Privacy Law and Policy Reporter
Issued by the Office of the Privacy Commissioner, Australia, February 1998.
(The full text of the Principles and the explanatory materials accompanying them are reproduced below — General Editor)
Protecting information privacy is a national issue. There is no doubt that Australians are concerned to protect their privacy and that, as we move into the information age, this concern is increasingly having an impact on Australian businesses. It seems to me that it is in all our interests to respond to this concern.
In March 1997 the Prime Minister offered my services to help Australian businesses to develop voluntary codes of conduct to meet privacy standards. I subsequently held informal consultations with business and consumers and in August 1997 I issued a consultation paper that addressed options for the content and implementation of a national scheme for fair information practices in the private sector. The scheme presented in this paper attempted to provide a viable self-regulatory option but was designed to be compatible with existing Commonwealth privacy laws and any further legislation which might be considered necessary in particular sectors, States or Territories.
In the broad consultations that followed, it quickly became clear that the major issue is the need for national consistency in privacy standards. Everyone wants to avoid a patchwork of different standards applying across industries, technologies and State and Territory boundaries.
It also became clear that, while there were contentious issues in relation to the content of the principles that would underlie a national scheme, issues around coverage, implementation and compliance mechanisms would be even more difficult to resolve. I therefore decided to develop the national scheme in two stages, developing principles first and then moving on to the implementation issues.
The National Principles for the Fair Handling of Personal Information represent the first stage in the development of a national privacy scheme for Australia. I have developed these principles in consultation with a wide range of business, consumer and government representatives.
My aim has been to devise a benchmark which is relevant and flexible in the business context without compromising core privacy standards. Overseas developments, especially in Europe, make it important that these principles meet international best practice. Pressure for a national approach is building and it is critical that we take this opportunity now to work together to get it right.
I am now issuing these principles as my recommended national approach to fair information handling. They will be reviewed in six to twelve months in the light of discussions on implementation and in response to any issues which arise in practice.
However, for those who wish to move quickly to implementation, benchmark principles are now on the table. I strongly encourage Australian business to take up the challenge and adopt them. v
Moira Scollay, Federal Privacy Commissioner, February 1998.
Fair information practices aim to ensure that organisations which hold information about individual people handle that information responsibly. Wherever possible, people should be able to exercise some control over the way information about them is handled. The importance of fair information practices has been increasing over recent years. The rapid development of the information economy, and the technology that underpins it, has made it cheaper and easier than ever before to collect, store, analyse, compare and share personal information.
The information economy presents Australia with great opportunities. There is no doubt that our future prosperity depends on effective use of information; many of the new products and services coming onto the market are heavily dependent on clever use of information, including information about individual people. But there are also risks. People are often uncertain about what will be done with their information and this can make them reluctant to take up the opportunities offered by new technology.
In response to these challenges, a growing number of countries, including New Zealand, Hong Kong and many European nations, have adopted laws that require fair information practices to be followed within their borders. The principles that lie at the heart of these laws are based, more or less closely, on the OECD’s Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (1980). Most of these laws prohibit the transfer of personal information to other countries where adequate standards do not apply. In this environment it is more important than ever before for Australia to meet international best practice in the way we handle personal information. The principles below (and the federal Privacy Act 1988) also reflect the ideas of the OECD guidelines.
Our Australian society and economy are closely integrated across State and Territory boundaries. Traditional industry boundaries are also breaking down. To avoid a confusing and expensive patchwork of different models, these principles aim to establish a national benchmark for the fair handling of personal information that can be applied across jurisdictions and across industries. They are issued after extensive consultation with a wide range of stakeholders including businesses, consumers, non-profit organisations and governments.
These principles have been framed in general terms so that they may be applied by a wide range of organisations to the personal information they hold. However, it is not a case of one size fits all’. Supplementary standards may be appropriate to deal with specific circumstances.
The individual’s right to privacy for his or her personal information is not absolute. The rights of individuals must be balanced with other public interests and with competing claims from individuals, businesses and other organisations. These principles set up a framework within which this can be done.
The way these principles will work in practice depends on a number of issues that this document does not address such as: which organisations adopt the principles; what mechanisms are put in place for dealing with complaints, compliance and disputes; whether the principles are applied to personal information about employees; and whether they are applied, in part or in whole, to information collected before they are adopted. No assumptions should be made about these issues; they will be resolved in consultation with stakeholders in the next stage of the process.
The Privacy Commissioner wishes to acknowledge the support and involvement of a wide range of people to the process so far of establishing a privacy regime in Australia. These include a large number of businesses, peak bodies, non-profit organisations, consumer groups, privacy advocates and Federal and State Government representatives and individuals.
Special thanks go to those who helped to negotiate the principles. The assistance of the Attorney-General’s office is also gratefully appreciated.
(Further information about the National Principles for the Fair Handling of Personal Information can be obtained from the Office of the Privacy Commissioner; GPO Box 5218 SYDNEY NSW 1042 ; privacy hotline: 1 800 023 985 tty: 1 800 620 241 facsimile: (02) 9284 9611;website: www.hreoc.gov.au e-mail: email@example.com )