Privacy Law and Policy Reporter
The Ombudsman is still investigating a number of complaints of unauthorised access to the Australian Federal Policies's (AFP) computer system. In one complaint investigated, an AFP member admitted ''accessing the computer system for details about people she knew out of curiosity', and ''[i]t appeared that the AFP had no directions or guidelines in place to prevent or prohibit such access'. The Ombudsman pointed out to the AFP that ''as a record keeper, allowing such access to confidential information was contrary to its responsibilities under the Privacy Act'.
The Ombudsman is conducting an ''own motion' investigation into the administration of personal searches by the Australian Customs Service, following a number of complaints. Among the issues of concern are that the rights of persons detained are not being made clear to them:
A significant issue that has emerged from several of the complaints is that the complainant believed that he or she had no choice but to comply. In fact, a person does not have to consent to a personal search. If the person does not consent to an external search, the ACS or the AFP may bring him before a senior Customs officer or a justice to seek an order for a search. For an internal search (by a medical practitioner by examination or X-ray), such an order can only be made by a judge or a magistrate. Such an order does not automatically follow if a person refuses consent for a search.
The Department of Employment, Education and Training referred a student's Austudy debt to a debt collection agency. ''The agency ''then transferred the debt to its credit reporting facilities. This subsequently affected the student's credit rating.' DEET subsequently required the debt collector to discontinue this practice, and stated that it has a clause in its contract with the debt collector to protect its clients' privacy. The Ombudsman comments that ''it was uncertain whether the actions of [the debt collector] were in breach of the contract or the Privacy Act.'
The Ombudsman explains the Department of Immigration and Ethnic Affairs use of the data surveillance technique known as ''profiling' (see (1994) 1 PLPR 128):
Under condition 4011 of the Migration Regulations a so-called ''risk factor' is applied to applicants for certain classes of visa if they have applied for permanent residence in Australia within the last five years or have one or more relevant characteristics in common with a class of persons shown by DIEA's statistics to be likely to overstay the time allowed by the visa. Such characteristics include nationality, marital status, age, sex, occupation, the type of visa applied for, and where the application was lodged. The risk factor is applied to business, close family, tourist and short-stay visitors.
The Ombudsman found that the risk factor in condition 4011 had been wrongly applied in considering a student visa, and the decision was therefore unlawful.
While Telecom remains within the Ombudsman's jurisdiction, she now has a discretion not to investigate complaints if they can be more conveniently or effectively dealt with by the industry ombudsman for a particular industry (Prime Minister and Cabinet (Miscellaneous Provisions) Act 1994, amending the Ombudsman Act 1976 (Cth)). The Ombudsman is now referring all new complaints concerning telecommunications to the Telecommunications Industry Ombudsman (TIO), subject to a few exceptions (none relevant to privacy issues).
The Ombudsman's Report illustrates the complexity of the number of bodies involved in investigating complaints which raise privacy issues, and influencing government policy to deal with them. The Report does not mention any co- operation with the Privacy Commissioner's Office in relation to any of the matters noted above.
The ''opting out' by the Ombudsman from telecommunications complaints places a greater responsibility on the TIO to provide effective redress, as complainants have now been denied any effective access to the Ombudsman