Footnotes

CHAPTER 1 - Introduction

[1] House of Representatives, Votes and Proceedings, No. 107-23 May 2012, p. 1471.

[2] Journals of the Senate, No. 92-19 June 2012, p. 2528.

[3] Journals of the Senate, No. 100-14 August 2012, p. 2719; Journals of the Senate, No. 108‑11 September 2012, p. 2932; Journals of the Senate, No. 114‑20 September 2012, p. 3044.

[4] House of Representatives, Votes and Proceedings, No. 132-17 September 2012, p. 1794.

[5] Journals of the Senate, No. 112-18 September 2012, p. 3014.

[6] Explanatory Memorandum (EM), p. 1. Also see Australian Government, Enhancing National Privacy Protection: Australian Government First Stage Response to the Australian Law Reform Commission Report 108, For Your Information: Australian Privacy Law and Practice, October 2009, p. 9, available at: http://www.dpmc.gov.au/privacy/alrc_docs/stage1_aus_govt_response.pdf (accessed 7 September 2012). A summary table of the Australian Government's response to each of the 197 recommendations being addressed as part of the first stage response is provided at pp 15‑19 of the response.

[7] EM, p. 1.

[8] Office of the Privacy Commissioner, Getting in on the Act: The Review of the Private Sector Provisions of the Privacy Act 1988, March 2005, available at: http://www.privacy.gov.au/materials/types/reports/view/6049 (accessed 7 September 2012).

[9] Senate Legal and Constitutional Affairs References Committee, The real Big Brother: Inquiry into the Privacy Act 1988, June 2005, available at: https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Legal_and_Constitutional_Affairs/Completed%20inquiries/2004-07/privacy/report/index (accessed 7 September 2012).

[10] Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 1 – Australian Privacy Principles, June 2011, available at: https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Finance_and_Public_Administration/Completed%20inquiries/2010-13/privexpdrafts/reportpart1/index (accessed 7 September 2012);

Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 2 – Credit Reporting, October 2011, available at: https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Finance_and_Public_Administration/Completed%20inquiries/2010-13/privexpdrafts/reportpart2/index (accessed 7 September 2012).

[11] House of Representatives Hansard, 23 May 2012, p. 5210.

[12] Item 82 of Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Bill 2012 (Bill).

[13] Proposed new section 14 of the Privacy Act 1988 (Privacy Act); item 82 of Schedule 1 of the Bill.

[14] Proposed new section 15 of the Privacy Act; item 82 of Schedule 1 of the Bill; proposed new Schedule 1 of the Privacy Act; item 104 of Schedule 1 of the Bill.

[15] Item 104 of Schedule 1 of the Bill.

[16] EM, pp 2 and 72-73.

[17] EM, pp 73-89.

[18] EM, pp 53-54. Also see item 36 of Schedule 1 of the Bill and items 41-42 of Schedule 1 of the Bill, which define, respectively, the key terms 'personal information' and 'sensitive information'.

[19] EM, p. 90.

[20] EM, p. 2.

[21] Proposed new section 19 of the Privacy Act; item 72 of Schedule 2 of the Bill. Division 1 sets out an introduction to Part IIIA.

[22] EM, p. 92.

[23] Items 2-65 of Schedule 2 of the Bill.

[24] Proposed new Division 2 of Part II of the Privacy Act; item 69 of Schedule 2 of the Bill.

[25] House of Representatives Hansard, 23 May 2012, pp 5210-5211.

[26] Item 28 of Schedule 3 of the Bill.

[27] Item 29 of Schedule 3 of the Bill.

[28] Proposed new Division 2 of new Part IIIB of the Privacy Act; item 29 of Schedule 3 of the Bill.

[29] Proposed new Division 3 of new Part IIIB of the Privacy Act; item 29 of Schedule 3 of the Bill.

[30] Proposed new sections 26E and 26G of the Privacy Act; item 29 of Schedule 3 of the Bill.

[31] Proposed new section 26C of the Privacy Act; item 29 of Schedule 3 of the Bill.

[32] Proposed new section 26F of the Privacy Act; item 29 of Schedule 3 of the Bill.

[33] Proposed new section 26H of the Privacy Act; item 29 of Schedule 3 of the Bill.

[34] Proposed new sections 26P and 26R of the Privacy Act; item 29 of Schedule 3 of the Bill.

[35] Proposed new section 26N of the Privacy Act; item 29 of Schedule 3 of the Bill.

[36] Proposed new section 26Q of the Privacy Act; item 29 of Schedule 3 of the Bill.

[37] Proposed new section 26S of the Privacy Act; item 29 of Schedule 3 of the Bill.

[38] Proposed new subsections 26B(2) and 26M(2) of the Privacy Act; item 29 of Schedule 3 of the Bill.

[39] Proposed new sections 26A and 26L of the Privacy Act; item 29 of Schedule 3 of the Bill.

[40] Proposed new paragraphs 13(1)(b) and 13(2)(b) of the Privacy Act; item 42 of Schedule 4 of the Bill.

[41] Items 1 to 26 of Schedule 3 of the Bill.

[42] Proposed new Division 4 of new Part IIIB of the Privacy Act; item 29 of Schedule 3 of the Bill.

[43] Proposed new section 2A of the Privacy Act; item 1 of Schedule 4 of the Bill. For example, two of the eight objects are (a) to promote the protection of the privacy of individuals; and (b) to recognise that the protection of the privacy of individuals is balanced with the interests of entities in carrying out their functions or activities.

[44] EM, p. 4.

[45] Item 54 of Schedule 4 of the Bill.

[46] Proposed new sections 27-28B of the Privacy Act; item 54 of Schedule 4 of the Bill. Associated definitions are also amended in Schedule 4 of the Bill.

[47] House of Representatives Hansard, 23 May 2012, p. 5211. Also see EM, pp 4-5.

[48] Proposed new sections 33C and 33D of the Privacy Act; item 64 of Schedule 4 of the Bill.

[49] Proposed new sections 33E and 33F of the Privacy Act; item 64 of Schedule 4 of the Bill.

[50] Proposed new section 35A of the Privacy Act; item 66 of Schedule 4 of the Bill.

[51] Items 78 and 79 of Schedule 4 of the Bill.

[52] Proposed new section 40A of the Privacy Act; item 80 of Schedule 4 of the Bill.

[53] Item 90 of Schedule 4 of the Bill.

[54] Proposed new subsection 52(3A) of the Privacy Act; item 111 of Schedule 4 of the Bill.

[55] Proposed new subsections 5B(2) and 5B(3) of the Privacy Act; items 4 and 6 of Schedule 4 of the Bill.

[56] Item 189 of Schedule 4 of the Bill.

[57] Proposed new section 80V of the Privacy Act; item 189 of Schedule 4 of the Bill.

[58] Proposed new section 80W of the Privacy Act; item 189 of Schedule 4 of the Bill.

[59] Proposed new section 13G of the Privacy Act; item 50 of Schedule 4 of the Bill.

[60] House of Representatives Hansard, 23 May 2012, p. 5211.

[61] Item 189 of Schedule 4 of the Bill.

[62] EM, p. 5.

[63] EM, p. 5.

[64] House of Representatives Hansard, 23 May 2012, p. 5212.

[65] EM, p. 5. The Regulation Impact Statement appears at pp 6-43 of the EM.

CHAPTER 2 - Australian Privacy Principles

[1] For example, APP 7 and APP 8 apply only to private sector organisations. The Attorney‑General's Department explains that this distinction is due to the organisation-specific activities of private sector organisations: see answer to question on notice, received 3 September 2012, p. 1.

[2] Item 104 of Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Bill 2012 (Bill).

[3] Mr Richard Glenn, Attorney-General's Department, Committee Hansard, 10 August 2012, pp 2-3.

[4] Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 1 – Australian Privacy Principles, June 2011.

[6] Australian Government, Government Response to the Senate Finance and Public Administration Legislation Committee Report: Exposure Drafts of Australian Privacy Amendment Legislation: Part 1 – Australian Privacy Principles, May 2012, p. 3.

[7] Additional information, received 3 September 2012, p. 1.

[8] APP 2.1-APP 2.2.

[9] Submission 39, pp 2-3.

[10] Submission 39, p. 3.

[11] Answer to question on notice, received 3 September 2012, p. 4.

[12] APP 3.1-APP 3.4.

[13] Submission 8, Attachment 1, pp 4-5.

[14] Submission 8, p. 2.

[15] Submission 55, p. 6.

[16] Submission 14, p. 6 and Submission 42, p. 5, respectively.

[17] Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 1 – Australian Privacy Principles, June 2011, p. 72 (Recommendation 8).

[18] Australian Government, Government Response to the Senate Finance and Public Administration Legislation Committee Report: Exposure Drafts of Australian Privacy Amendment Legislation: Part 1 – Australian Privacy Principles, May 2012, p. 3.

[19] Australian Government, Government Response to the Senate Finance and Public Administration Legislation Committee Report: Exposure Drafts of Australian Privacy Amendment Legislation: Part 1 – Australian Privacy Principles, May 2012, p. 3.

[20] Answer to question on notice, received 3 September 2012, p. 1.

[21] Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 1 – Australian Privacy Principles, June 2011, p. 72. NPP 1 relates to the collection of personal information by private sector organisations.

[22] Additional information, received 29 August 2012, p. 3.

[23] Additional information, received 29 August 2012, p. 3. The Attorney-General's Department noted that a dual 'reasonably believes' and 'reasonably necessary test' applies in relation to enforcement body and enforcement related activity exceptions due to their being based on NPP 2.1(h). NPP 2.1(h) allows for the use and disclosure of personal information where an organisation reasonably believes that the use or disclosure is reasonably necessary for certain law enforcement activities by an enforcement body.

[24] IPP 1 relates to the manner and purpose of collection of personal information by Commonwealth agencies.

[25] Answer to question on notice, received 3 September 2012, p. 5. It was further noted that agencies are subject to stricter oversight and accountability arrangements through Parliament, the Executive and the Commonwealth Ombudsman.

[26] These exceptions include: where collection is required or authorised under an Australian law or court order; where a permitted general situation or permitted health situation exists; certain circumstances relating to law enforcement; and where the entity is a non-profit organisation and the information relates only to the organisation's activities and solely to the members of the organisation.

[27] Explanatory Memorandum (EM), p. 54. Also see the Australian Privacy Foundation, which argued that the definition of consent in the Privacy Act should be amended to prevent the term being interpreted in such a way that it undermines the APPs: Submission 49, p. 9; and the Law Institute of Victoria, which argued that the current definition of consent does not preclude consent unreasonably obtained or obtained in a way which undermines the objectives or purpose of the APPs: see Submission 8, p. 2.

[28] Submission 42, p. 6.

[29] Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, ALRC 108, May 2008, Volume 1, p. 686.

[30] Australian Government, Enhancing National Privacy Protection: Australian Government First Stage Response to the Australian Law Reform Commission Report 108, For Your Information: Australian Privacy Law and Practice, October 2009, p. 38.

[31] Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 1 – Australian Privacy Principles, June 2011, p. 33 (Recommendation 4).

[32] Australian Government, Government Response to the Senate Finance and Public Administration Legislation Committee Report: Exposure Drafts of Australian Privacy Amendment Legislation: Part 1 – Australian Privacy Principles, May 2012, p. 5; and answer to question on notice, received 3 September 2012, p. 2.

[33] Submission 19, p. 2.

[34] Submission 24, pp 9-10.

[35] Submission 36, p. 5.

[36] Submission 36, p. 5.

[37] EM, p. 80.

[38] Submission 17, p. 8.

[39] Submission 49, p. 15.

[40] Submission 47, p. 19.

[41] Submission 13, p. 5.

[42] Answer to question on notice, received 3 September 2012, pp. 7-8. The answer notes that additional safeguards are provided for throughout the Bill, including oversight by the Australian Privacy Commissioner.

[43] APP 7.2–APP 7.5.

[44] Submission 7, p. 5.

[45] Submission 16, p. 1.

[46] Submission 49, pp 16.

[47] Submission 7, p. 2. For similar comments, also see: Foxtel, Submission 21, pp 3-4; Acxiom Australia, Submission 32, p. 1; Kimberly-Clark Australia, Submission 46, p. 1.

[48] Submission 4, p. 2. Also see Salmat, which argued that the confusion could lead to a significant increase in consumer complaints on the mistaken assumption that direct marketing is prohibited (when in fact it is not): Submission 26, p. 8.

[49] Submission 7, p. 6. Also see section 8 of the Exposure Draft Bill.

[50] Submission 14, p. 10.

[51] Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 1 – Australian Privacy Principles, June 2011, p. 142 (Recommendation 10).

[52] Australian Government, Government Response to the Senate Finance and Public Administration Legislation Committee Report: Exposure Drafts of Australian Privacy Amendment Legislation: Part 1 – Australian Privacy Principles, May 2012, p. 8.

[53] Answer to question on notice, received 3 September 2012, p. 8.

[54] Additional information, received 29 August 2012, p. 1.

[55] Submission 21, p. 4.

[56] Submission 3, pp 1-2.

[57] Submission 49, p. 18.

[58] Submission 49, p. 17 (with emphasis in the original).

[59] Submission 49, p. 17.

[60] Submission 39, p. 6.

[61] Submission 4, p. 2.

[62] Submission 7, p. 7.

[63] Submission 7, p. 7.

[64] Submission 4, p. 2.

[65] Submission 46, p. 2. Also see GEON, Submission 37, p. 1.

[66] Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 1 – Australian Privacy Principles, June 2011, p. 150 (Recommendation 13).

[67] Australian Government, Government Response to the Senate Finance and Public Administration Legislation Committee Report: Exposure Drafts of Australian Privacy Amendment Legislation: Part 1 – Australian Privacy Principles, May 2012, p. 9.

[68] Additional information, received 29 August 2012, p. 2.

[69] Additional information, received 29 August 2012, pp 2-3.

[70] EM, p. 70.

[71] Submission 8, p. 1 and Submission 13, p. 5, respectively.

[72] Committee Hansard, 10 August 2012, pp 49-50.

[73] Submission 14, p. 10.

[74] Submission 36, p. 6.

[75] Submission 42, p. 4.

[76] Submission 39, pp 6-7. Facebook, Google, IAB Australia and Yahoo!7 alternatively suggested that the Australian Information Commissioner issue guidelines regarding what matters will be considered in the assessment of an APP 8 breach: see answer to question on notice, received 23 August 2012, p. 2. Also see Law Council of Australia, Submission 14, p. 11; Australian Bankers' Association, Submission 24, p. 11.

[77] 'Cloud environment' is a technical term for the practice of using a network of remote servers hosted on the Internet to store, manage and process data, rather than a local server: see http://computer.howstuffworks.com/cloud-computing/cloud-computing.htm (accessed 2 September 2012).

[78] Submission 3, p. 2.

[79] Submission 7, p. 3.

[80] EM, p. 83.

[81] Submission 42, p. 7. If not reasonable in the circumstances, the NSW Privacy Commissioner recommended that an entity could take other reasonable steps.

[82] Supplementary Submission 49, p. 1.

[83] Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 1 – Australian Privacy Principles, June 2011, p. 176 (Recommendation 16).

[84] Australian Government, Government Response to the Senate Finance and Public Administration Legislation Committee Report: Exposure Drafts of Australian Privacy Amendment Legislation: Part 1 – Australian Privacy Principles, May 2012, p. 10.

[85] Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, ALRC 108, May 2008, p. 48. Also see Australian Government, Enhancing National Privacy Protection: Australian Government First Stage Response to the Australian Law Reform Commission Report 108, For Your Information: Australian Privacy Law and Practice, October 2009, p. 80.

[86] Submission 48, p. 6.

[87] Mr Richard Glenn, Attorney-General's Department, Committee Hansard, 10 August 2012, pp 5-6.

[88] Submission 46, p. 3.

[89] Submission 21, p. 6.

[90] Submission 26, p. 6.

[91] Additional information, received 29 August 2012, p. 13.

[92] Additional information, received 29 August 2012, p. 14.

[93] Submission 39, pp 7-8.

[94] Submission 49, p. 19.

[95] Supplementary Submission, pp 1-2. For similar comments, also see Australian Privacy Foundation, Submission 49, p. 18.

[96] Supplementary Submission, p. 2.

[97] Submission 42, p. 8.

[98] Submission 42, p. 8. Also see the Australian Privacy Foundation, which endorsed this proposal: Submission 49, p. 19.

[99] Section 36 of the Privacy Act 1988 (Privacy Act); proposed new subsection 13(1) of the Privacy Act (item 42 of Schedule 4 of the Bill).

[100] Answer to question on notice, received 3 September 2012, p. 10.

[101] EM, p. 85.

[102] Submission 47, p. 20. Also see the Australian Privacy Foundation, which argued that APP 8.2(e) should be removed from the Bill on the grounds that it cannot be justified: see Submission 49, p. 19.

[103] Additional information, received 29 August 2012, p. 13.

[104] Additional information, received 29 August 2012, p. 13.

[105] The bodies to be included in the expanded definition of 'enforcement body' are: the CrimTrac Agency (item 16); the Immigration Department (item 17); the Office of the Director of Public Prosecutions, or a similar body established under a law of a state or territory (item 18); and the Corruption and Crime Commission of Western Australia (item 19).

[106] EM, p. 57. The EM notes that the addition of the Office of the Director of Public Prosecutions and the Corruption and Crime Commission of Western Australia are for clarity and consistency only.

[107] Item 26 of Schedule 1 of the Bill defines 'Immigration Department' to mean the Department administered by the Minister administering the Migration Act 1958 (Cth).

[108] EM, p. 57.

[109] Submission 47, p. 12.

[110] Submission 47, p. 13. In contrast, the Law Institute of Victoria argued that exemptions for agencies should be set out in a schedule to the Privacy Act rather than in enabling legislation: see answer to question on notice, received 23 August 2012, pp 2-3.

[111] EM, p. 57. The EM does not identify the types of sensitive information which could be collected by the Immigration Department in relation to its enforcement related activities.

[112] NPP 2.1(h) creates an exception to the prohibition against organisations using or disclosing personal information for a secondary purpose by listing a number of activities conducted by or on behalf of law enforcement bodies in respect of which personal information may be used or disclosed: see EM, p. 58.

[113] EM, p. 58.

[114] Submission 13, p. 2.

[115] Submission 49, pp 8-9.

[116] Attorney-General's Department, answer to question on notice, received 3 September 2012, p. 2.

[117] Submission 14, p. 8. For example, proposed new section 16A of the Privacy Act is used in APP 3.4 (Collection of sensitive information without the consent of the individual); APP 6.2 (Use or disclosure of personal information without the consent of the individual); and APP 8.2 (Disclosure of personal information to overseas recipients).

[118] Item 6 in the table to proposed new subsection 16A(1) of the Privacy Act.

[119] Submission 47, p. 11.

[120] Submission 47, p. 12.

CHAPTER 3 - Credit reporting definitions

[1] Explanatory Memorandum (EM), p. 92.

[2] The EM provides a more detailed explanation: see pp 93-98.

[3] Item 72 of Schedule 2 of the Privacy Amendment (Enhancing Privacy Protection) Bill 2012 (Bill).

[4] Proposed Divisions 2-4 in new Part IIIA of Schedule 2 of the Bill.

[5] Item 26 of Schedule 2 of the Bill provides the meaning of 'credit reporting body'; proposed new section 6G of the Privacy Act 1988 (Privacy Act) defines the term 'credit provider' (item 69 of Schedule 2 of the Bill); and item 3 of Schedule 2 of the Bill sets out the definition of 'affected information recipient'.

[6] EM, p. 93.

[7] Proposed new section 6N of the Privacy Act; item 69 of Schedule 2 of the Bill. 'Credit information' is the basic unit of personal information within the credit reporting system. It is defined as comprising certain categories of personal information about an individual (other than sensitive information).

[8] Item 28 of Schedule 2 of the Bill. Item 14 of Schedule 2 of the Bill defines the term 'CRB derived information' to mean personal information about an individual derived by a credit reporting body from credit information about the individual that is held by the credit reporting body and which has some bearing on an individual's credit worthiness, and will be used (or has been used, or could be used) to establish the individual's eligibility for consumer credit.

[9] Item 17 of Schedule 2 of the Bill. Item 13 of Schedule 2 of the Bill defines the term 'CP derived information' to mean any personal information about an individual that is derived from credit reporting information that was disclosed to the credit provider by a credit reporting body under Division 2 and which has any bearing on an individual's credit worthiness, and will be used (or has been used, or could be used) to establish the individual's eligibility for consumer credit.

[10] Item 55 of Schedule 2 of the Bill.

[11] EM, p. 93.

[12] EM, p. 94.

[13] EM, p. 96.

[14] Items 2-65 of Schedule 2 of the Bill.

[15] Proposed new Division 2 of Part II of the Privacy Act; item 69 of Schedule 2 of the Bill.

[16] Submission 27, p. 12. For similar comments, also see Communications Alliance, answer to question on notice, received 23 August 2012, p. 1.

[17] Submission 49, p. 26. Also see EM, p. 3.

[18] Submission 14, p. 11.

[19] Submission 14, p. 11.

[20] Submission 27, p. 12.

[21] Submission 47, p. 21. Also see EM, p. 2.

[22] Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 2 – Credit Reporting, October 2011, p. 28 (Recommendation 1).

[23] Australian Government, Government Response to the Senate Finance and Public Administration Legislation Committee Report: Exposure Drafts of Australian Privacy Amendment Legislation: Part 2 – Credit Reporting, May 2012, p. 3.

[24] Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, ALRC 108, May 2008, p. 27.

[25] Answer to question on notice, received 3 September 2012, p. 13.

[26] Answer to question on notice, received 3 September 2012, pp 13-14.

[27] EM, p. 91.

[28] EM, p. 91. The Office of the Australian Information Commissioner submitted that the government's objective could be more effectively achieved with the use of specific exclusionary provisions: see Submission 47, pp 22-23.

[29] Items 6-7 of Schedule 4 of the Bill.

[30] EM, p. 218.

[31] Submission 47, p. 17.

[32] Committee Hansard, 10 August 2012, p. 12.

[33] Item 72 of Schedule 2 of the Bill.

[34] See, for example, Mr Steven Münchenberg, Australian Bankers' Association, Committee Hansard, 10 August 2012, p. 15; Mr John Stanton, Communications Alliance, Committee Hansard, 10 August 2012, p. 16.

[35] Committee Hansard, 10 August 2012, p. 15.

[36] Submission 14, p. 14. Also see, for example, ANZ Banking Group Limited, Submission 29, p. 4; Australian Industry Group, Submission 16, p. 3.

[37] Submission 24, p. 5. Also see item 104 of Schedule 1 of the Bill.

[38] Submission 24, p. 6. The Australian Bankers' Association also noted that the existence of two different regulatory regimes will present operational difficulties for financial services businesses. For similar comments, see: Australasian Retail Credit Association, Submission 27, p. 6; GE Capital, Submission 43, p. 3.

[39] Submission 29, p. 4. Also see Optus, Submission 31, p. 8; Australian Finance Conference, Submission 36, p. 11.

[40] See Australian Bankers' Association, Submission 24, p. 7; Australasian Retail Credit Association, Submission 27, p. 6; GE Capital, Submission 43, p. 3.

[41] Submission 29, p. 5. Also see Law Council of Australia, Submission 14, which argued that the 'artificial' 'Australian link' requirement should not apply where a credit provider is an authorised deposit-taking institution under the Banking Act 1959 (Cth) and where the use of an offshore provider is consistent with standards set by the Australian Prudential Regulation Authority (APRA) and is subject to APRA's supervision: p. 14.

[42] Mr Richard Glenn, Attorney-General's Department, Committee Hansard, 10 August 2012, p. 5.

[43] Mr Richard Glenn, Attorney-General's Department, Committee Hansard, 10 August 2012, p. 5. Also see Mr Colin Minihan, Attorney-General's Department, Committee Hansard, 21 August 2012, p. 2.

[44] Additional information, received 29 August 2012, p. 6. Also see Mr Colin Minihan, Attorney‑General's Department, Committee Hansard, 21 August 2012, p. 2; Mr Richard Glenn, Attorney-General's Department, Committee Hansard, 21 August 2012, p. 3.

[45] Item 69 of Schedule 2 of the Bill.

[46] For example, Abacus-Australian Mutuals queried whether the definition of 'credit provider' sufficiently identifies all institutions authorised to operate a banking business under the Banking Act 1959: see Submission 25, p. 6; GE Capital questioned the inclusion of retail stores in the definition of 'credit provider': see Submission 43, p. 2; and Finance Industry Delegation considered that the definition of 'credit provider' is too broad and should align with that contained in the National Credit Consumer Protection Act 2009 (Cth): see Submission 56, pp 4‑5.

[47] Proposed new paragraph 6G(2)(b) of the Privacy Act will allow an organisation or small business operator who supplies credit for more than seven days in connection with the sale of goods, or the supply of services, to be treated as a 'credit provider' in relation to that credit.

[48] Submission 48, pp 6-7.

[49] Submission 30, p. 6.

[50] Mr John Stanton, Communications Alliance, Committee Hansard, 10 August 2012, p. 16. Also see Telstra, which made similar comments regarding the different regimes under which credit providers operate and how these regimes should be accommodated within the proposed legislative framework: Submission 52, p. 3.

[51] For example, Liberty Victoria commented on the new definition of 'court proceedings information': see Submission 13, pp 1-2; item 12 of Schedule 2 of the Bill.

[52] Submission 41, pp 1-2.

[53] Dr David Grafton, Veda, Committee Hansard, 10 August 2012, p. 23.

[54] Additional information, received 29 August 2012, pp 8-9.

[55] Submission 51, p. 14. For similar comments, also see Australian Communications Consumer Action Network, Submission 50, p. 7; and Hunter Community Legal Centre, Submission 33, p. 7 (in relation to 'serious credit infringements').

[56] Submission 51, p. 14.

[57] Submission 50, p. 7. Also see Hunter Community Legal Centre, which recommended that credit providers should be required to undertake increased contact with consumers when a default occurs and when listing occurs: Submission 33, p. 5; and the Financial Ombudsman Service, which called for proximate notification of an intention to list: Submission 12, pp 2-3.

[58] Submission 38, p. 3.

[59] Submission 50, p. 8 and Submission 51, p. 14, respectively.

[60] Submission 33, p. 5.

[61] Committee Hansard, 21 August 2012, p. 8.

[62] Submission 38, p. 4 and Submission 12, p. 5, respectively.

[63] Submission 38, p. 4.

[64] Submission 38, p. 4. Some submissions noted that the Telecommunications Industry Ombudsman has adopted the approach that an overdue account should not be listed more than 12 months after the account due date: see, for example, Australian Communications Consumer Action Network, Submission 50, p. 8.

[65] Submission 12, pp 5-6.

[66] Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 2 – Credit Reporting, October 2011, p. 131 (Recommendation 20).

[68] Submission 38, p. 3.

[69] Submission 50, p. 8.

[70] Submission 51, p. 19. Also see proposed new section 20W of the Privacy Act (item 72 of Schedule 2 of the Bill).

[71] Division 3 of Part IV of the National Credit Code in Schedule 1 of the National Consumer Credit Protection Act 2009. Section 72 of that Act provides that, under certain circumstances, a debtor who is reasonably unable to meet his or her obligations under a credit contract may apply to a credit provider for a variation of the terms of the contract.

[72] For example, Financial Ombudsman Service, Submission 12, pp 3-4; Consumer Action Law Centre, Submission 5, p. 7; Consumer Credit Legal Centre (NSW), Submission 51, p. 9.

[73] Submission 12, pp 3-4. Also see Consumer Credit Legal Centre (NSW), which argued that credit providers should not be able to default list a consumer who has entered into a hardship arrangement: Submission 51, p. 9.

[74] Answer to question on notice, received 23 August 2012, p. 3.

[75] Submission 27, p. 17. Also see Consumer Credit Legal Centre (NSW), answer to question on notice, received 23 August 2012, p. 3.

[76] Submission 5, p. 2. Also see Consumer Credit Legal Centre (NSW), Submission 51, p. 3. The Hunter Community Legal Centre made similar comments regarding the circumstances in which a 'serious credit infringement' can be listed: see Submission 33, p. 7.

[77] Submission 5, p. 4.

[78] Submission 12, p. 6.

[79] An 'un-contactable default' would relate to situations in which a default has been listed, and the debtor has not responded and cannot be contacted throughout the default period. A 'never paid' flag would be a flag relating to telecommunications or utilities debts where, after 60 days, no payment is made on the account and the credit provider has reasonable grounds to believe that the consumer never had any intention to make a payment on the account: Senate Finance and Public Administration Legislation Committee, Inquiry into Exposure Drafts of Australian Privacy Amendment Legislation, Part 2 – Credit Reporting, Veda Advantage, additional information, received 9 August 2011, p. 1.

[80] Submission 5, p. 4.

[81] Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, ALRC 108, May 2008, Volume 3, p. 78.

[82] Senate Finance and Public Administration Legislation Committee, Inquiry into Exposure Drafts of Australian Privacy Amendment Legislation, Part 2 – Credit Reporting, Department of the Prime Minister and Cabinet, additional information, received 2 September 2011, p. 3.

[83] Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 2 – Credit Reporting, October 2011, p. 60.

[84] Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 2 – Credit Reporting, October 2011, p. 60 (Recommendation 8).

[85] Australian Government, Government Response to the Senate Finance and Public Administration Legislation Committee Report: Exposure Drafts of Australian Privacy Amendment Legislation: Part 2 – Credit Reporting, May 2012, p. 5.

[86] Attorney-General's Department, answer to question on notice, received 3 September 2012, p. 16.

[87] EM, p. 116.

[88] Answer to question on notice, received 3 September 2012, p. 16.

[89] EM, p. 127.

[90] Submission 29, p. 5. Also see Australasian Retail Credit Association, Submission 27, p. 17.

[91] Submission 29, p. 6.

[92] Committee Hansard, 10 August 2012, p. 31.

[93] Committee Hansard, 10 August 2012, p. 31.

[94] Answer to question on notice, received 3 September 2012, p. 15. The Australian Government has not accepted the listing of hardship variations as a necessary component of the credit reporting system: see p. 17.

[95] EM, p. 92.

[96] For example, see: Insurance Council of Australia, Submission 23, p. 2; Diners Club International, Submission 28, pp 1-2; Min-it Software, Submission 48, p. 11; Mr John Stanton, Communications Alliance, Committee Hansard, 10 August 2012, p. 16; Ms Katherine Lane, Consumer Credit Legal Centre (NSW), Committee Hansard, 10 August 2012, p. 30.

[97] Submission 27, p. 13.

CHAPTER 4 - Regulation of credit reporting

[1] Proposed new subsection 20E(4) of the Privacy Act 1988 (Privacy Act). Also see the Hon. Nicola Roxon MP, Attorney-General, House of Representatives Hansard, 23 May 2012, p. 5211.

[2] Explanatory Memorandum (EM), pp 135-136.

[3] Submission 28, pp 1-2.

[4] Submission 28, p. 2. The submission suggested two amendments to enable charge card providers to access repayment history information.

[5] Mr John Stanton, Communications Alliance, Committee Hansard, 10 August 2012, p. 16. Mr Steven Brown, Dun & Bradstreet, Committee Hansard, 10 August 2012, p. 22, also endorsed this proposal.

[6] Submission 23, p. 2.

[7] Submission 23, Attachment 1, p. 3.

[8] Submission 23, Attachment 1, p. 9 (emphasis in original).

[9] Submission 51, p. 5. The submission details each of these arguments: see pp 6-13.

[10] Committee Hansard, 10 August 2012, p. 30.

[11] Submission 48, p. 11. Also see the Consumer Credit Legal Service (WA), which argued that the inclusion of 'repayment history information' in the Bill would be invasive and beyond what is reasonably necessary for 'credit providers' to assess an individual's credit worthiness: Submission 6, pp 2 and 4.

[12] Mr Richard Glenn, Attorney-General's Department, Committee Hansard, 10 August 2012, p. 1. Also see Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, ALRC 108, May 2008, Recommendations 55-1 to 55-3.

[13] EM, p. 3.

[14] EM, p. 3.

[15] Mr Steven Brown, Dun & Bradstreet, Committee Hansard, 10 August 2012, p. 22; Ms Sharon Booth, Experian, Committee Hansard, 10 August 2012, p. 21. Also see, for example, Insurance Council of Australia, Submission 23, p. 2; Mr Timothy Pilgrim, Australian Privacy Commissioner, Committee Hansard, 10 August 2012, p. 8; Mr Damian Paull, Australasian Retail Credit Association, Committee Hansard, 10 August 2012, p. 14; Mrs Sue Jeffrey, ANZ Banking Group Limited, Committee Hansard, 10 August 2012, p. 15.

[16] Additional information, tabled 10 August 2012. The Australasian Retail Credit Association similarly referred to research published by the United States-based Policy and Economic Research Council: 'Credit Impact of More Comprehensive Credit Reporting in Australia and New Zealand', August 2012, available at: http://perc.net/files/PERC%20Report%20-%20Final.pdf (accessed 20 August 2012).

[17] Committee Hansard, 10 August 2012, pp 26-27.

[18] Submission 6, pp 2-3. For similar comments, also see Consumer Credit Legal Centre (NSW), Submission 51, pp 5-13.

[19] Submission 49, p. 23.

[20] EM, p. 29.

[21] Additional information, received 29 August 2012, p. 7.

[22] EM, p. 138 (emphasis in the original).

[23] For example, Australasian Retail Credit Association, Submission 27, p. 15; and Australian Privacy Foundation, which argued further that pre-screening should only apply to 'negative information' such as default information and serious credit infringements: see Submission 49, p. 29.

[24] Submission 51, pp 16-17.

[25] Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, ALRC 108, May 2008, Recommendation 57-3.

[26] Australian Government, Enhancing National Privacy Protection: Australian Government First Stage Response to the Australian Law Reform Commission Report 108, For Your Information: Australian Privacy Law and Practice, October 2009, p. 116.

[27] Submission 49, p. 28. The submission states that this would be consistent with the Do Not Call Register Act 2006 and the Spam Act 2003.

[28] Submission 14, p. 13. The Law Council of Australia also submitted that it would be preferable to expressly include a statement that no written record must be made of an opted-out individual being removed from a marketing list and no communication of a consumer's opted-out status should be made to the credit provider or their agent.

[29] Proposed new paragraph 20G(2)(c) of the Privacy Act.

[30] Submission 24, p. 7. Also see Australasian Retail Credit Association, Submission 27, pp 15-16.

[31] EM, p. 144.

[32] EM, p. 144.

[33] For example, see: ANZ Banking Group Limited, Submission 29, p. 8; Experian, Submission 35, p. 5; Mr Steven Brown, Dun & Bradstreet, Committee Hansard, 10 August 2012, p. 22.

[34] Submission 27, p. 7.

[35] Submission 41, p. 3.

[36] For example, Australasian Retail Credit Association, Submission 27, p. 7; ANZ Bank, Submission 29, p. 8; Veda, Submission 41, pp 1 and 4-7.

[37] Submission 44, p. 2.

[38] Committee Hansard, 10 August 2012, p. 24.

[39] Committee Hansard, 10 August 2012, p. 24.

[40] Committee Hansard, 10 August 2012, p. 25. For similar comments, see Mr Steven Brown, Dun & Bradstreet, Committee Hansard, 10 August 2012, p. 25.

[41] Submission 27, p. 7.

[42] Dun & Bradstreet, Experian and Veda, Submission 44, p. 2.

[43] Submission 41, p. 9. Also see Dun & Bradstreet, Experian and Veda, Submission 44, p. 2.

[44] Committee Hansard, 10 August 2012, p. 24.

[45] Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, ALRC 108, May 2008, Recommendation 57-2.

[46] Australian Government, Enhancing National Privacy Protection: Australian Government First Stage Response to the Australian Law Reform Commission Report 108, For Your Information: Australian Privacy Law and Practice, October 2009, p. 116.

[47] Clause 115 of the Exposure Draft Bill.

[48] Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 2 – Credit Reporting, October 2011, p. 111.

[49] Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 2 – Credit Reporting, October 2011, p. 113 (Recommendation 16).

[50] Australian Government, Government Response to the Senate Finance and Public Administration Legislation Committee Report: Exposure Draft of Australian Privacy Amendment Legislation: Part 2 – Credit Reporting, May 2012, p. 8.

[51] See subclause 115(2) of the Exposure Draft Bill.

[52] Mr Richard Glenn, Attorney-General's Department, Committee Hansard, 21 August 2012, p. 14.

[53] Mr Richard Glenn, Attorney-General's Department, Committee Hansard, 21 August 2012, p. 14.

[54] Additional information, received 29 August 2012, p. 9.

[55] EM, pp 148-149. In relation to proposed new subsection 20T(1), see EM, p. 180.

[56] Submission 27, p. 11. The Australasian Retail Credit Association highlighted that the definition of the term 'credit provider' could result, for example, in an entity that has no affiliation with the credit reporting system being compelled to resolve credit reporting issues: see pp 9-10.

[57] Submission 47, pp 23-24.

[58] Submission 29, pp 7-8. Also see Australasian Retail Credit Association, which agreed, but queried how a consumer is to determine whether 'CP derived information' is correct: Submission 27, p. 15.

[59] Submission 36, p. 9.

[60] Submission 38, p. 5. The Energy & Water Ombudsman (NSW) added that, read in conjunction with the proposed new complaints provisions (particularly proposed new paragraph 23B(5)(a) of the Privacy Act), an individual might have to wait up to 60 days before being able to engage in external dispute resolution or approach the Australian Information Commissioner. Also see Australian Privacy Foundation, which argued that industry should devise a means of flagging corrected or disputed information: see Submission 49, p. 31.

[61] Submission 45, p. 7.

[62] Committee Hansard, 21 August 2012, p. 9.

[63] Submission 49, p. 31.

[64] Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, ALRC 108, May 2008, p. 69 (Recommendation 58-9). This recommendation was accepted by the Australian Government: see Australian Government, Enhancing National Privacy Protection: Australian Government First Stage Response to the Australian Law Reform Commission Report 108, For Your Information: Australian Privacy Law and Practice, October 2009, p. 128.

[65] Submission 51, p. 18.

[66] Submission 51, p. 18.

[67] Mr Colin Minihan, Attorney-General's Department, Committee Hansard, 21 August 2012, p. 9. Also see Senate Finance and Public Administration Legislation Committee, Exposure Draft of Australian Privacy Amendment Legislation, Part 2 – Credit Reporting, October 2011, p. 94 (Recommendation 14); Australian Government, Government Response to the Senate Finance and Public Administration Legislation Committee Report: Exposure Draft of Australian Privacy Amendment Legislation: Part 2 – Credit Reporting, May 2012, p. 7.

[68] Submission 51, p. 18.

[69] Submission 51, p. 18.

[70] Mr Colin Minihan, Attorney-General's Department, Committee Hansard, 21 August 2012, p. 10.

[71] Answer to question on notice, received 3 September 2012, p. 16.

[72] Submission 48, p. 9.

[73] Committee Hansard, 21 August 2012, pp 10-11.

[74] Committee Hansard, 21 August 2012, p. 12.

[75] Submission 38, p. 6. Also see Australian Bankers' Association, answer to question on notice, received 30 August 2012, p. 3.

[76] Submission 27, p. 11.

[77] Submission 30, p. 7.

[78] Submission 31, p. 5. For similar comments, also see Telecommunications Industry Ombudsman, Submission 45, pp 8-9.

[79] Submission 12, p. 7. For similar comments, also see Energy & Water Ombudsman NSW, Submission 38, p. 7.

[80] Submission 12, p. 7, Submission 38, p. 7 and Submission 45, p. 9, respectively. Also see Communications Alliance, answer to question on notice, received 23 August 2012, p. 2.

[81] Submission 27, p. 12.

[82] Committee Hansard, 10 August 2012, p. 14.

[83] Submission 27, p. 12.

[84] Submission 5, p. 6.

[85] Submission 5, p. 7. For similar comments, also see Australian Finance Conference, Submission 36, p. 9.

[86] Mr Colin Minihan, Attorney-General's Department, Committee Hansard, 21 August 2012, p. 15.

[87] Submission 30, p. 4. Also see Optus, Submission 31, p. 4.

[88] This code is registered with the telecommunications industry regulator, the Australian Communications and Media Authority.

[89] These regulations are administered by the Australian Securities and Investments Commission (ASIC).

[90] AS ISO 10002-2006, Customer satisfaction – Guidelines for complaints handling in organizations is an International Standard providing guidance for the design and implementation of an effective and efficient complaints-handling process for all types of commercial and non-commercial activities, including those related to e-commerce.

[91] Submission 30, p. 4. For similar arguments, see: Abacus-Australian Mutuals, Submission 25, p. 3; Australasian Retail Credit Association, Submission 27, p. 9.

[92] Submission 29, p. 9. Also see Australasian Retail Credit Association, Submission 27, p. 10.

[93] Submission 27, p. 10.

[94] Submission 36, p. 9. For similar recommendations, see Abacus-Australian Mutuals, which described the Australian Securities and Investments Commission administered complaints‑handling regime as 'rigorous and highly prescriptive': Submission 25, p. 3.

[95] Submission 49, p. 34 and Submission 30, p. 4, respectively.

[96] Submission 30, pp 6-7. Also see Optus, Submission 31, pp 5-7, for a similar suggestion and identification of the benefits that this would produce.

[97] Submission 31, p. 5. Also see Communications Alliance, Submission 30, p. 6; Telstra, Submission 52, p. 2.

[98] Answer to question on notice, received 14 September 2012, p. 1. The Attorney-General's Department also noted that the issue of inconsistent regulatory regimes was examined by the Senate Finance and Public Administration Legislation Committee in 2010-2011: see Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 2 – Credit Reporting, October 2011, pp 78-81.

[99] Answer to question on notice, received 14 September 2012, p. 2.

[100] Answer to question on notice, received 14 September 2012, p. 2.

[101] Item 2 of the table to sub-clause 2(1) of the Bill.

[102] For example, see Australian Finance Conference, Submission 36, p. 3; Consumer Credit Legal Centre (NSW), Submission 51, p. 3.

[103] For example, see ANZ Banking Group Limited, Submission 24, p. 3; Australasian Retail Credit Association, Submission 27, p. 8; Abacus-Australian Mutuals, Submission 25, pp 3-4.

[104] Submission 27, p. 8.

[105] Submission 25, p. 5.

[106] Mr Steven Münchenberg, Australian Bankers' Association, Committee Hansard, 10 August 2012, p. 17.

[107] Submission 36, p. 4.

[108] Submission 36, p. 4. For similar comments, see Mr Steven Münchenberg, Australian Bankers' Association, Committee Hansard, 10 August 2012, p. 16; Dr David Grafton, Veda, Committee Hansard, 10 August 2012, p. 24.

[109] Submission 27, p. 9.

[110] Submission 27, p. 9.

[111] Mr Richard Glenn, Attorney-General's Department, Committee Hansard, 21 August 2012, p. 16. Also see Attorney-General's Department, Proposed regulations under the Privacy Amendment (Enhancing Privacy Protection) Bill: A discussion paper to provide an overview of the relevant regulation making powers under the Bill and the existing Privacy Act 1988, and outline the Government's proposed regulation, August 2012.

[112] Submission 51, pp 3-4. For similar comments regarding the need to consider the entire framework, see Australian Privacy Foundation, Submission 49, p. 25.

[113] Additional information, received 29 August 2012, p. 11.

[114] Additional information, received 29 August 2012, p. 11.

CHAPTER 5 - Australian Information Commissioner's functions and powers

[1] Explanatory Memorandum (EM), p. 216. Also see Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, ALRC 108, May 2008, Recommendations 47 and 49-50.

[2] For example, Office of the Victorian Privacy Commissioner, Submission 17, p. 1; Australian Privacy Foundation, Submission 49, p. 4.

[3] Committee Hansard, 10 August 2012, p. 8.

[4] Submission 42, p. 10.

[5] Submission 42, p. 10 and Submission 49, p. 6, respectively. The Australian Privacy Foundation further argued that the Australian Information Commissioner should be required to publish such undertakings: Submission 49, p. 6.

[6] Submission 17, p. 13. The Australian Privacy Foundation suggested that, where a 'privacy impact assessment' is requested by the Australian Information Commissioner, it should be completed before decisions are made to proceed with the activity or function in question: see Submission 49, p. 6.

[7] EM, p. 233. Also see Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, ALRC 108, 2008, p. 58 (Recommendation 47-5).

[8] Australian Government, Enhancing National Privacy Protection: Australian Government First Stage Response to the Australian Law Reform Commission Report 108, For Your Information: Australian Privacy Law and Practice, October 2009, pp 86-87.

[9] For example, see Centre for Internet Safety, Submission 22, p. 4; Ms Katie Miller, Law Institute of Victoria, Committee Hansard, 10 August 2012, p. 47.

[10] Submission 7, p. 9.

[11] For example, see Ms Katherine Lane, Consumer Credit Legal Centre (NSW), Committee Hansard, 10 August 2012, p. 29; Australian Privacy Foundation, Submission 49, p. 4.

[12] Submission 49, p. 4.

[13] Item 200 of Schedule 4 of the Bill.

[14] Subsection 52(1) of the Privacy Act provides that, after investigating a complaint, the Commissioner may make a determination dismissing the complaint or find the complaint substantiated and make a determination. Subsection 52(1A) of the Privacy Act extends the meaning of 'loss or damage' in subsection 52(1) to include injury to the complainant's feelings or humiliation suffered by the complainant.

[15] Submission 49, p. 4.

[16] Submission 49, p. 4. The Australian Privacy Foundation added that the Australian Information Commissioner should be required to make the determination within 60 days: see Supplementary Submission 49, p. 1.

[17] Committee Hansard, 10 August 2012, p. 11.

[18] Committee Hansard, 10 August 2012, p. 11.

[19] Australian Government, Enhancing National Privacy Protection: Australian Government First Stage Response to the Australian Law Reform Commission Report 108, For Your Information: Australian Privacy Law and Practice, October 2009, p. 93. Also see Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice (ALRC 108), May 2008, p. 59 (Recommendation 49-5).

[20] Committee Hansard, 10 August 2012, p. 11. Also see Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice (ALRC 108), May 2008, p. 60 (Recommendation 49-7).

[21] Additional information, received 29 August 2012, p. 11.

[22] Additional information, received 29 August 2012, pp 12-13.

[23] Item 189 of Schedule 4 of the Bill.

[24] Proposed new section 80V of the Privacy Act; item 189 of Schedule 4 of the Bill. A 'civil penalty provision' will be a section or subsection of the Privacy Act which contains the words 'civil penalty' and sets out a civil penalty amount: see proposed new section 80U of the Privacy Act; item 189 of Schedule 4 of the Bill.

[25] Item 189 of Schedule 4 of the Bill.

[26] Proposed new subsection 80W(3) of the Privacy Act; item 189 of Schedule 4 of the Bill. Also see proposed new section 80Z (item 189 of Schedule 4 of the Bill), which will allow the court to make a single penalty order for certain multiple contraventions of a 'civil penalty provision'; and Facebook, Google, IAB Australia and Yahoo!7, which called for clarification of the application of the 'totality' principle: Submission 39, p. 9.

[27] Submission 7, p. 8.

[28] For example, GEON, Submission 37, p. 2; Facebook, Google, IAB Australia and Yahoo!7, Submission 39, p. 9.

[29] Submission 9, p. 3. Identical statements were made by Remington Direct, Submission 10, p. 2; Pareto Phone and Pareto Fundraising, Submission 11, p. 3; The Mailing House, Submission 15, p. 4; Acxiom Australia, Submission 32, p. 3; Kimberly Clark Australia, Submission 46, p. 3; Greater Data, Submission 58, p. 3.

[30] Submission 10, p. 2.

[31] Submission 14, p. 12. By way of example, the Law Council of Australia's submission contrasted proposed new section 20P of the Privacy Act (a 'civil penalty provision' with a penalty of 2,000 units) with current section 18G of the Privacy Act, which provides that a credit reporting agency in possession or control of certain information must take reasonable steps to ensure that personal information is accurate, up‑to‑date, complete and not misleading. Section 18G of the Privacy Act is not a civil penalty provision.

[32] Submission 16, p. 3. Proposed new section 13G of the Privacy Act makes serious and repeated interferences by an entity with the privacy of an individual a civil offence: see item 50 of Schedule 4 of the Bill. Also see Australian Bankers' Association, Submission 24, p. 14 for similar comments.

[33] Submission 42, p. 10.

[34] Mr Richard Glenn, Attorney-General's Department, Committee Hansard, 10 August 2012, p. 4.

[35] Submission 27, p. 18 and Submission 7, p. 8, respectively.

[36] EM, p. 226.

[37] EM, p. 227.

[38] Submission 24, p. 15.

CHAPTER 6 - Committee views and recommendations

[1] See http://www.ag.gov.au/Privacy/Pages/Privacy-Reforms.aspx (accessed 31 August 2012); Mr Richard Glenn, Attorney-General's Department, Committee Hansard, 10 August 2012, p. 2.

[2] The Hon. Nicola Roxon MP, Attorney-General, House of Representatives Hansard, 23 May 2012, p. 5211.

[3] Australian Government, Enhancing National Privacy Protection: Australian Government First Stage Response to the Australian Law Reform Commission Report 108, For Your Information: Australian Privacy Law and Practice, October 2009, p. 5.

[4] Explanatory Memorandum (EM), p. 1. Also see Australian Law Reform Commission, For Your Information, Australian privacy Law and Practice, ALRC 108, May 2008, pp 25-102.

[5] Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 1 – Australian Privacy Principles, June 2011, available at: https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Finance_and_Public_Administration/Completed%20inquiries/2010-13/privexpdrafts/reportpart1/index (accessed 2 August 2012);

[6] Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 1 – Australian Privacy Principles, June 2011, p. 18 (Recommendation 1).

[7] Additional information, received 3 September 2012, p. 1.

[8] For example, Law Council of Australia, Submission 14, p. 8.

[9] Additional information, received 29 August 2012, p. 1; answer to question on notice, received 3 September 2012, p. 13.

[10] Answer to question on notice, received 3 September 2012, p. 13.

[11] Submission 39, pp 2-3.

[12] Answer to question on notice, received 3 September 2012, p. 4.

[13] Australian Government, Government Response to the Senate Finance and Public Administration Legislation Committee Report: Exposure Drafts of Australian Privacy Amendment Legislation: Part 1 – Australian Privacy Principles, May 2012, p. 3.

[14] Additional information, received 29 August 2012, p. 3.

[15] Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 1 – Australian Privacy Principles, June 2011, p. 72 (Recommendation 8); Australian Government, Government Response to the Senate Finance and Public Administration Legislation Committee Report: Exposure Drafts of Australian Privacy Amendment Legislation: Part 1 – Australian Privacy Principles, May 2012, p. 3.

[16] Submission 14, p. 6 and Submission 42, p. 5, respectively.

[17] Answer to question on notice, received 3 September 2012, p. 5.

[18] Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, ALRC 108, May 2008, Volume 1, p. 686 (Recommendation 19-1).

[20] Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 1 – Australian Privacy Principles, June 2011, p. 33 (Recommendation 4).

[21] NSW Privacy Commissioner, Submission 42, p. 6.

[22] Submission 17, p. 7.

[23] Submission 47, p. 19.

[24] Answer to question on notice, received 3 September 2012, pp 7-8.

[25] Answer to question on notice, received 3 September 2012, p. 7.

[26] Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 1 – Australian Privacy Principles, June 2011, p. 142 (Recommendation 10); Australian Government, Government Response to the Senate Finance and Public Administration Legislation Committee Report: Exposure Drafts of Australian Privacy Amendment Legislation: Part 1 – Australian Privacy Principles, May 2012, p. 8.

[27] Attorney-General's Department, additional information, received 29 August 2012, p. 1.

[28] Submission 7, p. 2.

[29] Senate Finance and Public Administration Legislation Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Part 1 – Australian Privacy Principles, June 2011, p. 150 (Recommendation 13).

[30] Attorney-General's Department, additional information, received 29 August 2012, pp 2-3.

[31] Submission 49, p. 17.

[32] That is, the 'Australian link' provision discussed in the context of credit reporting and APP 8 in conjunction with its accountability mechanism in proposed new section 16C of the Privacy Act.

[33] For example, Facebook, Google, IAB Australia and Yahoo!7, Submission 39, pp 6-7; Law Council of Australia, Submission 14, p. 11; Australian Bankers' Association, Submission 24, p. 11.

[34] Mr Richard Glenn, Attorney-General's Department, Committee Hansard, 10 August 2012, pp 5-6.

[35] Additional information, received 29 August 2012, p. 13.

[36] Additional information, received 29 August 2012, p. 13.

[37] Supplementary Submission 47, pp 1-2.

[38] Submission 42, p. 8.

[39] Submission 47, p. 13.

[40] EM, p. 57.

[41] EM, p. 58.

[42] Submission 14, p. 8.

[43] Submission 47, p. 11.

[44] Mr Richard Glenn, Attorney-General's Department, Committee Hansard, 10 August 2012, p. 5; Mr Colin Minihan, Attorney-General's Department, Committee Hansard, 21 August 2012, p. 2.

[45] Mr Richard Glenn, Attorney-General's Department, Committee Hansard, 10 August 2012, p. 5.

[46] See EM, p. 91.

[47] EM, p. 93.

[48] Australian Government, Government Response to the Senate Finance and Public Administration Legislation Committee Report: Exposure Draft of Australian Privacy Amendment Legislation: Part 2 – Credit Reporting, May 2012, p. 4.

[49] Submission 38, p. 4.

[51] Answer to question on notice, received 23 August 2012, pp 2-3.

[52] Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, ALRC 108, May 2008, Volume 3, p. 78.

[53] Submission 29, p. 6.

[54] Committee Hansard, 10 August 2012, p. 31.

[55] Answer to question on notice, received 3 September 2012, p. 15 (emphasis in the original).

[56] House of Representatives Hansard, 23 May 2012, p. 5212.

[57] Explanatory Memorandum, p. 2.

[58] Submission 51, p. 5.

[59] Australian Government, Government Response to the Senate Finance and Public Administration Legislation Committee Report: Exposure Draft of Australian Privacy Amendment Legislation: Part 2 – Credit Reporting, May 2012, p. 8.

[60] EM, p. 144.

[61] For example, see Australasian Retail Credit Association, Submission 27, p. 7.

[62] EM, pp 148-149 and 180.

[63] Submission 27, p. 11.

[64] Submission 47, pp 23-24.

[65] Submission 38, p. 5 and Submission 45, p. 7, respectively.

[66] Committee Hansard, 21 August 2012, p. 9.

[67] Submission 51, p. 18.

[68] Energy & Water Ombudsman NSW, Submission 38, p. 5.

[69] Submission 51, p. 18.

[70] Financial Ombudsman Service, Submission 12, p. 7.

[71] Mr Colin Minihan, Attorney-General's Department, Committee Hansard, 21 August 2012, p. 15.

[72] Additional information, received 29 August 2012, p. 10.

[73] Additional information, received 29 August 2012, pp 10-11.

[74] Senate Finance and Public Administration Legislation Committee, Exposure Draft of Australian Privacy Amendment Legislation, Part 2 – Credit Reporting, October 2011, p. 49 (Recommendation 5).

[75] Australian Government, Government Response to the Senate Finance and Public Administration Legislation Committee Report: Exposure Draft of Australian Privacy Amendment Legislation: Part 2 – Credit Reporting, May 2012, p. 4.

ADDITIONAL COMMENTS BY COALITION SENATORS

[1] For example, Mr Nigel Waters, Australian Privacy Foundation, Committee Hansard, 21 August 2012, p. 48.

[2] Joint Parliamentary Committee on Intelligence and Security, Inquiry into potential reforms of the National Security Legislation, Office of the Victorian Privacy Commissioner, Submission 109, p. 9.

[3] Committee Hansard, 10 August 2012, p. 29.

[4] Submission 14, p. 12. Comment made in relation to penalties for contravention of credit reporting provisions.

[5] Submission 10, p. 1.

[6] Submission 24, p. 3.

[7] Submission 39, p. 4. For a general discussion of how Facebook might approach operational inconsistencies with the Bill, see: Ms Samantha Yorke, IAB Australia, Committee Hansard, 10 August 2012, pp 37-38.

[8] For example, a consumer could continue to receive a communication reasonably related to an ongoing service or customer relationship between the organisation and the individual, or a communication that a consumer has consented to receive.

[9] Submission 39, pp 4-5 (emphasis in the original).

[10] Additional information, received 29 August 2012, p. 2.

[11] Mr Richard Glenn, Attorney-General's Department, Committee Hansard, 21 August 2012, p. 7.

[12] Mr Richard Glenn, Attorney-General's Department, Committee Hansard, 21 August 2012, p. 7.

[13] For example, see: Fundraising Institute of Australia, Submission 4, p. 2; Australian Direct Marketing Association, Submission 7, p. 7.

[14] Mr Richard Glenn, Attorney-General's Department, Committee Hansard, 21 August 2012, p. 7.

[15] Proposed new subsection 20E(4) of the Privacy Act (2,000 penalty units).

[16] Submission 23, p. 2.

[17] The Hon. Nicola Roxon MP, Attorney General, House of Representatives Hansard, 23 May 2012, pp 5211-5212.

[18] EM, p. 91.

[19] EM, p. 91.

[20] Proposed new section 21G prohibits the cross-border disclosure of 'credit eligibility information' by a 'credit reporting body', except in certain circumstances.

[21] Committee Hansard, 10 August 2012, p. 15.

[22] Committee Hansard, 10 August 2012, p. 19.

[23] Committee Hansard, 10 August 2012, p. 16.

[24] Additional information, received 29 August 2012, p. 6. Also see Mr Colin Minihan, Attorney‑General's Department, Committee Hansard, 21 August 2012, p. 2; Mr Richard Glenn, Attorney-General's Department, Committee Hansard, 21 August 2012, p. 3.

ADDITIONAL COMMENTS BY THE AUSTRALIAN GREENS

[1] Ms Miller, Committee Hansard, 21 August 2012, p. 45.

[2] Ms Ganopolsky, Ms Miller and Professor Greenleaf, Committee Hansard, 21 August 2012, pp 46 and 51.

[3] Explanatory Memorandum, Privacy Amendment (Enhancing Privacy Protection) Bill 2012, p. 3.

[4] CCLC NSW, Submission 51, p. 5.

[5] CCLC NSW, Submission 51, p. 5.

[6] CALC, Submission 5, p. 1.

[7] CALC, Submission 5, p. 4.

[8] CALC, Submission 5, p. 5.

[9] Australian Communications Consumer Action Network, Submission 50, p. 7.

[10] APF, Submission 49, p. 4.

[11] APF, Submission 49, p. 5.

[12] APF, Submission 49, p. 4.

[13] OAIC, Supplementary Submission 47, pp 6-7.