Government Senators' Report - Privacy in the Private Sector
The Senate Legal and Constitutional References Committee has considered
a reference from the Senate inquiring into privacy protection in Australia.
The Government Senators on the Committee provide the following additional
comments on the recommendations of the majority of the Committee.
Chapter 3
Recommendation 1 (Paragraph 3.23)
The Committee therefore recommends that in the development of more
effective privacy legislation, as is recommended later in this report,
consideration be given to the relationship between existing laws regulating
employer records and proposed legislation which would seek to cover employee
data.
Government Senators do not support the inclusion of employee data in
the development of a new national scheme for privacy protection in the
private sector. It is considered that such a requirement would impose
an excessive and unnecessary burden on employers who are already required
to operate within industrial and workplace relations laws which impose
rules for the management and handling of employee records. An additional
level of administration will result in duplication and add significantly
to compliance costs faced by business.
Chapter 3
Recommendation 2 (Paragraph 3.96)
The Committee therefore recommends that the criteria outlined in this
chapter be used as a baseline for the development and evaluation of a
privacy regime applying to the private sector.
Government Senators note that the basis for the application of privacy
protection in the private sector should be to ensure that individuals
are confident that their privacy will be protected. When information is
collected about individuals by organisations they should know why it is
being collected, the use to which it will be put and to whom it will be
published. The individual should also be confident that the information
will not be used or disclosed in a manner they would not reasonably expect.
Individuals should be provided with access to information which is held
about them and with the opportunity to correct the information held if
necessary.
The extension of privacy protection to the private sector should enable
business to implement processes that provide practical protection of personal
information held about individuals. They should not present additional
cost or compliance complexity for business, but rather become parts of
the everyday approach to effective and efficient information handling
in a competitive, technologically advanced environment.
Chapter 5
Recommendation 3 (Paragraph 5.144)
The Committee recommends that the Commonwealth not rely on self-regulatory
schemes that do not have a legislative backing as a means of guaranteeing
privacy rights.
Government Senators agree with the recommendations for the development
of an appropriate legislative framework to support effective privacy protection.
Legislative backing for privacy protection will assist in ensuring that
the privacy concerns of consumers are addressed and it is expected, will
particularly enhance the preparedness of individuals to take up new technology
opportunities.
Self-regulation has been highly effective in many areas, however coverage
can be incomplete across industries or parts of sectors eg. the varied
arms of financial services providers.
A national legislative framework will add to the protection provided
by codes and ensure that all participants in an industry are included
in the requirements for privacy protection. Those businesses which have
endeavoured to address privacy concerns through self regulation will be
assured that their efforts and reputation cannot be damaged by the bad
practices of another business that may previously have chosen not to participate
or abide by an industry code.
Effective national legislation is far preferable to piecemeal state and
territory coverage and will enable both consumers and business to operate
in an environment of certainty and consistency. It will also address any
questions of uncertainty in relation to the impact of the European Union
Directive and ensure that Australian businesses are considered to have
adequate protection for the handling of personal information.
Chapter 6
Recommendation 4 (Paragraph 6.52)
The Committee recommends the government introduce legislation to provide
privacy protection uniformly covering the public, private and the charitable
and “not for profit” sectors. The coverage of the bill should
be as broad as possible and minimise the extent of any exemptions.
As noted, Government Senators support the creation of a legislative framework
for protection of privacy in the private sector. Government Senators recommend
that the current provisions for protection of privacy in the public sector
remain in place and that the new private sector proposals are implemented
as soon as possible.
The public sector in Australia has had a basic platform for privacy protection
in place since the commencement of the Privacy Act 1988, which provides
protection for the personal information of individuals that is held by
the federal public sector. The coverage provided by the Act has been reviewed
and extended several times during the period of its operation.
The Act also established the office of the Privacy Commissioner, which
has been pivotal in consideration of and construction for the current
proposals for privacy protection in the private sector and will play an
integral role in the new processes.
Government Senators suggest that the most effective way to progress from
this point is to proceed with the Government's proposed new bill for private
sector privacy protection, building upon the substantial base already
in place under the Privacy Act 1988.
Recommendation 5 (Paragraph 6.60)
The Committee recommends that, were the proposed legislation to be
agreed to, there be a serious re-evaluation undertaken of the proposed
workplace of the Privacy Commission and the resource implications of the
proposed legislation.
Government Senators suggest that in the development of new legislation
extending privacy protection to the private sector, the operations and
any new responsibilities of the Privacy Commissioner should be evaluated
and appropriately supported.
Recommendation 6 (Paragraph 6.63)
The Committee questions the use of the Information Privacy
Principles in preference the National Principles.
However, as the Committee has noted serious deficiencies in the National
Principles, it recommends that they be carefully revised, and
should not be adopted without modification which takes into account the
issues raised by expert commentators, and in the light of the guiding
principles of the European Directive. Until such revision has occurred,
the National Principles would not be an appropriate base for legislation.
Government Senators support the continued operation of the National
Principles for the Fair Handling of Personal Information (the “National
Principles”) developed by the Privacy Commissioner and released last
year. The National Principles are an important element of the co-regulatory
approach to dealing with privacy protection in the private sector. Government
Senators note that the Government's announcements of proposals to legislate
to support and strengthen privacy protection in the private sector is
based on the National Principles.
From their introduction, the National Principles provided a important
step toward privacy protection, whilst ensuring an important balance between
regulation and flexibility. The Privacy Commissioner indicated that after
approximately twelve months of operation the National Principles would
be reviewed to address any operational issues that may have arisen. The
review was undertaken in addition to the substantial and wide-ranging
consultations that took place in the initial drafting of the National
Principles. As reported by the Commissioner, the review has been completed
and several amendments made, which include more specific law enforcement
provisions and minor changes bringing the principles into closer alignment
with the European Union's data protection framework.
It is also important to note the significant level of take-up of the
National Principles by major firms in their development of self-regulatory
privacy protection regimes. It would not assist business in their implementation
of privacy protection to make unnecessary and heavy handed changes at
this point and would devalue the comprehensive consultation and development
work of the Privacy Commissioner.
Recommendation 7 (Paragraph 6.71)
The Committee also examined the relationship between the Commonwealth
Freedom of Information Act and the Privacy
Act, and recommends the government further examine the issue
so as to ensure the most effective solution.
Government Senators support the examination of this issue to ensure the
most effective operation of the legislation in both areas.
Chapter 7
Recommendation 8 (Paragraph 7.116)
For this reason, the Committee recommends that the creation of a co-regulatory
model incorporate a comprehensive review of the Privacy Act, creating
a single universally applicable source of law.
As indicated in response to recommendation 4, Government Senators do
not support this proposal. There is a strong foundation already in place
for the extension of a legislative regime to the private sector. The public
sector has operated under the Privacy Act 1988 over a ten-year
period, and the private sector has more recently been developing codes
of conduct through self-regulation based on the National Privacy Principles.
It is also considered that the different operations and therefore requirements
of the private and public sectors warrant the operation of two schemes
operating according to the requirements of each sector.
The Government's proposed legislation for privacy protection in the private
sector announced in December 1998 will address many of the issues raised
in this chapter.
Chapter 8
Recommendation 9
Recognising the importance of keeping costs to a minimum, the Committee
recommends that any proposal for new legislation, once finalised, be subject
to a specific costing analysis to ensure that costs not unreasonable in
the context of the social objectives of the legislation.
The Government Senators strongly support this recommendation. Throughout
the consultation process with industry in the development of the National
Privacy Principles and the announcement of the Government's plans to develop
legislation for the extension of privacy protection to the private sector,
regard has been had to the importance of minimising compliance difficulties
and costs for business. This has resulted in a constructive approach from
both business and industry and will ensure greater participation and enthusiasm
for the development of fair information practices in the private sector.
Recommendation 10
The committee recommends that the government investigate mechanisms
to achieve a cooperative approach with the State and Territory parliaments
that could ensure effective legislation.
Government Senators note that in its announcement of the plan to develop
legislative support for privacy protection in the private sector the Government
has considered the importance of consistency between Commonwealth and
State and Territory jurisdictions. The Victorian government has indicated
a plan to legislate later this year but has also said that such legislation
would not be pursued if the Commonwealth chose to legislate. The NSW Parliament
has recently passed legislation to cover the private sector and it is
understood that there is keen interest in ensuring the regime is compatible
with plans at Commonwealth level. This approach has been strongly supported
by business. Other states are considering their position and it is likely
the Commonwealth decision to legislate will influence the outcome of those
considerations in favour of supporting the Commonwealth scheme.
Recommendation 11 (Paragraph 8.48)
The Committee strongly recommends the reconsideration of a co-regulatory
scheme underpinned by national uniform privacy legislation applicable
across all sectors. The scheme which was proposed by the Attorney-General's
Department in their discussion paper provided what the Committee views
as a practical and workable model, and one which received an overwhelmingly
positive response from all sectors.
Government Senators support the introduction of legislation to underpin
and reinforce self-regulatory privacy protection in the private sector
based on the National Privacy Principles. Such legislation should compliment
the existing protection provided for dealings in personal information
in the public sector under the Privacy Act 1988 and enable business and
industry to participate fully in an effective, efficient privacy protection
scheme.
Senator Marise Payne
Senator Helen Coonan