Article on privacy by the Attorney General

May 25, 2012 |

In today’s Australian the Attorney General, Nicola Roxan, wrote an opinion piece on the amendments to the Privacy Act.

It provides:

These days we share personal information with government and private sector organisations all the time. We happily provide personal details in order to gain quick, convenient access to essential goods and services. We love the ease of online shopping and the instant connectivity of social media.

But we also rightfully expect our precious personal data to be handled with due care and respect for privacy.

If our personal information is not properly protected, we lose control over what others may do with our personal data.

Privacy laws help ensure our personal information is protected by robust safeguards. This week the Gillard Government is introducing some of the most significant changes to the Privacy Act since the Hawke Government first developed the laws in 1988.

These will make sure that legal privacy protection matches community expectations in an era of rapid technological change. The changes will include 13 new Australian Privacy Principles, better credit reporting laws, and giving the Privacy Commissioner more power to defend and uphold our personal privacy rights.

The privacy principles will apply to commonwealth government agencies and private sector organisations and will cover the entire information cycle, including the collection, use, disclosure and storage of information.

The principles will require organisations nationwide to consider the privacy of individuals at every stage in the information cycle and to manage their personal information with transparency.

And, to help you better understand your rights and how your information will be used, organisations will need to develop and publish better and clearer privacy policies.

While many companies have done the right thing for a long time when it comes to direct marketing, some have not.

This has led to many consumers being fed up with direct marketers having access to their personal information. With these changes, you will gain the right to pro-actively request not to receive direct marketing materials from organisations you deal with.

Organisations also must give you a clear opportunity to opt out of receiving direct marketing.

The Government has also heard your concerns about personal information being sent offshore.

That’s why we will now have another specific privacy principle that will deal with cross-border data flows by making organisations accountable for what happens to personal information they send overseas and making sure you know if and when they do.

Credit reporting will also be improved. At the moment, credit reporting agencies only hold negative information such as default and bankruptcy listings. These reforms will introduce more comprehensive and balanced credit reporting.

This means credit providers will have a more accurate picture of your credit situation to ensure responsible lending practices. This change should help lenders and you as a consumer.

Comprehensive credit reporting will come with better privacy protections that make it easier for you to ask for corrections to your credit record and easier to complain about those who hold this data.

To make sure all of these changes are enforceable, we are beefing up the powers of the Privacy Commissioner.

The Commissioner will have power to address complaints about privacy breaches effectively and to enforce the new privacy principles and credit reporting rules.

The Commissioner will have new conciliation powers to resolve privacy disputes by agreement, plus powers to enforce remedial action, and seek civil penalties for the most serious privacy breaches.

We recognise that the proper protection and promotion of our right to privacy is paramount for Australians. Our reforms to the Privacy Act prove it.

The Australian Privacy Foundation is very critical of the proposed amendments.  In my view a real problem has been enforcement.   The Privacy Commissioner has in the past been aenemic in dealing with complaints and tackling breaches.  The approach has been contradictory; a blamonange enforcement, dispute resolution and education. Determinations has been few and far between.  More worryingly the decisions have tended to be a half way house approach, not strongly dealing with breaches and trying to get the malfactor to reform its errant ways.  What is extraordinary is the idea that a person whose privacy has been breached can not bring an action to enforce what should be a fundamental right.  Once a complaint is made to the Privacy Commissioner the complaint is in the hands of the Privacy Commissioner who can deal with it according to his own discretion.  The weakness is apparent, the body that receives the complaint considers it, decides whether to investigate it then conducts a hearing and then makes a determination.  The Commissioners role merges the administrative and the quasi judicial with a mediation role within that ill defined amorphous process.  Giving the Privacy Commissioner more powers and reach within this fundamentally flawed model is not a step in the right direction.  It would be more acceptable if a citizen had more rights within that process but also could avail himself or herself of a statutory right of privacy.  Whether that will happen is a matter of “wait and see.”  There has been a lot of that in the realm of privacy reform.



Leave a Reply