Privacy Law and Policy Reporter
Compiled by Graham Greenleaf
NSW Attorney-General, Geoff Shaw, has stated that NSW will push ahead with a privacy law that gives some level of coverage of the private sector, as well as the NSW public sector, despite calls by Federal Privacy Commissioner Kevin O'Connor and others for a national privacy law covering the private sector. Mr Shaw is reported in the Sydney Morning Herald as saying that 'we can't just sort of indefinitely defer until there is some national consensus'. Codes of practice for industry sectors were mentioned, but no details given. He intends to take a proposal to Cabinet before the end of the year. Let us hope it is better than his predecessor's Privacy and Data Protection Bill 1994 (see 1 PLPR 21).
WA Attorney-General Cheryl Edwardes has requested her Ministry of Justice Department to prepare an options paper for privacy legislation in WA. The WA Commission on Government recently released its first report which included recommendations for privacy legislation. Further details can be obtained from Allan Thompson or Malcolm Penn of the Strategic and Specialist Services Division of the Ministry of Justice (tel (09) 264 1136, fax (09) 264 1717).
This is at least the second options paper prepared in recent years. However, this time the local recommendations, coupled with the possibility of federal privacy laws covering the private sector, and external pressures such as the EU Directive, may make the exercise more meaningful.
The NSW Privacy Committee is responding with renewed vigour to repeated political promises of its imminent demise (see lead item above). Last month the committee released its two most substantial reports for years. Both will be reviewed in detail in future issues of the Reporter.
In Smart Cards: Big Brother's Little Helpers, written by Research Officer Chris Connolly, the committee explains the technology and issues involved with smart cards, and recommends the development of a three-layered regulatory framework involving improved state privacy legislation, an industry code of conduct, and licensing requirements monitored by the Reserve Bank of Australia. The Commonwealth Privacy Commissioner also released an exposure draft paper on smart cards in June 1995.
In Invisible Eyes: Video Surveillance in the Workplace, written by Research Officer Tim Dixon, the committee recommends legislative controls which it says could be implemented in five ways. The committee favours amendments to industrial relations legislation prohibiting video surveillance for monitoring individual work performance; prohibiting monitoring in certain locations within the workplace (for example, toilets, showers and change rooms); and prohibiting covert surveillance except with a permit from the Industrial Relations Court for the use of surveillance in locker rooms and employee recreation rooms; and any use of covert surveillance in the workplace.
The reports are available from the committee at Box 6, GPO Sydney 2000. They will also be available via the Internet (see PLPR Guides to Privacy on the Internet in this issue).
The NSW Privacy Committee has also announced a review of its 1983 Guidelines on Telephone Usage Monitoring Systems (TUMS)/Telephone Information and Management Systems (TIMS). The committee will look at the privacy implications of traffic data monitoring both for internal network users (for example, employee surveillance) and for those calling in to such networks. Interested parties should contact Ms Shanthi Herd at the committee on (02) 252 3843. Austel's Privacy Committee may need to look lively or the NSW PC may set the agenda on this issue.
Visions of Privacy for the 21st Century: A Search for Solutions, a conference to be held in Victoria, British Columbia on
9-11 May 1996, promises the most expert international roster yet assembled for a privacy conference. Speakers include industry representatives James Tobin and Stephanie Perrin, academics and privacy advocates Colin Bennett, Gary Marx, Rene Laperriere, Marc Rotenberg, Robert Ellis Smith, Joel Reidenberg, Simon Davies, and Herbert Burkert, and the Privacy Commissioners of New Zealand, the UK, Australia, Quebec, Ontario, Canada, Sweden and Germany. Details are available from the BC Information and Privacy Commissioner (fax: +1 604 387 1696, URL http://espresso.cafe.net/gvc/foi/).
The National Information Services Council (NISC) is chaired by the Australian Prime Minister and has the aim of getting Australia onto the information superhighway. NISC received a report from its legal issues committee for its first meeting on 10 August which listed as one of its five 'key messages' that 'significant gaps exist in the coverage of privacy laws and these require immediate attention'. 'The most practical response', argued the committee, 'is to extend the operation of the Privacy Act' to cover all electronic and communications services, pointing out that this recommendation is in line with similar views expressed by the ALRC, the Broadband Services Expert Group, and the House of Representatives Standing Committee on Legal and Constitutional Affairs (in its 'In Confidence' Report). The NISC Committee papers are available on the World Wide Web at URL:http://www.nla.gov.au/pmc/nisc/aug95/legal.html
WA Information Commissioner, Bronwyn Keighley-Gerardy, has fired a shot across the bow of all agencies that are still failing to comply with WA's 1992 FOI Act. In the August 1995 issue of her office's FOI Bulletin, she warns them that 'I consider the failure of agencies to meet basic statutory requirements after this length of time to be a breach of duty under the Act. In accordance with my statutory duty, this must be viewed seriously, and I intend to identify the agencies concerned and report accordingly from now on.' PLPR readers should watch this column for details of agencies named by the Commissioner.
NZ Commissioner Slane hosted the second annual Privacy Issues Forum on 29 June in Wellington. The forum papers, now available from his office for NZ$50, are an excellent collection of 20 papers, ranging across virtually all privacy issues, and tending to feature a paper on 'either side' of each privacy issue. Each topic is supplemented by 'background materials' (case notes, speech extracts etc) assembled by the Commissioner's office, making the papers something of a textbook on privacy law. Of course, having both sides of a debate sometimes results in platitudinous rubbish such as 'good, honest staff have nothing whatsoever to fear from the placement of covert cctv systems in their workplace' (Trevor Morley), but the quality papers are by far the majority. For value for money, the forum and its papers are a long way ahead of some overpriced and underthought commercial conferences.
A Christchurch casino has defended its (in)action in not attempting to stop a man who had been playing the same poker machine for 44 days with the explanation 'The Privacy Act prevents us from doing anything'. Unfortunately, our copy of the Act is missing the section that prohibits organisations from talking to people.
Like most other European privacy laws, Spain's Data Protection Act of 1993 (LORTAD) contains provisions prohibiting the transfer of personal data from Spain to another country unless adequate guarantees of privacy protection are provided. Individual transfers can be authorised by the Director of the Data Protection Agency, but a Royal Decree (No 12332/1994) authorises the Ministry of Justice and Interior Affairs, after consultation with the agency, to adopt a list of countries that provide 'an equivalent level of protection'. In February 1995 the Ministry issued an Administrative Order listing both Australia and NZ in the category of 'countries whose legislation provides an equivalent level of protection for both public and private files' (Dr O Estadella-Yuste, Privacy Laws & Business Newsletter, June 1995). They must know something about Australian laws that we don't!