|Executive summary | Chapter 1 | Chapter 2 |Chapter 3 |Chapter 4 |Chapter 5 |Chapter 6 |Chapter 7 |Chapter 8 |Chapter 9 |Chapter 10 |Chapter 11 |Chapter 12 |Chapter 13|
1. Chapter 7 expands on some of the issues raised in Chapter 2, particularly regarding the interaction and inconsistency between the Privacy Act and other privacy-related regulations. This includes interactions between:
2. Ensuring consistent interaction between the Privacy Act and these regulations (as well as internal consistency of the Privacy Act itself) will have positive impacts on three key areas:
3. Accordingly, the Office recognises the importance of ensuring privacy regulations are interoperable, consistent and comprehensive. The Office believes that national consistency should be the ultimate goal of such an interoperable privacy scheme.
4. Consistency does not mean the elimination of multi-layered regulation. In many cases, additional protections that regulate particular sectors, or protect certain information, can enhance privacy (such as privacy codes and secrecy provisions). However, in the interests of all parties, it is critical to ensure these layers are not unnecessary, inconsistent, or poorly interactive.
5. In the Office's view, there are a number of ways that current privacy regulations can be harmonised. Depending on the nature and extent of the problem that is identified, these solutions include:
6. In its Private Sector Review, the Office noted that 'the Privacy Act has not achieved its object of establishing a "single comprehensive national scheme" for the protection of personal information.'208 As indicated in the Office's recommendations under that review, the Office still considers national uniformity in privacy regulation to be an overarching goal. 209 However, in a federal system of government, the existence of multiple regulatory bodies is a common prospect, and at times an appropriate one, as noted below.
7. The Office is not of the opinion that the existence of multiple regulatory bodies necessarily leads to negative outcomes in privacy regulation. It is important to distinguish the various ways in which multiple regulatory bodies interact and overlap. As the Office understands it, the term 'multi-layered regulation' can be applied to describe any of the following situations:
8. The circumstances that have led to such regulation vary, depending on the jurisdictional and sectoral characteristics in each case.
9. While difficulties can arise in relation to the above areas, the extent of those difficulties vary, as do the possible ways of resolving them. In the Office's view, the problem should not be overstated by the assumption that 'multi-layered regulation' as a whole is undesirable. In some cases, multiple regulations exist side by side to protect privacy (as with secrecy provisions and the Privacy Act212), or are necessary to address gaps in pre-existing regulations.
10. The Office's Private Sector Review noted that fragmentation and inconsistency can, in some cases, contribute to increased compliance burdens, administrative duplication and jurisdictional confusion.213
11. While the Office still holds this view, it is particularly concerned where those layers are unnecessary, inconsistent, or poorly interactive. Where multi-layered privacy regulation is necessary (for example, to address gaps in coverage, or where flexibility is needed) governments and regulators should work to maximise interoperability and, where appropriate, uniformity across jurisdictions.
12. With these comments in mind, the specific impacts of multi-layered regulation raised in Question 7-1 of the ALRC's Issues Paper (IP 31) are discussed below.
13. Ideally, compliance costs should be proportionate to the activities of the entity, and the public benefits that result from complying with relevant regulations. As with any regulatory scheme, compliance with privacy laws incurs costs to agencies and organisations in undertaking their operations. Generally, the Office believes businesses and consumers recognise such costs as a necessary element in maintaining privacy protections for all Australians. By demonstrating respect for client and customer privacy, compliance can have positive benefits for all parties.214
14. In many areas, the Office believes compliance obligations are proportionate and appropriate to public expectations. For example, under the Privacy Act, agencies and organisations must take actions that are 'reasonable' to fulfil obligations relating to notice requirements, data quality and data security (among others).215 What is considered 'reasonable' is contextual, and may depend on the entity's size and activities. Such flexibility ensures that privacy can be protected without imposing an unjustified burden on those who must comply.
15. The Office recognises that compliance costs escalate where entities must comply with multiple layers of privacy regulation.216 In some cases, the solution may be to resolve questions of jurisdiction. For example, by clarifying that the Privacy Act 'covers the field' of the private sector to the exclusion of other jurisidictions' privacy legislation. In other cases, governments and regulators may work together to promote greater consistency between regulations and administrative procedures, without disrupting existing regulatory frameworks.
16. Questions 7-1 (b) and (c) are answered together.
17. The Office recognises that multi-layered regulation of personal information can be problematic for some organisations that operate across state borders, or on a national scale. In some cases this is an inevitable consequence of large-scale operations across a federal system, which national organisations are often better equipped to deal with due to their size. In particular sectors, including health, greater consistency in regulation would clarify obligations and may facilitate the implementation of interstate and national initiatives.
18. The ALRC has noted the Office's example of a national medication service, which had to read various consent statements depending on the relevant jurisdiction.217 In another instance, a charitable organisation engaged in employment services and programs with both Australian and State government funding, noted that it may be required to comply with the NPPs, the IPPs, department procedural requirements and state or territory law.218
19. In relation to national initiatives, the Office notes the difficulties that multi-layered regulation had on the development of initiatives such as the former proposal for a national e-health system, HealthConnect.219 Inconsistent regulations may also inhibit proposals for interoperable electronic health records (EHR) across jurisdictions (as envisaged by the work of the National E-Health Transition Authority on EHR standards220).
20. Implementation of Australia-wide programs would be greatly assisted by overarching national standards for protecting personal information (for health information in particular). Accordingly, the Office supports steps to harmonise multiple layers of privacy regulation or remove them where appropriate, so that national organisations and nation-wide programs can operate more effectively across state borders.
21. This may include amending s 3 of the Privacy Act to clarify that the Act is intended to cover the private sector, to the exclusion of state and territory privacy legislation.221 With appropriate consultation, education and implementation, this may resolve many current difficulties, particularly in the private health sector (including the above examples).
22. Some issues may arise when the jurisdictions of multiple regulators overlap. Examples include where the Office's jurisdiction to handle privacy complaints overlaps with the Banking and Financial Services Ombudsman (BFSO), and the Telecommunications Industry Ombudsman (TIO).
23. Good relationships between multiple regulators can help to address these issues. Nevertheless, the existence of multiple regulators in one sector presents three potential risks: forum shopping, inefficient use of resources, and inconsistent outcomes.
24. First, the existence of multiple regulators may allow a complainant to 'shop around' to find the regulator that is likely to provide the most favourable remedy or response. Second, the same complaint could be lodged with different regulators, without knowledge of each other's investigation. This could create inefficiency in costs and unnecessary duplication of effort. Third, the processes and outcomes of each regulator's investigation may lead to inconsistent findings and enforcement.
25. In the Office's view, good communication and administrative procedures between regulators have ensured that the above risks occur infrequently. This can be assisted by creating memoranda of understanding, harmonisation of complaint-handling procedures and legislative interpretation, and appropriate referral mechanisms.
26. Where the source of these problems is inconsistent legislation, clarifying the scope of each regulator's jurisdiction could help to avoid such risks, provided this does not lead to gaps in regulatory coverage.
27. Notably, the Privacy Commissioner does not currently have the power to decline a complaint which has already been adequately investigated, or is being investigated, by an industry body such as the BFSO or the TIO. Nor does the Commissioner have the power to refer complaints to such industry bodies where appropriate (currently this may only be done informally, with consent).
28. As such, the Office believes there may be merit in conferring additional powers of decline and referral on the Privacy Commissioner, which allow the Commissioner to:
29. In the Office's view, such additional powers may increase efficiency of complaint-handling between regulators, and positively impact on complainant satisfaction in terms of both timeliness and suitability of remedy.
30. These powers are discussed further in Chapter 6 in response to question 6-13 (under 'Declining and referring complaints where an industry body is a more appropriate forum'), and specifically in relation to the telecommunications sector in response to question 10-3 in Chapter 10.
31. The existence of multiple regulators at different levels of government raises concerns on three levels. First, it can be difficult for individuals to understand their rights, and know how to enforce them. Second, organisations may bear increased compliance costs by having to obey multiple sets of regulations. Third, this may lead to unnecessary duplication of effort and resource expenditure by regulators. However, in the Office's view, lack of consistency in legislation is often the primary source of the problem, rather than the existence of more than one regulator per se.
32. A key area of overlap is the regulation of personal health information under federal and state privacy legislation. For example, jurisdiction over privacy complaints in the NSW private health sector is shared between the Office of the Privacy Commissioner and Privacy NSW.
33. As an example of a potential lack of consistency in legislation, NSW privacy legislation specifies the form of access that organisations must provide (such as a copy) when individuals access their health information.223 In contrast, the Privacy Act does not stipulate the form of access that must be provided, only that access in some form is granted (NPP 6.1). Private medical practitioners in NSW may therefore be bound by two different legislative standards regulating the same practices.
34. In this example, it is possible that an organisation could comply with NPP 6.1 but breach the Health Record and Information Privacy Act 2002 (NSW) (NSW HRIPA) with the same activity. If a complaint were lodged, it is possible that Privacy NSW could find a breach in an instance where the Office of the Privacy Commissioner may not (although an individual may be encouraged to choose one regulator to handle the complaint from the outset).
35. In the Office's view, legislative harmonisation is an important way of overcoming the problems noted above in relation to multiple privacy regulators. The Office would support further clarification of the relationship between the Office and other privacy-related regulators, and would welcome increased collaboration (for example, through complaint referral mechanisms and jointly-issued guidance material).
36. One way of clarifying these relationships, and minimising unnecessary overlap, may be to remove any ambiguity as to whether the Privacy Act covers the private sector exclusively. Governments may also wish to build on existing Privacy Act principles and pursue uniform model legislation across different jurisdictions.
37. A primary function of the Privacy Act is to ensure that personal information is not disclosed inappropriately between different entities. The Privacy Act also facilitates appropriate information flows, such as by allowing disclosures that are 'required or authorised by or under law'.224 This allows other laws to prescribe lawful disclosures, which agencies and organisations can rely upon without conflicting with the Privacy Act.
38. However, when other privacy-related legislation operates in addition to the Privacy Act, both real and perceived restrictions can potentially impede the appropriate flow of information between the public and private sectors.
39. Some obstacles to appropriate information-sharing between public sector agencies and private sector organisations may arise artificially - either from misapplication or 'risk-averse' interpretation of relevant regulations, including the Privacy Act. At times, the Office has found that information-sharing would be permitted, but does not take place due to a lack of clarity (or understanding) of the existing law. For example, the Office understands that one reason the Privacy Legislation Amendment (Emergencies and Disasters) Act 2006 was enacted was to put beyond doubt the fact that agencies can, where appropriate, share information about persons involved in declared emergencies.225
40. The Office would welcome further consideration by the ALRC of instances where multi-layered regulation obstructs appropriate information-sharing between sectors.
41. In many cases, contractual privacy provisions are an appropriate way to incorporate higher privacy obligations than may otherwise apply, or to maintain privacy protections that should already apply to personal information.226 For example, they may compel a contractor to undertake specific privacy-related activities, such as mandatory reporting of suspected privacy breaches, or the undertaking of staff training.
42. From a privacy perspective, raising the standard of information protection is encouraged, where appropriate. However, organisations themselves may be able to highlight particular difficulties with contractual obligations imposed under various levels of government. Contractors' privacy obligations are discussed further in response to questions 7-2 (c), (d) and (e) below.
43. The current provisions relating to Commonwealth contractors, outlined in section 95B of the Privacy Act, appear appropriate to the Office. The provisions prohibit both contractors and subcontractors from engaging in acts or practices that would contravene the IPPs. The Privacy Act does not limit the ability of Australian Government agencies to include contractual clauses that refine existing privacy obligations, or impose additional obligations on a contractor, which may be appropriate under certain circumstances. In this regard, the Office generally considers the current provisions appropriate and effective.
44. The Office believes that applying two similar but different sets of principles (the IPPs and NPPs) to Commonwealth contractors is unnecessarily complex.
45. At present, an Australian Government contractor will be bound by contract to comply with the IPPs (under section 95B of the Privacy Act), and may also be bound by the NPPs in their capacity as a private sector organisation (in addition to any applicable state or territory privacy laws). The NPPs remain in force if there is no provision in the contract equivalent to one or more of the NPPs.227
46. Similarly to contractors, the Office notes that some government enterprises have both IPP and NPP obligations. This depends on whether they are performing an activity as an 'agency' (in relation to their non-commercial activities) or an 'organisation' (in relation to their commercial activities).
47. In its responses to Chapters 2 and 4, the Office has proposed a single set of principles to bind the public and private sectors. Among other benefits, the Office believes that compliance with a single set of principles would considerably reduce the complexity of Commonwealth contractors' privacy obligations, facilitate compliance, and diminish interferences with privacy in the long term.
48. The Office understands that, where an organisation performs different activities under state and federal contracts, their privacy obligations may vary between any applicable state laws and the Privacy Act. While these differences arise almost inevitably in our federal system of government, there is merit in increasing consistency between federal and state/territory privacy obligations. The Office welcomes further consideration of organisations' particular experiences by the ALRC.
49. The Office has ongoing concerns that state or territory government contractors, who are otherwise private sector organisations, may not be bound by the Privacy Act or equivalent standards when performing functions under state or territory contracts.228 These contractors must still comply with the NPPs in their capacity as a private sector organisation, assuming that they are not otherwise exempt.
50. The Office recognises that, in passing the Privacy Amendment (Private Sector) Bill 2000, the Parliament intended that the acts and practices of state and territory government contractors 'will not be covered by the Commonwealth's privacy scheme but rather the State or Territory's own privacy standards.'229 The Parliamentary Bills Digest explains that '...the rationale being that such activities should be regulated at State or Territory level'.230 The Bill's Explanatory Memorandum goes on to explain that the purpose of section 7B(5) is to '...ensure that private sector organisations providing services under contract to a State or Territory authority are exempt from the Commonwealth's privacy regime in respect of those services and can be regulated by the relevant State or Territory.'231
51. However, the Office notes that some states have not moved to regulate the handling of personal information where their agencies outsource certain activities. The absence of consistent regulations for state contractors in these instances (under the Privacy Act or otherwise), and the possible imposition of different obligations, can create gaps in privacy protections. Depending on relevant state or territory privacy laws, the standard of privacy protection may be lower than would otherwise apply under the Privacy Act, or may only apply to certain information (such as health information). In other cases there may be a lack of privacy protection altogether.
52. The problem is perhaps most acute in states and territories that have not enacted privacy laws, such as South Australia and Western Australia. In such jurisdictions, state regulations (or contractual provisions) may not adequately supplement the lack of Privacy Act coverage over contractors' information-handling practices. This appears contrary to Parliament's expectation that state privacy laws would cover such activities, and to public expectations that personal information will be protected wherever it is held.
53. It is also unclear which bodies regulate the privacy practices of state contractors. The Office has no jurisdiction over state contractors, but they may also fall outside state privacy regulators' jurisdiction in certain circumstances, either because no such regulator exists, or because the contractor is not a state agency.
54. For example, in one instance, the Office had to decline to investigate a worker's compensation matter because it involved a state contractor, but no state privacy regime existed to deal with the matter. In other cases, both the Office and state privacy bodies have declined to investigate the practices of a state contractor.
55. Organisations that operate motor tollways are another significant example of where the s 7B(5) exemption may cause a regulatory gap. These organisations collect the personal information of large numbers of motorists, which may include vehicle movements and bank and credit card details. The Office understands there is presently no all-encompassing or consistent regulation of the way these organisations handle personal information.
56. To ensure that coverage of privacy protections is as extensive and consistent as possible, the Office believes state and territory contractors should be covered by the Privacy Act, or at least equivalent legislation.
57. This could be achieved by all states and territories enacting privacy legislation which imposes protections on their agencies and contractors that are at least equivalent to the Privacy Act. If this does not occur, s 7B(5) of the Privacy Act could be amended to ensure that the NPPs apply to state contractors where no equivalent state or territory privacy laws exist.
58. On a related matter, the definition of 'contracted service provider' in Part II (Interpretation) could also be reviewed to ensure that it is adequate to cover all the types of activities that private sector organisations might perform on behalf of agencies.
59. A longer-term initiative could be to develop uniform model legislation to harmonise protections across all private and public sectors. This legislation could be based on a single set of principles under the Privacy Act, such as those proposed in the Office's response to Chapter 4 (see response to question 4-35). Under any such uniform model, the Office believes that existing Privacy Act protections should be the minimum baseline for proposed standards.
60. The Office's Private Sector Review considered Residential Tenancy Databases (RTDs) as a high-priority area to be addressed.232 A Working Party involving the Ministerial Council on Consumer Affairs (MCCA) and the Standing Committee of Attorneys General (SCAG) recently considered this area in detail. The Working Party's final report made a series of recommendations.233
61. In particular, the Office endorses the recommendation that uniform RTD legislation be introduced in the states and territories, which would regulate the use of RTDs by landlords, agents and other listing parties.234 The Office believes such legislation should deal with matters such as notice, consent, listing guidelines and access.
62. If the states and territories do not pass such legislation, the Office believes the Privacy Act should be amended to define all operators of Residential Tenancy Databases as 'organisations' for the purposes of the NPPs.235
63. However, the Office notes that the NPPs may not be specific enough to address particular concerns around RTDs, (for example, data retention periods). For example, more stringent regulations apply to credit reporting, an area which can have similarly significant consequences for individuals, under Part IIIA of the Privacy Act. Accordingly, the Office believes that the area of RTDs may be an appropriate field for a binding code under the Privacy Act.236 These codes are discussed further under Chapter 6 of the Office's response. RTDs are also discussed in Chapter 5 in the Office's response to question 5-6 (in relation to the small business exemption).
64. The Office acknowledges the potential benefits of a consistent approach in defining common terms across different legislation that regulates personal information (provided that the intended meaning in each piece of legislation is sufficiently similar). These benefits may include clarity and convenience of interpretation.
65. However, the Office is not aware of major difficulties in privacy regulation caused by multiple definitions for the same term, and would be wary of unintended consequences arising from attempts to unify definitions inappropriately.
66. Terms like 'personal information', 'record', 'small business', 'access', 'consent', 'document' and 'person' are often used in relation to the regulation of personal information.
67. However, the definition of 'record' is more extensive and detailed in the Archives Act than it is in the Privacy Act.237 The definition of 'small business' also varies with the circumstances. Under the Privacy Act, it means a private sector organisation with an annual turnover of $3 million or less, whereas under the Corporations Act it means an organisation with less than 20 employees.238
68. The ALRC may wish to consider the various contexts in which such terms are used, and consult with relevant agencies on whether those terms would benefit from consistent definition.
69. The Privacy Act is intended to protect personal information, not to fetter governments' discretion to authorise or require that personal information be handled in a particular way. In general, the Office believes that legislation should expressly set out its intention to require or authorise a particular use or disclosure (such as by directly referring to the Privacy Act). This helps to avoid interpretations or implications that allow the personal information to be handled in ways that legislators did not intend.
70. The Australian public expects that governments are able to make laws to facilitate the handling of information in certain appropriate and necessary ways. Among other provisions, the 'required or authorised by law' exceptions to use and disclosure under the Privacy Act reflect this expectation.239
71. Nevertheless, in order to protect personal information effectively, the public expects that reliance on those exceptions be well-considered, judicious and justified. If there is excessive reliance on these exceptions, or if legal authorisations are too broadly interpreted, this may weaken privacy protections and undermine the intent of the Privacy Act.
72. Ambiguity in legislation can cause uncertainty for agencies and individuals (and potentially the Office) as to how information should be handled, and whether the relevant provision meets the requirements for use and disclosure under the Privacy Act.
73. When those exceptions are relied upon, the Office can advise on the interpretation of the Privacy Act. However, it is for agencies and organisations themselves to identify which legal provision they intend to rely upon to permit a particular practice.
74. The Office suggests that a consolidated digest could be developed, listing all legislative provisions that require or authorise personal information to be handled in ways that the Privacy Act may otherwise prevent. This could clarify the scope of particular legal provisions and their relationship to the Privacy Act, keep track of the number and extent of lawful exceptions to the Privacy Act, and improve public confidence in legal transparency.
75. The Office recognises the general public interest in accessibility to legal information. This digest would contrast with the current need to navigate through a diffuse range of legislative instruments to determine whether a particular use or disclosure is indeed authorised or required by law.
76. In addition to Commonwealth legislation, it may be appropriate to include relevant regulations, by-laws, rules, codes and applicable state and territory instruments. Provisions that refer to a relevant IPP exception may need to be listed separately from those that rely on the NPPs.
77. The ALRC may wish to consider the logistical challenges of creating such a digest. This includes the need for regular updates to take account of amendments, repeals and new provisions. It may also require the coordination of numerous agencies and organisations, such as the Office itself and possibly the Attorney General's Department.
78. The Office has considerable experience with the overlap between the Privacy Act and the Freedom of Information Act 1982 (Cth) (FOI Act), which occurs in relation to access to, and amendment of, personal information. Although this overlap is not debilitating, it limits the scope of the Privacy Act to assist individuals seeking access to their own information. The Office believes that one option may be to develop amendments which could enhance consistency between the Privacy Act and the FOI Act, and assist the Privacy Act to function as intended.
79. Access to one's own personal information (and the right to have it corrected) is one of the cornerstones of privacy protection. This is reflected in the Privacy Act by the inclusion of IPP 6 and IPP 7 (public sector) and NPP 6 (private sector).
80. Both the FOI Act and the Privacy Act provide a right of access to, and correction of, documents held by government agencies. However, the rights conferred by the Privacy Act have a more specific focus, as they only relate to personal information. These rights (under IPP 6 and IPP 7) are subject to other Commonwealth laws that allow access and amendment. For example, IPP 6 (on access) states:
Where a record-keeper has possession or control of a record that contains personal information, the individual concerned shall be entitled to have access to that record, except to the extent that the record-keeper is required or authorised to refuse to provide the individual with access to that record under applicable provisions of any law of the Commonwealth that provides for access by persons to documents.240
The most relevant law that IPPs 6 and 7 are subject to is the FOI Act.
81. As a result of the terms of IPPs 6 and 7 (read in conjunction with s 34 of the Privacy Act), the Privacy Commissioner will generally decline to investigate a complaint about access or amendment in the public sector if the complainant has not exhausted all FOI processes.241 The complainant will then be referred to the relevant agency's FOI officer, and their request for access or amendment will be diverted through the agency's FOI processes. This can result in dissatisfaction and confusion of complainants, and unnecessary administrative costs and processes.
82. IPP 7 allows for the correction of records containing personal information.242 Although it is subject to FOI provisions, the terms of IPP 7 mean that some amendments can be sought under that provision that cannot be sought under Part V of the FOI Act. This includes amendments:
83. In the Office's view, it may be contrary to the spirit of the Act, and inconsistent with the substantive rights of access under the private sector provisions (NPP 6), if IPP 6 and IPP 7 continue to be subject to the FOI Act. The Office also believes it may be unnecessary to subject individuals to the processes of FOI (primarily designed for accessing the deliberative process of government) if a simpler process could be facilitated under the IPPs.
84. Accordingly, the Office suggests that IPPs 6 and 7 could be amended to provide a further mechanism by which individuals can seek access to and correction of their personal information held by Australian and ACT government agencies, in addition to the FOI Act process. This would not mean creating provisions that are inconsistent with the FOI Act. Rather, it may involve amending the IPPs to require agencies to give access, subject to particular exceptions listed under IPP 6 (including relevant exemptions currently found in the FOI Act).244 This may also need to be considered if a single set of privacy principles were adopted.
85. In the interests of consistency, and in the spirit of both Acts, it may also be appropriate to expand the amendment rights under the FOI Act to align with those currently under IPP 7.
86. In accordance with the above response to question 7-6(a), the Office believes that rights of access to and correction of personal information could remain exercisable under both sets of legislation, and that the exceptions to granting access under each Act should be harmonised (including exemptions which prevent disclosure for privacy reasons245). The harmonisation of these various approaches should ensure that the highest available standard of privacy protection is maintained. The ALRC may wish to consider further whether it would be appropriate to incorporate a consultation process under the Privacy Act itself.
87. Another option the ALRC may wish to consider is whether the Office's complaints files should be exempt from FOI disclosures (noting that such complaints deal with the issue of privacy itself), as is the case for some other privacy regulators.246 It is currently possible to exempt documents that may unreasonably disclose personal information on a case by case basis.247 Access should still be available for parties to a complaint, as appropriate. However, the Office believes that a cover-all exemption would be consistent with public expectations of privacy, heighten the trust of complainants, and reinforce the Office's commitment to leadership in good privacy practice.
88. The Office understands that the Privacy Act and the FOI Act were introduced for different purposes, and that each retains a distinctive role in the common pursuit of open government.248
89. Generally speaking, the intent behind the FOI Act is to allow public access to the deliberative policy and administrative processes of government, as a mechanism for public accountability. In contrast, the Privacy Act was introduced to protect and allow individuals to control the handling of personal information held in the Australian and ACT public sectors (with the private sector provisions being introduced in 2001).
90. Nevertheless, the Office recognises the significant overlap between the FOI Act and the Privacy Act, particularly regarding access to, and amendment of, personal information.
91. For example, in the 2004-2005 financial year, 91% of FOI requests were by individuals seeking a copy of documentation that includes their personal details. The remaining 9% involved requests for Government processes and policies.249 The vast majority of requests were therefore at the level of individual control over personal information (the realm of privacy), rather than public access to deliberative and administrative processes of Government (the realm of FOI). This is similar to the role that the Privacy Act performs in providing a right of access to, and the correction of, personal information held by private sector organisations.
92. While there are domestic and international precedents for the creation of one body to perform both functions,250 the Office is of the view that there may be more than one approach to addressing how these areas should be regulated. In short, these include:
93. Questions 7-6(d), (e) and (f) are considered together below.
94. Briefly, the Office would welcome further consideration of whether the Privacy Act should extend to cover certain classes of Commonwealth records in the 'open access period'. In addition, amending the 'personal affairs' exemption under the Archives Act 1983 (Cth) (the Archives Act) to apply to 'personal information' would better protect privacy, and harmonise the Archives Act with both the Privacy Act and the FOI Act. However, the Office does not necessarily recommend amalgamating the Acts under one administration as a means of improving the regulation of personal information.
95. The National Archives of Australia (NAA) has the important function of preserving the Commonwealth's 'records', a term that is defined more broadly under the Archives Act than under the Privacy Act.251 Subject to exemptions, records that are in the open access period (over 30 years old) are 'to be made available for public access.'252
96. The Privacy Act regulates information held in a 'record', as defined by s 6 of its own Act. However, this does not include records in the open access period under the Archives Act. The Office understands that those records remain under the jurisdiction of the Archives Act.253
97. A considerable amount of personal information (sometimes including health information) that is held in 'open access' Commonwealth records can be accessed by the public. The Office acknowledges the public interest in making that information publicly accessible, provided that this does not interfere with individuals' privacy and aligns with their reasonable expectations.
98. Nevertheless, there are instances where the protections under the Archives Act have not appeared to meet with individuals' expectations as to how their personal information will be protected. For example, the Office is aware of a case where an open access Commonwealth record, containing medical information, remained publicly accessible for some time. In this case, the individual and the NAA differed in their views as to whether the information might cause social stigma or be sensitive.
99. To address this issue, the ALRC may wish to consider the option of limiting disclosure of third parties' personal information by subjecting Commonwealth records in the open access period to coverage by IPP 11 (limits on disclosure). Alternatively, the Archives Act could mirror the provisions of IPP 11. However, if exemptions that prevent disclosure under the Archives Act can afford an appropriate standard of protection (noting the suggested amendments below), then extending the Privacy Act's coverage may not be necessary.
100. Under the Archives Act, a record is exempt from public access if it contains:
information or matter the disclosure of which under this Act would involve the unreasonable disclosure of information relating to the personal affairs of any person (including a deceased person).254
101. This is a narrower exemption than those provided under the FOI Act and the Privacy Act. For example, the FOI Act exempts a document if disclosure 'would involve the unreasonable disclosure of personal information about any person (including a deceased person).'255 This FOI exemption can also provide the basis for refusing access under IPP 6, while IPP 11 places various other limits on disclosure of personal information.256
102. There is a considerable difference between unreasonable disclosure of 'personal affairs' and unreasonable disclosure of 'personal information'. In the Office's view, the reference in the Archives Act to 'personal affairs' may result in a lower threshold of protection for personal information than the Privacy Act and FOI Act provide.
103. The consequence may be that where there is an unreasonable disclosure of 'personal information' that does not meet the criteria for 'personal affairs', the exemption may not apply and the information may be publicly accessible.
104. In the Office's view, changing this exemption to refer to 'personal information' would not defeat the public interest of allowing access to the national archives. Rather, it would provide greater scope to fairly consider whether a disclosure would be 'unreasonable' in the circumstances, and prevent the disclosure of personal information in circumstances that would otherwise be a breach of the IPPs.
105. In the interests of consistent and robust privacy protection across all three pieces of legislation, the Office recommends that the relevant Archives Act exemption be amended to align with the protection of 'personal information' under the Privacy Act and FOI Act.
106. While all three Acts should be consistent, the Office acknowledges their different purposes and roles, and believes that there is not necessarily a strong case for them to be consolidated into one Act (consistent with the views expressed above in response to 7-6(c)).
107. The Office notes that the provisions in sections 8WA and 8WB of the Taxation Administration Act 1953, creating criminal offences for the mishandling of Tax File Numbers (TFNs), extend to the TFNs of organisations. As the Privacy Act focuses on the personal information of individuals, it would not seem a comfortable fit to import provisions that deal with corporations and entities.
108. In absence of a clearly identified failure in the law, the Office sees no compelling reason to move the criminal offence provisions of the Taxation Administration Act 1953 to the Privacy Act.
109. The relationship between the offence provisions of the Taxation Administration Act 1953 and the TFN Guidelines made under section 17 of the Privacy Act is also discussed in Chapter 12 of this submission.
110. In regard to data-matching provisions, the Office has no strong views on the merits of incorporating the protections of the Data-matching Program (Assistance and Tax) Act 1990 into the Privacy Act.
111. Data-matching can be a powerful administrative and law enforcement tool. It allows information from a variety of sources to be brought together, compiled and applied to a range of public policy purposes at vastly lower cost than manual methods.
112. Importantly though, data-matching has the potential to pose risks to the privacy of those whose data is be matched. The Privacy Commissioner's guidelines for The use of data matching in Commonwealth administration explain these risks:
113. Protection against these risks is, in part, provided by the Data-matching Program (Assistance and Tax) Act 1990 ('DMA Act'). While this legislation applies to the use and disclosure of tax file numbers, guidelines have been drawn up for all agencies to refer to when pursuing data-matching activities.257
114. Currently the DMA Act and Guidelines only cover the public sector. As this technology becomes more sophisticated and easy to use it is likely that the private sector will increasingly use data matching, mining and linking for its operations.
115. The Office recommends that consideration be given to making the current voluntary public sector data matching guidelines mandatory to give added power to data-matching regulation. In making the guidelines enforceable, the Office notes that they may require reviewing to bring them in line with current practices and new technologies
116. The Office acknowledges that there is scope for increasing data matching in the private sector. Private sector data matching activity might be an area best dealt with under a binding code making power for the Privacy Commissioner (see response to question 11-4. See also chapter 6: Powers of the Office of the Privacy Commissioner)
117. The Office submits that the information collected and processed by the Australian Bureau of Statistics (ABS) pursuant to the Census and Statistics Act 1905 ('Census Act') serves a range of important public interests. Further, the legislative protections afforded by the Privacy Act and the secrecy provisions of the Census and Statistics Act 1905 provide a sound framework for the appropriate handling of personal information.
118. However, through enquiries made to its enquiries hotline, the Office is aware of concerns held by some individuals in the community regarding the collection and handling of personal information pursuant to the Census Act. These concerns are generally most pronounced in the period leading up to the taking of the national Census of Population and Housing ('the Census'). The Office also receives a significant number of enquiries regarding the collection of personal information by the ABS under its household surveys program.
119. In general, the type of concerns expressed by individuals have included:
120. Accordingly, it is important to ensure that the public interest in maintaining an accurate Census is appropriately balanced with the public interest in affording individuals protections over how their personal information is handled.
121. Chapter 2C and section 672DA of the Corporations Act 2001 ('Corporations Act') impose obligations on companies and registered schemes to make and maintain registers of members and relevant interests and make such registers available for inspection. Among other things, such registers must include the name and address of individuals.258 For companies with share capital, the register must also include matters such as the shares held by each member and the price paid.259 Registers must also include the names of persons who have stopped being a member in the previous 7 years.260
122. The Corporations Act also permits any person to inspect registers261 and to receive a copy of the register.262 Section 173(3) provides that:
If the register is kept on a computer and the person asks for the data on floppy disk, the company or scheme must give the data to the person on floppy disk. The data must be readable but the floppy disk need not be formatted for the person's preferred operating system.
123. Relevantly, section 177 provides that:
(1) A person must not:
- use information about a person obtained from a register kept under this Chapter to contact or send material to the person; or
- disclose information of that kind knowing that the information is likely to be used to contact or send material to the person.
Note: An example of using information to send material to a person is putting a person's name and address on a mailing list for advertising material.
(1A) Subsection (1) does not apply if the use or disclosure of the information is:
- relevant to the holding of the interests recorded in the register or the exercise of the rights attaching to them; or
- approved by the company or scheme.
124. The handling of personal information held in public registers for the purposes of the Corporations Act provides a specific example of a more general issue, that is, finding the appropriate balance in granting access to, and setting limits upon the subsequent use of, information held on public registers.
125. The Office has developed an information sheet dealing with some of these issues and their relationship to the Privacy Act.263 This Information Sheet explains that the Privacy Act can apply to personal information that is publicly available if it is collected for inclusion in a record or a generally available publication.
126. It should be noted however, that the definition of record in section 6 of the Privacy Act expressly excludes a general available publication.264 That is, agencies and organisations will generally not have Privacy Act obligations in regard to their holding of generally available publications, but may still have collection obligations and obligations that apply if they incorporate such information into a record (including by manipulating it or combining it with other personal information).
127. The Office is aware of community concern regarding access to share registers and similar public registers, particularly where information derived from registers is used for purposes that shareholders may not expect. For example, the Office has received complaints and enquiries about:
128. The Office notes in this regard that, due to enhancements in technology, it is vastly cheaper and easier to collect, use and disclose this data, and to integrate and compare it with data from other sources. This increases the incentives to engage in activities that individuals may not want expect or find desirable, driven as they are by the increasing richness and market value of this data.
129. At the same time, in the Office's view, there are good public policy reasons why the personal data of shareholders should be held on such registers and why it should be open for examination, with those shareholders being contactable for particular purposes. Upholding personal privacy is not intended to, nor does it have to, undermine these important accountability and market interests; rather it can complement and enhance them. Ensuring clarity and certainly about how individuals' personal data will be handled leads to greater community trust in the handling of data by corporations generally, and by public institutions as well.
130. In considering the current arrangements for share registers and the handling of the personal information in them, the Office is less concerned with the breadth of access to this data, but how it may be used once it has been accessed. This concern becomes more acute when uses of the data go well beyond what the individual expects, such as its incorporation into richer and more powerful data sets for profiling and targeted communication for marketing.
131. The Office submits that, while not seeking to limit the proper scope of the use or disclosure of share register data, it may be appropriate to more carefully describe and set out the range of permitted uses and disclosures of this data (whether in regulations or binding guidelines to corporate legislation, for instance). In this way, the necessary public policy outcomes under corporate legislation can be achieved, while more effectively limiting the undue use or disclosure of the data on share registers.
132. The Office also notes the provisions that exist for registers of credit union memberships (as discussed below), including that a relevant body corporate has the discretion to deny an individual access to a register, though ASIC may subsequently, on its own initiative or following an application from an individual, approve an inspection or use of information on the register.
133. The Office is similarly aware of the particular sensitivities that may arise in the handling of personal information stored in registers of credit union members. Again, there are good public policy reasons for such registers, but there is a risk of complications arising when those entities serve specific and often small sectors (such as police services or some other professions). Arguably, problems can arise as personal information held in such a register may be highly sensitive due to the nature of a member's place in the community, the public availability of which may bear directly on their personal or familial safety and security.
134. The Office understands, however, that under the corporations law, there is some scope for a credit union to refuse a request to view its member register, specifically by relying on the Corporations Regulations 2001.265 Regulations 12.8.08(3) and (4) have the effect of amending, respectively, subsection 173(1) and (3) of the Corporations Acts. These amendments effectively permit a body corporate to deny access to, and copies of, registers of members of the body corporate who hold members shares. This discretion may be overridden where ASIC, either on its own initiative or following a written application from an individual, approves the inspection or proposed use.
135. As proposed in the case of share registers, the Office would welcome further consideration being given to imposing statutory restrictions on the purposes for which personal information contained in credit union membership registers may be used or disclosed.
136. The Office has previously noted that the integrity of the Electoral Roll is integral to the democratic process in Australia.266 It is difficult to challenge the view that the Electoral Roll should accurately reflect the true status of those who are entitled to participate in the democratic process. Further, the principle that the Electoral Roll is available for examination by citizens is a longstanding one, and one that promotes a sense of openness and transparency in the democratic process.
137. The primary purpose for collecting personal information for inclusion in the Electoral Roll is to produce and maintain an accurate record of those who are entitled to participate in the electoral process, thus minimising electoral fraud and promoting the valid and lawful participation of all eligible citizens in the democratic process. Clearly, such objectives serve the public interest.
138. Public inspection of the roll enables individuals to check the accuracy of their own enrolment details, to check the correctness of the enrolment of others and, in doing so, to prevent electoral fraud. Making the Electoral Roll available for such inspection is directly related to the primary purpose of maintaining the Electoral Roll.
139. In addition, access to and copies of the Electoral Roll are available to a range of persons and bodies. These are prescribed in section 90B(1) of the Commonwealth Electoral Act 1901 ('Electoral Act') and Schedule 1 of the Electoral and Referendum Regulations 1940 ('the Regulations').267
140. There is, however, a balance required between making the Electoral Roll available for inspection and promoting the individual's right to privacy. The Office notes that the Electoral Roll has a number of characteristics that raise particular privacy challenges. Most significantly, as it is compulsory for eligible individuals to enrol to vote, individuals have no choice whether or not their personal information is contained in the Electoral Roll268 (though the Office does note that individuals can apply to have their details withheld from the publicly available roll, such as where they are at risk of domestic violence). In addition, the Office notes the powers given to the Australian Electoral Commission (AEC) under the Electoral Act to collect personal information from third-parties without the knowledge or consent of the relevant individual.
141. Accordingly, a balance between the public interest in ensuring transparent electoral procedures and the public interest in protecting privacy would seem to be promoted where protections exist that are effective in ensuring that personal information is used and disclosed only for the primary purpose of the Electoral Roll. In addition, protections consistent with the principles contained in the Privacy Act should be afforded to the handling of information from the Electoral Roll, particularly in regard to those bodies that may handle such information but which fall outside the Privacy Act's jurisdiction.
142. From complaints and enquiries, the Office is aware of a number of concerns in the community about the use of information sourced from the Electoral Roll. Examples include:
143. It should be noted that the veracity of such claims has not always been tested (especially where they are general enquiries). Rather, these classes of enquiries and complaints provide some insight into the types of concerns some individuals may have.
144. The Office has previously made two public submissions to the Joint Standing Committee on Electoral Matters (JSCEM) in regard to the adequacy of privacy protections afforded to the Electoral Roll.269
145. In these submissions, the Office noted, among other things, that the widespread availability of scanning and optical character recognition technology allows hardcopies of the Electoral Rolls to be converted easily to digital form, so it is no longer necessary to manually key data into a computer. Further, the fact that the Electoral Roll could only be purchased in printed form, rather than on disk or tape, offered only marginal protection against the personal information being copied, re-sorted and manipulated for purposes not at all related to promoting transparency in the electoral process.
146. This was a particular concern given the lack of legislative controls on the uses of printed copies of the Electoral Roll. While the then sections 91A and 91B restricted the uses of Electoral Roll in its electronic form, no such restriction applied to print or hardcopy form.
147. In this regard, the Office welcomed the amendments made by the Electoral and Referendum Amendment (Access to Electoral Roll and Other Measures) Act 2004 introducing a provision to prohibit the sale of the Electoral Roll in any form. This measure was intended to address concerns held by JSCEM and the Office about purchased copies of the roll being used for commercial purposes.270
148. This amendment Act also extended the offence provision for inappropriate use of roll information by ensuring that it covered information supplied by any means (and not just by 'tape or disk' as had previously been the case). In supporting the relevant recommendation of the JSCEM report, the Government noted that 'Withdrawal of the roll from sale will eliminate the last source of elector information that has the potential for non-electoral and commercial use.'271
149. While the Office welcomes these restrictions on uses of information on the Electoral Roll, it is submitted that consideration could be given to extending the types of protections that are afforded, including by introducing obligations to ensure that recipients handle information securely and dispose of it when it is no longer required for the purpose for which it was collected.
150. Additionally, as part of the ALRC's review, there may be merit in considering whether the range of prescribed agencies and purposes listed under Schedule 1 of the Regulations remains appropriate. Currently, 22 Commonwealth agencies are authorised to access information on the Electoral Roll for a range of regulatory, law enforcement and public revenue purposes. In the Office's view, given the mandatory nature of enrolment and the ability to collect personal information from third-parties without the individual's knowledge, it is appropriate that access to the Electoral Roll remain relatively narrow.
151. Under the Privacy Act, public registers such as the Electoral Roll may fall under the definition of 'generally available publication' which means 'a magazine, book, newspaper or other publication that is or will be generally available to members of the public'. The effect of this definition is to exempt public registers from the IPPs relating to limitations on use and disclosure, requirements of security and data quality, rights of access and disclosure.
152. As discussed above in regard to registers of shareholders, it should not be inferred that information collected from public registers remains fully or partially excluded from the Privacy Act's jurisdiction. This is discussed further in Information Sheet 17 on Privacy and Personal Information that is Publicly Available. 272
153. However, the Office notes that there are degrees of access to Electoral Roll information, in that not all the information on the Electoral Roll is publicly available. This may introduce an unnecessary degree of regulatory uncertainty in that some information may fall within the Privacy Act's jurisdictions (in that it is not publicly available), while other information may not.
154. This uncertainty could be resolved by expressly removing the Electoral Roll from the definition of generally available publication, thus ensuring that all information on the Electoral Roll was covered by the Privacy Act, in addition to any additional protections that may be afforded by provisions of the Electoral Act.
155. In its 2002 submission, the Office noted concerns regarding the AEC's Continuous Roll Update (CRU), under which the AEC has substantial powers to collect personal information from a range of disparate Australian, state and territory governments to maintain the integrity of the Electoral Roll.
156. Specifically, section 92(1) of the Electoral Act provides that:
All officers in the service of the Commonwealth, a State or a Territory, officers in the service of any local governing body, and all occupiers of habitations shall upon application furnish to the Electoral Commission or to any officer acting under its direction all such information as the Electoral Commission requires in connexion with the preparation, maintenance or revision of the Rolls.
157. According to the AEC's 2004-05 Annual Report, the CRU:
... uses data from external sources to confirm elector details, to identify potential and existing electors who are not correctly enrolled, and to ensure that these electors are contacted to update their enrolment. The process of continually matching the electoral roll database against data from other sources tells the AEC which addresses need following up, and assists confidence in data integrity.273
158. In its 2002 report on the conduct of the 2001 election, JSCEM noted that:
The most significant new components of CRU are data-mining and data-matching. Where other elements of the CRU, such as attendance at Citizenship ceremonies, have played a major role in the AEC's electoral roll maintenance for some time, data-mining and data-matching are the key innovations.
159. In the context of the Electoral Roll, it may be appropriate that any data-matching only be pursued where appropriate regard for privacy issues has been given. In particular, the purpose of the data-matching should be narrowly defined as being to maintain the accuracy of the Electoral Roll. Further, formal protocols may be required to ensure that redundant or unmatched personal information is not retained.
160. Further, before granting such comprehensive data collection powers, it may be appropriate for a more thorough examination of why such powers are considered necessary. While the CRU initiative seems merit worthy, the ANAO audit concluded that a suite of 8 types of Commonwealth and State/Territory agencies could be identified as optimal data sources.274 Accordingly, it seems possible that broad and general powers of demand, including from any agency or data source, are excessive and unnecessary for the purposes of CRU.
161. Where extended data-matching or data collection is carried out for the purposes of maintaining the Electoral Roll, secondary purposes should be limited to the narrowest possible range and only approved where there is a strong public interest. It should be acknowledged that the accuracy and quality of data held in the Electoral Roll could tempt various third-parties to seek access in a manner incompatible with the primary purpose of the Electoral Roll.
162. As discussed above in responding to question 7-6(h), as well as in Chapters 6 and 11, the Office can see merit in considering whether the current non-binding data-matching guidelines should be given statutory effect. Such a measure may promote community confidence that any data-matching conducted using information from the Electoral Roll is subject to appropriate regulation.
163. The Office notes that items 5 and 6 of section 90B(4) permit a copy of an Electoral Roll to be provided to entities for the purpose of verifying an individual's identity pursuant to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act). The Office understands that one outcome of the AML/CTF Act is to significantly increase the number of relevant entities beyond those previously covered by the Financial Transactions Report Act 1988. Sections 91A(2C) and (2D) of the Electoral Act provide that information collected for this purpose may only be used for this purpose.
164. The Office notes that, by virtue of the Anti-Money Laundering and Counter-Terrorism Financing (Transitional Provisions and Consequential Amendments) Act 2006 (AML/CTF Consequential Amendments Act),275 personal information collected by reporting entities for the purposes of the AML/CTF Act will be covered by the Privacy Act. This is likely to partly address the issue raised in paragraph 7.104 of IP31, where it is noted that the Electoral Act does not impose obligations regarding security or disposal of information collected from the Electoral Roll for AML/CTF purposes.
165. However, the Office notes that item 5 of section 90B of the Electoral Act permits a 'prescribed person or organisation' to obtain a copy of the Electoral Roll for verification of identity under the AML/CTF Act. In contrast, section 152 of the AML/CTF Consequential Amendments Act inserts a new subsection 6E(1A) into the Privacy Act that brings small businesses that are reporting entities under the Privacy Act's jurisdiction (for the purpose of AML/CTF compliance).
166. Accordingly, it appears that prescribed persons or organisations under the Electoral Act need not be reporting entities, and thus it is unclear whether they would be covered by the AML/CTF Consequential Amendments Act. For example, a small business or state government entity accessing Electoral Roll information for the purposes of AML/CTF identity verification would not be covered by the Privacy Act.
167. Accordingly, the Office supports further consideration of including additional protections in the Electoral Act to ensure that all persons and entities that collect information pursuant to the AML/CTF Act would, at a minimum, incur obligations that require information to be held securely and disposed of when no longer required.
168. The Office notes that, on passing both Houses of Parliament, this Bill was assented to on 12 December 2006 to become the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 ('AML/CTF Act').
169. The Office made a number of submissions to the Attorney-General's Department (AGD) and the Senate Legal and Constitutional Affairs Committee (SLCA) on the development of the Bill and during its consideration by Parliament.276 The key concerns raised in these submissions about the various iterations of the Bill included that:
170. However, the Office welcomed the provisions made in the Anti-Money Laundering and Counter-Terrorism Financing (Transitional Provisions and Consequential Amendments) Act 2006 to bring personal information collected by reporting entities for the purposes of the AML/CTF Act under the jurisdiction of the Privacy Act. This applies to all reporting entities, including those that would otherwise be exempt small business organisations.
171. As noted above in response to question 7-6(k), it may be necessary to consider amendments to the Electoral Act to ensure that all persons and bodies that receive electoral roll information for AML/CTF purposes have obligations consistent with the National Privacy Principles, particularly regarding data security and disposal, and not just reporting entities.
172. In the Office's view, it is appropriate that legislative secrecy provisions remain regulated under the legislation that pertains to each agency. This ensures that each agency's respective secrecy responsibilities are grouped with its other obligations.
173. For example, secrecy provisions with regard to Child Support Agency staff are appropriately located in the Child Support (Assessment) Act 1989 (Cth), which enables the functions of that agency. The broader, principles-based aspects of personal information-handling, which apply across all Australian and ACT Government agencies, are properly regulated by the Office under the Privacy Act.
174. Key differences between secrecy provisions and the IPPs justify their separation. In light of these differences, the Office does not consider it appropriate that the Commissioner take carriage of administering and enforcing secrecy law.
175. First, secrecy provisions do not solely relate to personal information. They also provide protection for things like commercial information, security details and operational information.277 Relocating those secrecy provisions that relate to personal information from other Acts to the Privacy Act, on the premise of 'lessening fragmentation', may in fact lead to the fragmentation of secrecy provisions, and of legislation prescribing each agency's obligations.
176. Second, secrecy provisions provide separate and specific standards of protection beyond that afforded by the IPPs. Unlike the latter, the level of protection varies with the sensitivity of the information concerned.
177. Third, secrecy provisions provide for criminal penalties for contravention. In contrast, a breach of the IPPs is generally remedied through the Privacy Act's statutory and administrative processes.
178. Without further evidence of difficulties with the current arrangements, the Office is unclear of the benefits of incorporating existing secrecy provisions into the Privacy Act. This is a pertinent issue given the additional resources the Office would need to devote to interpretation, compliance and enforcement of the various specific secrecy provisions.
179. In reference to Part VIII of the Privacy Act, the second reading speech of the Privacy Bill 1988 noted:
...the law of confidence is an important existing means of protecting privacy in some circumstances. The Bill includes some limited extensions of the law of confidence recommended by the Law Reform Commission which will further enhance privacy protection.278
180. The Office does not have experience in the application of Part VIII of the Privacy Act. As the Office understands it, Part VIII does not confer any powers on the Office to determine matters or provide a remedy, but allows damages to be sought in court for a breach of confidence by a Commonwealth officer.279 The Office welcomes the input of other submissions to the ALRC as to whether these provisions are of tangible value, and whether Part VIII may be more appropriately located elsewhere than the Privacy Act.
181. The Office supports the use of industry-specific rules, codes and guidelines to allow for more prescriptive regulation than the Privacy Act, where appropriate. It is the Office's view that the Privacy Act should allow the Privacy Commissioner to make binding guidelines for this purpose.
182. The Office recognises the importance of limiting unnecessary fragmentation of privacy law. Nevertheless, when used judiciously, additional rules, codes and guidelines can incur benefits which justify differential treatment. Such instruments can clarify sector-specific issues; include more detailed protections for personal information where appropriate; and can lead to a greater understanding of how privacy law applies in particular contexts.
183. For example, while the Privacy Act's principles are intended to be technologically neutral, codes or guidelines may respond effectively to specific new or changing technologies which impact on privacy.
184. Further discussion about privacy codes can be found in Chapter 6 on the powers of the Commissioner.
208 Office of the Privacy Commissioner, Getting in on the Act: Review of the Private Sector Provisions of the Privacy Act, March 2005 (Office's Private Sector Review), p 48.
209 See for example, Office's Private Sector Review, recommendations 2-7.
210 For examples of compliance costs provided to the Office, see the Office's Private Sector Review pp 172-3.
211 Under the Privacy Act 1988 (Cth), s 6: 'secrecy provision means a provision of a law of the Commonwealth, including a provision of this Act, that prohibits or regulates the use or disclosure of personal information, whether the provision relates to the use or disclosure of personal information generally or in specified circumstances.'
212 See, for example, Health Insurance Act 1973 (Cth), s 130 ('Officers to observe secrecy') available at http://www.comlaw.gov.au/ComLaw/Legislation/ActCompilation1.nsf/previewlodgmentattachments/3DF98F2F1D5A6810CA257210008304E3/$file/HealthIns1973Vol2_WD02_S.htm#param181.
213 Office's Private Sector Review, pp 32-48.
214 See for example, Office's Private Sector Review, p 175.
215 See, for example, Privacy Act 1988 (Cth) NPPs 1.3, 3 and 4; and IPPs 2, 3 and 4.
216 See for example, Office's Private Sector Review, p 41.
217 ALRC IP31, paragraph 7.14. See also the Office's Private Sector Review, p 67.
218 Office's Private Sector Review, p 38.
219 Office's Private Sector Review, p 66.
220 See the website of the National E-Health Transition Authority, at www.nehta.gov.au.
221 Office's Private Sector Review, Recommendation 2, p 48.
222 As a similar example, the Privacy Act currently permits the Commissioner to decline a complaint that is the subject of an application under another Commonwealth, state or territory law, where the matter has been, or is being, dealt with adequately under that law (s 41(1)(e)).
223 Health Record and Information Privacy Act 2002 (NSW) (NSW HRIPA), s 28.
224 Privacy Act 1988 (Cth), NPP 2.1(g) and IPP 11(d).
225 See the Hon Malcolm Turnbull, MP, Second Reading, Privacy Legislation Amendment (Emergencies and Disasters) Bill 2006, House of Representatives Hansard, 28 November 2006, p 140, available at http://parlinfoweb.aph.gov.au/piweb//view_document.aspx?TABLE=HANSARDR&ID=2647669. .
226 See for example, Office's Private Sector Review, 'Private Sector Contracting', pp 186-9.
227 See for example, Office's Private Sector Review, pp 39-40.
228 Privacy Act 1988 (Cth), s 7B(5).
229 Privacy Amendment (Private Sector) Bill 2000 Explanatory Memorandum.
230 Bills Digest No. 193 1999-2000 available at http://parlinfoweb.aph.gov.au/piweb/TranslateWIPILink.aspx?Folder=BILLSDGS&Criteria=CITATION_ID:76T16%3B.
231 Privacy Amendment (Private Sector) Bill 2000 (Cth) Explanatory Memorandum, paragraph 102.
232 Office's Private Sector Review, pp 72-3.
233 MCCA/SCAG Residential Tenancy Database Working Party, Report on Residential Tenancy Databases, 27 September 2005 (as amended 30 March 2006), available at http://www.ag.gov.au/www/agd/agd.nsf/Page/Privacy_Privatesectorprivacy_JointMinisterialReportonResidentialTenancyDatabases.
234 MCCA/SCAG Residential Tenancy Database Working Party, ibid, paragraph 4.2.1.
235 Office's Private Sector Review, Recommendation 15, p 73.
236 Office's Private Sector Review, Recommendation 16, p 73. The MCCA/SCAG Working Party's Report also recommended that the government consider this option (paragraph 4.2.2).
237 See s 3 of the Archives Act 1983 (Cth), compared with s 6 of the Privacy Act 1988 (Cth). Note that the Privacy Act definition makes reference to the Archives Act definition, excluding certain types of Archives Act records from the Privacy Act.
238 S 9 of the Corporations Act 2001 (Cth)
239 Privacy Act 1988 (Cth) IPP 11(1)(d), IPP 10(1)(c) and NPP 2.1(g).
240 IPP 6, Privacy Act s 14 (emphasis added).
241 Since 2001, the Office has declined 17 complaints about access (IPP6) and seven complaints about amendment (IPP 7) on the grounds that the complaint would best be dealt with under another law (s 41(1)(f)).
242 Similarly to the qualification in IPP 6, IPP 7.2 states: 'The obligation imposed on a record-keeper by clause 1 [of IPP 7] is subject to any applicable limitation in a law of the Commonwealth that provides a right to require the correction or amendment of documents.'
243 The interaction of the IPPs and the FOI Act is explained further in the Office's Guidelines to Information Privacy Principles 4-7, pp 12-21, available at http://www.privacy.gov.au/government/guidelines/index.html#34.
244 For example, under s 41(1) of the FOI Act, a document is exempt if its disclosure under the Act would involve the unreasonable disclosure of personal information about any person (including a deceased person). This is similar to an current exception under the private sector access provisions, where 'providing access would have an unreasonable impact on the privacy other individuals.' (NPP 6.1(c))
245 For example, s 41(1) of the FOI Act and NPP 6.1(c) under the Privacy Act.
246 See, for example, s 9 and Schedule 2 of the Freedom of Information Act 1989 (NSW), which exempt the office of the NSW Privacy Commissioner's 'complaint handling, investigative and reporting functions'.
247 FOI Act, s 41(1). The application of this test of 'unreasonable disclosure', and the balance of public interests, is considered in Albanese and Chief Executive Officer of the Australian Customs Service [2006] AATA 900 (23 October 2006). In particular, see paragraphs 15-17 and 22-34.
248 See Privacy Commissioner, 'Open Government: Reality or Rhetoric', Speech to the Institute of Public Administration Australia, 15 June 2006.
249 See Page 9, FOI Annual Report, 2004 - 2005
250 For example, the Northern Territory Information Commissioner, the Information Commissioner's Office (UK), and the Office of the Information and Privacy Commissioner for British Columbia (Canada).
251 S 3(1) of the Archives Act 1983 (Cth) states: 'record means a document (including any written or printed material) or object (including a sound recording, coded storage device, magnetic tape or disc, microform, photograph, film, map, plan or model or a painting or other pictorial or graphic work) that is, or has been, kept by reason of any information or matter that it contains or can be obtained from it or by reason of its connection with any event, person circumstance or thing.'
252 See the Archives Act, s 3(7) and s 31(1) respectively.
253 Section 6 of the Privacy Act states that a 'record' under the Privacy Act does not include 'Commonwealth records as defined by subsection 3(1) of the Archives Act 1983 that are in the open access period for the purposes of that Act'.
254 Archives Act 1983 (Cth), s 33(1)(g).
255 Freedom of Information Act 1982 (Cth), s 41(1).
256 See also NPP 6.1(c)), which allows a private sector organisation to deny access to an individual's personal information if access would have an unreasonable impact on the privacy of other individuals.
257 Data-matching guidelines are available at: http://privacy.gov.au/publications/HRC_PRIVACY_PUBLICATION.word_file.p6_4_23.15.doc
258 Privacy Act 1988 (Cth) S 169(1)(a).
259 Privacy Act 1988 S169(3).
260 Privacy Act 1988 S169(7).
261 See, S 173 and (for listed companies and managed investment scheme) 672(DA)(7).
262 S 173 and 672(DA)(8).
263 Information Sheet 17-2003: Privacy and personal information that is publicly available can be found at http://www.privacy.gov.au/publications/is17_03.html.
264 Generally available publication means a 'magazine, book, newspaper or other publication (however published) that is or will be generally available to members of the public'.
265 Available at http://www.comlaw.gov.au/ComLaw/Legislation/LegislativeInstrumentCompilation1.nsf/previewlodgmentattachments/D846AEF8E223D240CA257244007CCBF2/$file/Corporations2001Vol4.htm#param388.
266 See, for example, the Office's submission to the Joint Standing Committee on Electoral Matters, Inquiry into the Conduct of the 2001 Election, October 2002, available at http://www.privacy.gov.au/publications/electoralsub.pdf.
267 The Regulations are available at http://www.comlaw.gov.au/ComLaw/Legislation/LegislativeInstrumentCompilation1.nsf/bodylodgmentattachments/F29A6C4CC6C10B5DCA2570DD007E904E?OpenDocument#para0.1.
268 Commonwealth Electoral Act 1901, S 101
269 Both submission were to the Joint Standing Committee on Electoral Matters, and were to the 2000 Inquiry into the Electoral Roll (available at http://www.privacy.gov.au/publications/elesub.pdf) and the 2002 into the Conduct of the 2001 Federal Election (available at http://www.privacy.gov.au/publications/electoralsub.pdf).
270 Further information is available in the Bills Digest at http://parlinfoweb.aph.gov.au/piweb/Repository/Legis/Billsdgs/J7MC60.pdf.
271 See, response to Recommendation 29, Government Response to the Report of the Joint Standing Committee on Electoral Matters: The 2001 Federal Election Report of the Inquiry into the conduct of the 2001 Federal Election, and matters related thereto available at http://www.aph.gov.au/house/committee/em/elect01/Report/2001govresponse.pdf.
272 http://www.privacy.gov.au/publications/is17_03.html.
273 AEC Annual Report 2003-04, 'Output 1.1.2 Electoral roll updates', available at http://www.aec.gov.au/_content/What/publications/annual_report/2004/output1_1_2.htm.
274 ANAO Audit Report 42 2001-2002 Integrity of the Electoral Roll, at p.2.40. The ANAO, at Table 3 lists these 8 'Desirable CRU data sources' as: Australia Post, Centrelink, Motor Transport, Fact of Death fi