Privacy Law and Policy Reporter
Compiled by Graham Greenleaf
The long-awaited NSW legislation to replace the Privacy Committee Act 1975, promised by the Liberal government as part of its response to the Independent Commission Against Corruption's 1992 Report on Unauthorised Release of Government Information, is now expected to be introduced into State Parliament in March 1994. It is expected that the government will attempt to push ahead with the Bill as government legislation, rather than release an ''exposure draft', as was its previous stated intention.
The most recent official indication of the likely content of the Bill is a speech by Andrew Tink MP (on behalf of Attorney-General John Hannaford) in December 1992, where he said that his 1992 private member's Bill, the Data Protection Bill, would ''very much form the basis' of the government's legislation. That Bill provided in Pt 2 for offences for corrupt dealings with public sector information, including soliciting disclosure of information, obtaining information, and offering to supply information. Part 3 of the Bill provided a set of Data Protection Principles (essentially similar to those in the Commonwealth Privacy Act 1988, with improvements recommended by the NSW Privacy Committee), and a requirement on government agencies to draw up codes of practice which ''must generally conform' to those principles but can include such exceptions as an agency decides. The Privacy Committee was to ''prepare or review' private sector codes of practice. There were no enforcement provisions for breaches of the principles or codes.
Mr Tink stated that, in light of the ICAC report, consideration was being given to amendments and additions to his Bill, including such matters as establishment of a Privacy Commissioner to replace the NSW Privacy Committee; a requirement that agency codes be approved by the Privacy Commissioner; exemptions from the principles to be approved by the Commissioner; some privacy principles to apply to publicly-available information; and some provision for implementation of private sector codes. It will be interesting to see whether the government's Bill attains the modest goals outlined by Mr Tink.
Australian Privacy Commissioner Kevin O'Connor, whose initial five-year term expired on 1 January 1994, has been re-appointed for a further year. Attorney-General Michael Lavarch MP, in announcing the re-appointment of Mr O'Connor, and similar one-year re-appointments for Human Rights Commissioner Brian Burdekin and Race Discrimination Commissioner Irene Moss, explained that ''the re-appointments are for one year only to allow time for the tripartite review of the Human Rights and Equal Opportunity Commission, which was announced in the Budget, to be completed'. Mr Lavarch congratulated Ms Moss, Mr Burdekin and Mr O'Connor on their achievements and hard work to date, and thanked them for agreeing to be re-appointed and thereby provide stability and continuity for the Commission while the current review is under way.
The NZ Privacy Commissioner has given advance notice of a one-day conference on privacy issues and the NZ Privacy Act, to be held on Thursday, 12 May at the Faculty of Law, University of Auckland. It is expected that there will be a mixture of prepared papers and practical workshops on the operation of the Act. The Conference is timed to coincide with the Commissioner hosting the annual meeting of Australasian Privacy Agencies. Requests for registration details (when available) should be forwarded to: The Auckland Manager, Office of the Privacy Commissioner, PO Box 466 Auckland New Zealand, tel (09) 302 2160, fax (09) 302 2305
The National Health and Medical Research Council (NHMRC) is required to issue ''Guidelines for the protection of privacy in the conduct of medical research', in consultation with the Privacy Commissioner, by s95 of the Privacy Act 1988 (Cth). The existing Guidelines (see Federal Privacy Handbook ) state that they lapse on 30 June 1994 (Guideline 3.18). The NHMRC has therefore advertised for submissions to assist it in a review of the Guidelines. The Privacy Commissioner may approve the continuation of the current Guidelines, or the issuing of revised Guidelines. Copies of the existing Guidelines and a package of background information may be obtained from the Australian Health Ethics Secretariat (tel (06) 289 4147; fax (06) 289 7802). Some details of the operation of the Guidelines can be found in the Privacy Commissioner's Fifth Annual Report, pp 67-70. Submissions should be made to the Australian Health Ethics Committee, NHMRC, GPO Box 9848 Canberra ACT 2601, or to the Privacy Commissioner, HREOC, Box 5218 Sydney 2001 by 25 February 1994
A privacy training package for managers and supervisors, consisting of a resource kit, workshop materials and a video, has been released by the Australian Privacy Commissioner. The Management of Personal Information - Protecting Your Business and Your Clients was launched on 8 December 1993 by the Hon Jeanette McHugh, Federal Minister for Consumer Affairs. The package aims to explain how privacy principles can be implemented by private sector organisations to the benefit of good business practice. It costs $150 and can be ordered on (02) 229 7600. Principal funding for the package came from the NSW Training and Education Foundation.
Heather Rowe in IT Law Today (January 1994) reports that the European Union's Internal Market Council Working Group is understood to have started discussions on the November 1992 draft at a meeting at the end of September, but only discussed about a third of the articles, making it unlikely that a common position will be reached before March 1994. If so, the coming elections mean that the European Parliament would not be able to give its second reading opinion until after August.
The Australian Privacy Commissioner issued non-binding Guidelines on data-matching in Commonwealth government administration in July 1992 (see Federal Privacy Handbook ). As he indicated at the time, he intends to prepare a report to the Commonwealth Attorney-General which will focus on three issues: (a) the extent and nature of data-matching by Commonwealth agencies; (b) the adequacy of the voluntary guidelines as controls on data-matching; and (c) whether there is a need for additional statutory regulation. The Commissioner has released a Discussion Paper: Data-Matching: operation of voluntary guidelines review (December 1993) and has requested submissions from agencies involved in data-matching and various interested non-government bodies, requesting comments by 18 February 1994. Details are available from Michael Londey in the Commissioner's Canberra office (06 247 1167).
The 4th Annual Computers Freedom and Privacy Conference is to be held at The John Marshall Law School in Chicago, Illinois from 23-26 March, sponsored jointly by the US Association for Computing Machinery (ACM). The CFP Conferences have become the principal North American conference examining the implications of information technology for liberty. Conference topics range across privacy, censorship, computer crime, defamation, copyright and related issues. For details, contact George B Trubow, Center for Informatics Law, John Marshall Law School, 315 s Plymouth Ct Chicago, IL 60604; tel 312 987 1419; fax 312 427 8307;
The 1994 National Medico-Legal Congress will be held at the Marriott Hotel, Sydney, on 28 February - 1 March 1994. Sessions with privacy-related themes include ''informed consent', ''reconciling patients rights with free flow of information', and the keynote address by Justice Michael Kirby. Details are available from the organisers, IIR Conferences, on (02) 954 5844.
Those with access to the world-wide Internet (AARNet at the Australian end) can obtain a bi-weekly electronic newsletter on privacy, security, information access etc (with a focus on the US) produced by Computer Professionals for Social Responsibility (CPSR) in Washington. To subscribe to CPSR Alert send the message: ''subscribe cpsr '' (without quotes or brackets) to firstname.lastname@example.org. Back issues of the Alert are available at the CPSR Internet Library, accessible by FTP, WAIS or Gopher at cpsr.org /cpsr/alert (if you know what I mean!). There is no charge and it is a valuable source of news.
The Association of Certified Fraud Examiners is conducting a Fraud Symposium of 36 hours instruction at the Hyatt Kingsgate, Sydney, from 28 February 28 to 4 March 1994. The ''American faculty' is James T Ratley and Joseph P Wells, both from the Association, and the ''Australian faculty' is John Banks, Partner in KPMG Peat Marwick and Joseph J Catanzariti of Clayton Utz, Solicitors. Contact PO Box 549 Gordon NSW 2072 (no phone number provided).
When launching the training package mentioned above, Minister McHugh described herself as ''a committed activist for privacy affairs'. While warning that ''serious privacy concerns' can arise from some areas of business activity such as direct marketing, she merely gave a general admonition to businesses to take a ''responsible attitude' to privacy to help ensure that business maintains control of how privacy is protected in relation to business activities. This mild language led the Australian Financial Review (9 December) to report that direct marketing ''will be curbed'.
The title of this column, ''Private Parts', was conceived by Simon Davies, who has kindly consented to its use here.
News items for inclusion in ''Private Parts' are welcome, and should be sent to Graham Greenleaf or Tim McBride. No donation is too small