Privacy Law and Policy Reporter
Compiled by Graham Greenleaf
A sweeping review of Freedom of Information Act 1982 (Cth) has been commenced by Duncan Kerr, Acting Australian Attorney-General. He has issued a reference to the Australian Law Reform Commission, to be conducted jointly with the Administrative Review Council.
The Terms of Reference (Review of Freedom of Information Legislation, 8 July 1994) include many matters relevant to privacy issues, including:
The terms of reference are issued ''having regard to' the principles and provisions of the various State and Territory FOI Acts, the Privacy Act 1988 (Cth) and the NZ Privacy Act 1993, and the Art's inquiry into GBEs. Privacy is clearly a major focus of the review.
This inquiry is likely to be of very great significance for the protection of privacy in Australia, given that it contemplates some extension of FOI principles to the private sector and GBEs (with access and correction rights to personal information being among the more likely extensions), and the creation of an Information and Privacy Commissioner along Canadian lines.
The Commission is to release an issues paper by 30 September 1994, and is toreport by 31 December 1995, including draft legislation ... and calls for review of NSW FOI Act.
Meanwhile, the NSW Ombudsman has made a Special Report to Parliament Proposing Amendments to the Freedom of Information Act 1989 (Report 01/94, 17 March 1994) in which he calls for a broad review of the NSW Act, claiming it is overdue after five years and that the Government's previously stated intention to review the Act after two years had not been adhered to. He also makes various specific recommendations for reform arising from complaints investigated by his Office.
The Ombudsman plays a pivotal role in the operation of FOI in NSW (including its provisions concerning access to and correction of information about ''personal affairs') because of his statutory role in mediating in complaintsagainst agencies concerning their administration of the Act (s52), and the fact that he reports significant findings (see Cases and Complaints this issue). Hestates in his Annual Report 1993 that ''it is the intention of the Ombudsman to become more personally involved in FOI complaints with a view to changing the culture of government in NSW to make it more publicly accountable and to extend the philosophy of open government, and the provision of information to the public'. He received 81 complaints under s52 of the FOI Act 1989 (NSW) during that reporting year. In his Report, he condemns the NSW government for the premature dismantling of the FOI unit in the Premier's Department, and for failing to require any central collation of compliance statistics.
The privacy and security section of US Vice President Al Gore's National Performance Review report, Re-engineering through information technology (June 1994), calls for the creation of a privacy organisation within the executive branch. The organisation would advise the president, assist Federal agencies, co- ordinate US privacy initiatives with international organisations, and advise State and local governments on privacy issues. The Information Infrastructure Task Force (IITF) (see 1 PLPR 68) is directed to provide recommendations on the creation of the organisation, including its size, authority and budget. The IITF will either propose a draft executive order or legislation for its creation. The IITF is also directed to create (by July 1994) an inter-agency task force, coordinated by the Office of Management and the Budget (OMB) to develop uniform privacy principles for information systems within a year.
The report calls for NIST, in consultation with the OMB and the assistance of the NSA, to ''create opportunities for industry to develop the encryption capabilities required for protection of networked distributed systems.' A high priority is set for ''finalising and promulgating digital encryption standards'.
(derived from Epic Alert v1.02, email firstname.lastname@example.org)
''Like a belch after a bad meal, the idea of a national identity card for every American has once again returned' says the Chicago Sun-Times of reports by the CBS network that a national ID Card (called an ''Employee Verification Registration') is to be proposed by the US Commission on Immigration Reform, a bipartisan group. CBS said the Commission has already discussed the concept with the White House, which tentatively endorses the idea. The card would include a photograph, a magnetic strip with vital information, and a ''verified' social security number. Production of the card would be required for all employment and social welfare applications. Governor Pete Wilson (Rep) told CBS he would offer California, which has 1.65 million illegal aliens, to be a test site for the new card. USA Today says that cost estimates range from US $2.5 billion to $6 billion. A previous effort to impose a national ID card was rejected by Congress in 1986
The Australian government has informed the UN Human Rights Committee that it is exploring options for legislative action after making no progress in convincing the Tasmanian government to amend its laws which were found by the UN body to constitute an arbitrary interference with the privacy of gay men (Toonen v Australia (1994) 1 PLPR 50). The Australian government met the July 12 deadline by formally informing the UN of its intent.
Acting Australian Attorney-General Duncan Kerr has stated that legislation overriding the Tasmanian law is to be introduced in the Spring session of Parliament. In the meantime, gay and lesbian organisations throughout Australia have launched a boycott of all Tasmanian produce
Audio cassettes of papers and discussion at the Privacy Issues Forum in Auckland in May are available from Auckland Recording Services (Box 8292 Symonds St Auckland) at NZ $10 for each of the 12 cassettes, or $100 for the set (plus New Zealand $10 for overseas orders).
A looseleaf service Privacy Law & Practice, edited by Paul Roth of Otago University, will be published by Butterworths NZ in August with an approximate price of NZ $200-$250.
Buddle Findlay, Barristers and Solicitors, in conjunction with Ernst and Young, have released a Privacy Audit and Compliance Programme. It includes a computerised compliance audit of an organisation's current systems, and results in a report identifying potential risk areas and proposing a strategy to address them
The IIR Conference Protecting Information Privacy held at the Sydney Boulevard on June 6 and 7, attracted about 130 attendees. The more substantial papers presented included those by Alan Cadman MP ''Privacy concerns arising from the inquiry into the protection of confidential information held by the Commonwealth', Graham Pinner of AUSTRAC ''Security and privacy issues in sharing information between government departments', David Williams ''Developing NSW Health's Code of Practice', Bruce Bargon ''Extending the Privacy Act to the private sector lessons from credit reporting', Dusanka Sabic (Federal Bureau of Consumer Affairs) ''Privacy concerns emerging from direct marketing', Bruce Slane ''Extending privacy law to the private sector the NZ experience', Dr Larry Cromwell ''Your privacy or your health', Graham Greenleaf ''Obligations of Australian organisations under international privacy laws', Matthew Bowcock ''Smart cards and information privacy', and Bill Caelli ''Using technology to protect confidential information'. In addition there were a number of panel sessions.
Copies of the conference papers, at $395 per set, can be obtained from IIR on (02) 954 5844. Selected papers will be re-published in the Reporter, commencing with Bruce Bargon's paper in this issue.
The standard of questions and discussion from the floor was of a notably lower quality than at the recent Privacy Issues Forum in NZ (see (1994) 1 PLPR 79). Perhaps Australian policymakers need more exposure to privacy issues. If so, IIR is holding another conference on Privacy of Information at the Sydney Boulevard on 2 and 3 November 1994.