RECOMMENDATIONS
Chapter
3 General issues
Recommendation 1
3.30 The
committee recommends that the Department of the Prime Minister and Cabinet
re-assess the draft Australian Privacy Principles with a view to improving
clarity through the use of simpler and more concise terms and to avoid the
repetition of requirements that are substantially similar.
Recommendation 2
3.32 The
committee recommends that reconsideration be given to the inclusion of agency
specific provisions in the Australian Privacy Principles in the light of the
Office of the Privacy Commissioner's suggestion that agency specific matters
should, in the first instance, be dealt with in portfolio legislation.
Recommendation 3
3.73 The
committee recommends that the Office of the Australian Information Commissioner
develop guidance on the interpretation of 'personal information' as a matter of
priority.
Recommendation 4
3.90 The
committee recommends that the Office of the Australian Information Commissioner
develop guidance on the meaning of 'consent' in the context of the new Privacy
Act as a matter of priority.
Recommendation 5
3.114 The
committee recommends that the Government, in consultation with the Office of
the Australian Information Commissioner, give consideration to the provision of
a transition period for entities to fully comply with the implementation of the
new Privacy Act.
Chapter 4 Australian Privacy Principle 1–open and
transparent management of personal information
Recommendation 6
4.45 The
committee recommends that a note be added at the end of APP 1(5) which
indicates that the form of an entity's privacy policy 'as is appropriate' will
usually be an online privacy policy.
Chapter 5 Australian Privacy Principle 2–anonymity and
pseudonymity
Recommendation 7
5.37 The
committee recommends that the wording of APP 2(2)(a) be reconsidered to
ensure that the exception to the anonymity and pseudonymity principle cannot be
applied inappropriately.
Chapter 6 Australian Privacy Principle
3–collection of solicited personal information
Recommendation 8
6.35 The
committee recommends that in relation to the collection of solicited
information principle (APP 3), further consideration be given to:
- whether the addition
of the word 'reasonably' in the 'necessary' test weakens the principle; and
- excluding
organisations from the application of the 'directly related to' test to ensure
that privacy protections are not compromised.
Chapter 7 Australian Privacy Principle 4–receiving
unsolicited information
Recommendation 9
7.44 The
committee recommends that the term 'no longer personal information' contained
in APP 4(4)(b) be clarified.
Chapter 10 Australian Privacy Principle 7–direct
marketing
Recommendation 10
10.46 The
committee recommends that the drafting of APP 7 be reconsidered with the
aim of improving structure and clarity to ensure that the intent of the
principle is not undermined.
Recommendation 11
10.60 The
committee recommends that the note to APP 7(1) be redrafted to better
reflect the position outlined in the Government response.
Recommendation 12
10.66 The
committee recommends that the Australian Information Commissioner develop
guidance in relation to direct marketing to vulnerable people.
Recommendation 13
10.81 The
committee recommends that the structure of APP 7(2) and APP 7(3) in
relation to APP 7(3)(a)(i) be reconsidered.
Chapter 11 Australian Privacy Principle 8–cross-border
disclosure of personal information and sections 19 and 20
Recommendation 14
11.41 The
committee recommends that a note be added to the end of APP 8 making
reference to section 20 of the new Privacy Act.
Recommendation 15
11.53 The
committee recommends that the Department of the Prime Minister and Cabinet
develop explanatory material to clarify the application of the term
'disclosure' in Australian Privacy Principle 8.
Recommendation 16
11.64 The
committee recommends that the Office of the Australian Information Commissioner
develop guidance on the types of contractual arrangements required to comply
with APP 8 and that guidance be available concurrently with the new
Privacy Act.
Recommendation 17
11.103 The
committee recommends that, when the Australian Government enters into an
international agreement relating to information sharing which will constitute
an exception under APP 8(2)(d), the agency or the relevant minister table
in the Parliament, as soon as practicable following the commencement of that
agreement, a statement indicating:
- the terms under which
personal information will be disclosed pursuant to the agreement; and
- the effect of the agreement
on the privacy rights of individuals.
Recommendation 18
11.105 The
committee recommends that further consideration be given to the wording of the
law enforcement exception in APP 8(2)(g) to ensure that the intention of
the provision is clear.
Recommendation 19
11.120 The
committee recommends that section 19, relating to the extraterritorial
application of the Act, be reconsidered to provide clarity as to the policy
intent of the provision.
Recommendation 20
11.133 The
committee recommends that the Department of the Prime Minister and Cabinet
develop explanatory material in relation to the application of the
accountability provisions of section 20.
Chapter 12 Australian Privacy Principle 9–adoption,
use or disclosure of government related identifiers
Recommendation 21
12.33 The
committee recommends that the term 'reasonably necessary' be replaced with
'necessary' in APP 9(2)(a), (b) and (f).
Recommendation 22
12.38 The
committee recommends that the Office of the Australian Information Commissioner
undertake a review of agency voluntary data-matching guidelines, including
emerging issues with the use of government identifiers, and that the outcome
inform further consideration of the extension of APP 9 to agencies.
Chapter 13 Australian Privacy Principle 10–quality of
personal information
Recommendation 23
13.35 The
committee recommends that proposed APP 10(2), pertaining to the quality of
personal information disclosed by an entity, be re-drafted to make clear the
intended use of the term 'relevant'.
Chapter 14 Australian Privacy Principle 11–security of
personal information
Recommendation 24
14.36 The
committee recommends that a definition of the term 'interference' used in
proposed APP 11(1)(a), pertaining the security of personal information, be
provided or a note included in the legislation to explain its meaning in this
context.
Recommendation 25
14.38 The
committee recommends that the Australian Information Commissioner provide
guidance on the meaning of 'destruction' in relation to personal information no
longer required and the appropriate methods of destruction of that information.
Chapter 15 Australian Privacy Principle 12–access to
personal information
Recommendation 26
15.43 The
committee recommends that, in relation to the proposed exceptions provided for
in APP 12(3):
- the Australian
Information Commissioner provide guidance in relation to the application of the
'frivolous and vexatious' exception (APP 12(3)(c));
- clarity be provided
as to the stage at which the negotiations exception in APP 12(3)(e) may be
invoked; and
- further consideration
be given to the exception in APP 12(3)(j) in relation to commercially
sensitive decisions to ensure that the rights currently provided for in the Privacy
Act 1988 are not diminished.
Recommendation 27
15.46 The
committee recommends that a note be added to proposed APP 12(4)(a) to
clarify that a reasonable period of time in which an organisation must respond
to a request for access would not usually be longer than 30 days.
Recommendation 28
15.47 The
committee recommends that APP 12(8) be amended so that it is made clear
that access charges imposed by organisations should only be charged at a level
reasonably necessary to recoup costs incurred by the entity.
Chapter 16 Australian Privacy Principle 13–correction of
personal information
Recommendation 29
16.34 That
the decision to omit the term 'misleading' in APP 13, relating to the
correction of personal information, be reconsidered.
Navigation: Previous Page | Contents | Next Page