Privacy Law and Policy Reporter
Much of the work of the Privacy Commissioner's office takes the form of advice to Commonwealth agencies, tax file number users and credit providers. Necessarily much of this advice is provided in confidence and most is never publicly reported, except in some cases in summary in the Commissioner's annual report. One ''window' on the Commissioner's advice is provided by his submissions and oral evidence to parliamentary committee inquiries, which generally become public at the discretion of the relevant committee, but are not easy to find. Since the period covered by the Commissioners last (fifth) annual report, the Commissioner has given evidence to a number of committee inquiries. This evidence is summarised below details can be found in the relevant Hansards.
The Commonwealth Privacy Commissioner produces large numbers of reports, submissions and other publications and it is not possible to routinely distribute them all. The Annual Report, whilst widely circulated, is necessarily retrospective. The Privacy Law and Policy Reporter provides a valuable medium by which interested parties can be kept up to date with the Commissioner's activites. The Commissioner and his staff will be making regular contributions to the Reporter.
The Privacy Commissioner gave oral evidence to the House of Representatives Committee on Legal and Constitutional Affairs Inquiry into Protection of Confidential Personal and Commercial Information held by the Commonwealth on 3 November 1993. The Committee (chaired at the start of this inquiry by Michael Lavarch, and now by Daryl Melham), has been taking evidence for more than 18 months and the extensive written submissions and oral evidence provide a very valuable record of contemporary views on privacy issues.
The Commissioner supported the submissions of other witnesses that the terms of reference of the inquiry were limited to the security and use and disclosure issues, and that a more comprehensive review of the adequacy of privacy regulation would also take into account collection powers and practices. To this extent the inquiry was having to accept the preferred starting point of the administration, with its interest in maximising the use and exchange of personal information for operational purposes.
The Commissioner challenged the view put by the Attorney-General's Department and other agencies that agency heads should be left with the discretion to use personal data as they see fit provided it meets an operational need. This approach would mitigate the Privacy Act, in that it conflicts with the fundamental privacy principle that individuals should reasonably expect information about them to be used only for the original, narrowly defined purpose, with any exceptions being closely justified and subject to strict controls and safeguards.The Commissioner noted that much of the criticism of the Act by law enforcement agencies seemed to reflect a general attitude of resistance to independent external scrutiny rather than firm evidence of the Act inhibiting legitimate activities. He suggested that the answer to any real (as opposed to perceived) difficulties for the administration in the operation of the Act may be found in more detailed specification of permissible exceptions, such as are found in Canadian privacy legislation.
The Commissioner advocated the location of responsibility for privacy compliance at a higher level in agencies, but expressed strong reservations about the licensing or registration approach suggested by the Victorian Council of Civil Liberties in its submission to the inquiry. Such approaches in Europe have been very resource intensive and generate a large public record of dubious value. They also, in the Commissioner's view, send the wrong messages to the managers of personal information holdings one of bureaucracy, interference and expense which prejudices the co-operative and principled compliance with privacy principles which is the real objective.
The Commissioner re-stated his long-standing recommendation for criminal sanctions to apply to the misuse by 'downstream' users and procurers of personal information disclosed from Commonwealth agencies. He was also sympathetic to the suggestion that individuals should be able to claim compensation when a breach of privacy arises from the unauthorised actions of an individual agency employee.
The Commissioner also repeated his concern about the gap in the Act's coverage of personal information handled for an agency by independent contractors. He saw the simplest solution to this weakness being an amendment tos8 of the Act to confer liability for actions of contractors on the agency.
The Senate Legal and Constitutional Affairs Committee is conducting an Inquiry into the Rights and Obligations of the Media. The terms of reference include ''the right to privacy and the right to know'. The Committee is looking first at the protection of journalists' sources with a view to publishing an interim report early in 1994 and the Commissioner gave oral evidence at hearings on 5 November 1993. He acknowledged the difficulty of the privacy issues involved. The public interest served by a free press may well justify privilege in relation to sources, but in the absence of any objective way of distinguishing the responsible media from less reputable journalistic practices, this privilege is likely to be abused. The option of an external regulatory structure to set and enforce professional standards is understandably resisted.
But if journalists demand absolute privilege in relation to sources (a status rationed very sparingly in other spheres), then they may need to accept as a corollary a form of strict liability for damage to reputation or privacy intrusion. Mr O'Connor recommended the propositions put by the WA Law Reform Commission May 1993 report on Professional Privilege for Confidential Communications.
The Committee will be considering journalistic ethics, including privacy intrusion issues, when they resume their deliberations in 1994. The Commissioner may make a further submission at that stage, although the issues fall outside the information privacy focus of the Privacy Act. The NSW Privacy Committee has already submitted a valuable discussion paper. The Commissioner suggested to the Committee on 5 November that there may need to be a lesser protection afforded to persons who are voluntarily involved in public affairs, compared to those private citizens such as relatives of criminals and victims who have not invited press or media attention.
Another inquiry which relates to both of those discussed above is that of the Senate Select Committee on Public Interest Whistle blowing. The Commissioner made a written submission to the Committee in December 1993 which will become public in due course. It discusses the need for consideration to be given to the privacy not only of whistle blowers themselves, but also of other individuals named in allegations.
The Joint Select Committee on Certain Family Law Matters is conducting an inquiry into the child support Scheme. The Commissioner made a submission to the Inquiry in August 1993 and gave evidence at a public hearing on 21 September. Many of the over 5000 submissions that have been made to the Committee, as well as many of the calls received on the Inquiry Hotline, raised privacy issues. The Commissioner may make a further submission once the Committee makes the details of the matters raised available.
The Commissioner's submission focused on concerns that have emerged from a significant number of complaints involving practices of the Child Support Agency (CSA) within the Tax Office, and from a privacy audit of the CSA in 1991. Similar issues have been reported by the Commonwealth Ombudsman. Matters of concern include the CSA's practice of approaching employers about deduction of child support payments without giving the payer sufficient opportunity to either raise the matter themselves, correct errors or appeal to the CSA, as is their right under the legislation. There are also issues about accuracy of information, the need for access by CSA staff to ATO data on all taxpayers, and the notification of taxpayers that their tax data may be used for child support purposes.
The Joint Committee on the Australian Security Intelligence Organisation (ASIO) is conducting an inquiry into the operation of security assessment procedures carried out by ASIO. The Commissioner did not make a written submission to the inquiry, but did provide comments on ASIO's submission. These comments dealt particularly with the appropriateness of collection of personal information associated with security vetting. The Commissioner gave oral evidence before the Committee on 20 October 1993.
There are a number of significant concerns with the present system of security vetting. Too many individuals may be unnecessarily undergong intrusive questioning, usually by junior officers without appropriate qualificatioins or training (the Department of Defence alone vets more than 17,000 employees a year). It is difficult to see either the relevance or practical value of some of the questions routinely asked. While it makes sense to check the names of applicants for highly classified positions against ASIO's database, there seems no need for routine referral of entire files to ASIO.
In November 1993, the Senate Legal and Constitutional Affairs Committee issued Checking the Cash a report on the effectiveness of the Financial Transaction Reports Act 1988. The operations of the Act, and under it of AUSTRAC(formerly the Cash Transaction reports Agency) have attracted criticism since 1988 in relation to the account-opening requirements, the secrecy of suspect-transaction reporting, the breadth of the coverage of compulsory-transaction reporting (extended in 1992 to cover all international telegraphic transfers); and the wide access by law enforcement and other agencies to the resulting database. The Committee took evidence from the Victorian Council for Civil Liberties (VCCL) and the Privacy Commissioner as well as from a wide range of law enforcement agencies and AUSTRAC itself.
In its report, the Committee acknowledges and responds to many of the privacy and civil liberties concerns. They recommend a number of changes to reduce the amount of intrusion, such as indexation and standardisation of the reporting threshold, and more flexible proof of identity tests for account opening. They recommend inclusion of bullion dealers under the reporting scheme, but not solicitors, as had been requested by law enforcement agencies. They suggest that the Tax Office's automatic right of access to AUSTRAC data be replaced by access on the same basis as other users. The Department of Social Security should not have access. The memoranda of understanding with State and Territory users should require them to observe the Information Privacy Principles. A civil liberties representative should be invited on to an advisory committee. The Director of AUSTRAC should have the discretion to delete information from the database.
One disappointment is that the committee recommends that FTR information be specifically exempted from access under FOI legislation, without any of the notification safeguards suggested by the Privacy Commissioner in his evidence