|Executive summary | Chapter 1 | Chapter 2 |Chapter 3 |Chapter 4 |Chapter 5 |Chapter 6 |Chapter 7 |Chapter 8 |Chapter 9 |Chapter 10 |Chapter 11 |Chapter 12 |Chapter 13|
1. Since the enactment of the Privacy Act in 1988 considerable change has occurred in the privacy regulatory landscape. The Privacy Act itself has been amended and added to and new privacy legislation has been implemented in some states and territories.
2. While this has broadened the reach of privacy regulation in Australia, it has also produced a national regulatory framework prone to inconsistency. The Office observes that national inconsistencies operate on three key levels:
3. The Office believes that regulatory consistency is crucial if agency and organisational compliance burdens are to be minimised and individuals are to be adequately empowered to have their privacy rights met without confusion or difficulty. This submission takes national consistency to be a key goal in any reform of Australia's privacy regulatory framework.
4. The Office submits that regulatory inconsistency would be greatly reduced by the development of a single and uniform set of privacy principles. A single set of principles would be most effective where it is implemented, not only in the Privacy Act (to replace the IPPs and NPPs), but also in applicable state and territory legislation. This would allow for a more clear and straight-forward approach to regulating the many different sectors covered by privacy laws in Australia.
Creating consistency - further discussion
5. The responses to questions 4-34 and 4-35 in Chapter 4: Examination of the Privacy Principles explore options for a single set of uniform principles to reduce inconsistency within the Privacy Act.
6. Solutions to specific instances of inconsistency in privacy regulation in Australia are discussed in more detail in Chapter 7: Interaction, Fragmentation and Inconsistency in Privacy Regulation of this submission.
7. Chapter 8: Health Services and Research explores options to remove inconsistency. In particular, question 8-32 deals with this issue.
2-1 Is national consistency in the regulation of personal information important? If so, what are the most effective methods of achieving nationally consistent and comprehensive laws for the regulation of personal information in Australia?
8. One of the key findings of the Office's Private Sector Review was that the Privacy Act had not achieved its object of establishing a 'single comprehensive national scheme' for the protection of personal information.31 It was this finding that led the Office to make a number of recommendations including that the Australian Government consider commissioning a systematic examination of both the IPPs and the NPPs with a view to developing a single set of principles that would apply to both Australian Government agencies and private sector agencies.
9. The Office believes that national consistency is important for the regulation of personal information and supports measures to assist in achieving consistent and comprehensive privacy laws across Australia. Consistency in privacy regulation is desirable particularly where there is no compelling need for differentiation.
10. The Office also observes that, in the context of multi-layered privacy regulation, the goal might be considered to be not only consistency to enable the interoperation of laws, but also greater legislative uniformity which will go considerably further in minimising regulatory complexity.
Consistency within the Privacy Act
11. The Office submits that the Privacy Act should be amended to contain a single set of privacy principles to regulate information handling in the private sector and the Australian Government public sector. A single set of principles would replace the two existing sets of principles (the IPPs and the NPPs) which already separately regulate these sectors.
12. In creating a single set of principles, the Office stresses that the resulting principles should not reduce the level of protection currently provided for under the IPPs and the NPPs.
Cooperative schemes
13. The Office believes that, for the purposes of introducing uniform privacy principles across both Commonwealth and state/territory public sectors, a cooperative scheme between the Australian Government and the states may provide the best avenue for enhancing the uniformity of national privacy regulation.
14. An ideal outcome would be for the states to have input into the development of a uniform set of principles for the Privacy Act and then amend their own privacy legislation to enact the agreed upon principles. As noted in IP31 at paragraph 2.94, where state privacy legislation is lacking, s 6F of the Privacy Act would allow states to request that their public sector authorities be brought under the Privacy Act by regulation.
Binding codes
15. The Office also notes that another way of overcoming problems caused by inconsistent state and territory legislation regulating a particular activity is to provide for a power within the Privacy Act to develop binding codes.
16. A power to create binding codes would allow the Commissioner to respond to specific privacy issues that fall outside the scope of the Privacy Act at a national level. Accordingly this would enable a national approach to privacy protection with the codes acting as an alternative to piecemeal enactments of legislation in the states and territories.
17. The Office reiterates the view put forward in its Private Sector Review, that the Commissioner be given the power to make binding codes.32 As noted in IP31 at paragraph 2.106, there are a few different models that could be used to achieve this end. Providing the Commissioner with the power to make binding codes is discussed further in Chapter 6 in the responses to question 6-20.
31 The intention of introducing 'a single comprehensive national scheme for the protection of personal information' was announced by the then Attorney-General, the Hon Daryl Williams AM QC MP at the introduction of the private sector provisions, see Privacy Amendment (Private Sector) Bill 2000 Second Reading Speech 12 April 2000 Representatives Hansard p 15751.
32 Office of the Privacy Commissioner Getting in on the Act: The Review of the Private Sector Provisions of the Privacy Act 1988 (Office's Private Sector Review) 2005 pp158-159 & p163.