Privacy Law and Policy Reporter
Graham GreenleafVictoria's Treasurer and Minister for Multimedia, Alan Stockdale, has announced the composition of the Data Protection Advisory Council which is to advise the Government on the desirable form of an information privacy law for Victoria (see <3 PLPR 43> for background). The Council has been given wide terms of reference (reproduced below), including examining data protection regimes around the world. It is to recommend an appropriate regime to protect the privacy of personal information held by State government organisations, but is also to `consider the desirability of regulation covering the private sector, in light of the Commonwealth Government's activity in the area'.
The Council met for the first time in early August, and is to report to the Minister by 20 December 1996. Legislation will therefore not be introduced until 1997.
Mr Stockdale described the Data Protection Advisory Council as `a key step in implementing the Coalition's Victoria 21 Policy which will deliver a wide range of Government services electronically by the turn of the century. He explained the Council's significance:
Electronic service delivery (ESD) has the potential to revolutionise the way governments deliver services to the public. For example, transactions such as paying parking fines, obtaining a copy of a birth certificate or notifying a government agency of a change of address will be possible through ESD.Mr Stockdale claimed that the Council `provided Victoria with the opportunity to take a national lead on what was an increasingly important public issue'. Of course, whether Victoria initiates or is forced to respond depends somewhat in developments in NSW and the Commonwealth (see <3 PLPR 43>).
The success of ESD would largely depend on Victorians trusting that the information they sent to government agencies would not be misused or accessed by unauthorised persons. Recent developments in information technology makes it possible to easily access, search and transfer vast amounts of information and therefore provide services more effectively and efficiently.
Much of the information held by state government agencies can be of a personal or sensitive nature. Therefore, it is imperative that a system of checks and controls is in place to ensure that while personal details can be found quickly among a mass of records, they are not accessed or used for any other purpose than that for which they were provided.
The Data Protection Advisory Council is requested to inquire into, consider and report to the Minister on the most appropriate regulatory regime for Victoria governing collection, storage and transfer of information, particularly personal information held by public sector organisations, and in doing so:
(a) have regard to the models, principles and experience of data protection or privacy regulation schemes however called, in other jurisdictions such as in other Australian states, NZ and in the European Union;
(b) consider the desirability of regulation covering the private sector, in light of the Commonwealth Government's activity in the area; and
(c) make recommendations on the most appropriate regulatory regime for Data Protection and Privacy in Victoria, including the means by which the operation of the scheme would be monitored and enforced.
A whole-of-government Privacy Workshop was held in January 1996, attended by representatives from every Victorian government department and most agencies, who were required to submit a questionnaire on their concerns prior to the Workshop. The consensus outcome of the Workshop was that the issues of privacy and data protection need to be addressed on a whole-of-Government basis, because of new technologies in use, increasing demand on Departments for information from each other and demands from the private sector, as well as increased outsourcing. Privacy and data protection was seen as an important component of maintaining public confidence in the security of Government held information, in the context of the move towards greater electronic Government service delivery.
The background information states:
There is considerable concern among Victorian Government Departments that their current practices have no legal basis. For instance, VicRoads are concerned about the use the police make of their database.The Commonwealth Privacy Act 1988 regulates the use of personal information and its transfer among Commonwealth Departments. The Commonwealth Government is presently considering the introduction of data protection legislation which would cover the private sector. It is understood that this legislation would be based on the trade and commerce, and external affairs powers of the Constitution. It is, however, probably at least one year away.
Some sort of regulatory framework or guidelines appear to be necessary so that departments know what information may be given to whom, and to establish a `trusted regime' to encourage public take up of ESD.
Graham Greenleaf, General Editor.