Amendments to the Privacy Act take effect this week
March 10, 2014 |
This Wednesday the amendments to the Privacy Act 1988 take effect. They should require a significant change to the manner in which privacy is regulated in Australia by the Privacy Commissioner. He has been given significant and varied enforcement powers. And the penalties for serious interferences with privacy, $340,000 for an individual and $1,700,000 for a company, and breaches of the Credit Reporting provisions of the Act (Part IIIA) are very significant. The question is, and has always been, how active and effective the regulator will be. Part of the problem in the past has been the opaque way complaints have been processed and the lack of understanding of the criteria used in not investigating complaints and and the relative lethargy of the office in the past, under previous occupants of the position. Given the gatekeeper role the Privacy Commissioner has under the Act this effects how effectively and assertively the Act is regulated, or otherwise. It is a flaw in the structure of privacy legislation. Except for section 98 and the very limited circumstances of sections 90-91 any complaint has to be referred to the Privacy Commissioner (assuming no dispute resolution process is in place) and that office has the sole authority to bring civil penalty actions. Unlike the Corporations Act where ASIC has powers as does an individual or company with standing to bring an action for breaches or the Consumer legislation where the ACCC and individuals can bring actions.
The Privacy Commissioner’s profile has been very low when compared to the UK Information Commissioner’s Office and the US Federal Trade Commission. Both agencies publicise actions and settlements. Both are imperfect regulators but their more high profile actions send a clear message regarding breaches. In addition to the prosecutions they also have educational activities. Their homepages are significantly less legalistic and bureaucratic than their Southern Hemisphere counterparts. The Australian and New Zealand Privacy Commissioner’s websites are also quite bare in content by comparison.
Hopefully with the new legislation and new found powers in the Privacy Commissioner that will change. It is hardly a secret for those practising in this area (as well as articles in the Australian and other newspapers to this effect) that compliance, even at this late stage, is quite patchy.
The PM program ran a story on the changes to the Privacy Act regarding the Credit Reporting provisions in Finance industry to begin using new power to monitor comsumer credit history which provides:
BRENDAN TREMBATH: The banking industry will this week have new powers to collect more detailed information about people’s financial history.
From Wednesday, customers’ overdue credit card and loan repayments will be marked on their credit record for two years.
Here’s our business reporter Pat McGrath.
PAT MCGRATH: Consumer groups warn the new rules could increase the cost of borrowing for people on low incomes. They allow privately owned credit assessment companies to keep a record of credit card bills and loan repayments missed by only a few days.
The laws empower the agencies to hold this information for up to two years, and pass it on to lenders who can then price the interest on their loans accordingly.
And Steve Brown from Dun and Bradstreet, one of the biggest credit agencies, thinks changes need to go further. He believes missed payments on electricity, gas, water and phone bills should also be recorded.
STEVE BROWN: It would allow people who don’t today have access to a financial service credit product to demonstrate that they have got a good track record of meeting non-banking and financial service credit products.
PAT MCGRATH: And David Grafton from Veda, another big credit agency, says there are even more ways to get a clearer picture of a person’s credit record.
DAVID GRAFTON: Information on somebody’s balance relative to their credit limit would be very important as a predictor of potential credit stress.
PAT MCGRATH: So essentially, from the view of industry, just having information on when payments are made or when they’re missed isn’t enough?
DAVID GRAFTON: It’s a very powerful predictor if you run a statistical exercise, then you can show that that would be immensely helpful to credit providers.
PAT MCGRATH: Do you think people are aware that this change is coming in?
DAVID GRAFTON: I have to say I think that there’s a mixed level of awareness. I know there’s been a fair amount of press and media coverage of this issue but I suspect there is a case to be made for more consumer education.
PAT MCGRATH: Those concerns are shared by the Australian Privacy Foundation, which has criticised the lack of publicity about the credit reporting changes and other privacy law changes coming into effect this week.
A website explaining the credit changes has been set up by the credit reporting industry, and Australia’s Privacy Commissioner, Timothy Pilgrim, says the changes have publicised on his commission’s website.
TIMOTHY PILGRIM: The office of the Australian Information Commissioner’s website does have quite a large number of hits on it, it is extraordinarily well used, so we’re making sure we use that to the greatest extent possible. Like all government organisations we’re given a budget to undertake all our functions and we’ve been using that to the greatest extent possible.
PAT MCGRATH: Did the commission ask for additional funding to promote the changes?
TIMOTHY PILGRIM: We’ve been talking to government – current governments, previous governments – about the implementation process that we’re going through, so governments have been aware of our requirements.
PAT MCGRATH: But are you worried this might be seen as an issue that’s been left to industry to tell the public about?
TIMOTHY PILGRIM: Well I think it’s an important issue that should be spread across both government and industry.
PAT MCGRATH: Sure, but I mean if this is the biggest change to privacy legislation in decades, why should the industry which obviously serves to profit from that change be left to give clarity to the public about what the change actually means?
TIMOTHY PILGRIM: Well I think it’s a joint approach and the joint approach is that we’re putting information out and so is industry, I think it’s how it should be approached generally.
PAT MCGRATH: Would you like to see more funding from the government to promote this?
TIMOTHY PILGRIM: Look I think all government agencies can put up good cases for additional funding in many areas. Our requirement is to make sure that we use the funding we’ve got to the best extent possible and I believe that we’re doing that in terms of how we’re getting information out there and working with industry and other government stakeholders about getting information out through their network as well.
BRENDAN TREMBATH: Australia’s Privacy Commissioner, Timothy Pilgrim, ending that report from our business reporter Pat McGrath