technologies.

"User education, the adoption of anti-spyware and international agreements between jurisdictions are additional steps in ensuring that technological developments do not encroach on people's privacy," she said. 

For further information see www.privacy.gov.au/publications/alrc280207.html

For media comment, contact 0407 663 968.

Return