	Home \| Databases \| WorldLII \| Search \| Feedback Privacy Law and Policy Reporter

Home | Databases | WorldLII | Search | Feedback

Privacy Law and Policy Reporter

You are here: AustLII >> Databases >> Privacy Law and Policy Reporter >> 1998 >> [1998] PrivLawPRpr 55

Summary of recommendations as contained in the Legal Constitutional and Administrative Review Committee's Report No 9 - Privacy in Queen sland, May 1998 --- "32 recommendations to protect privacy in Queensland" [1998] PrivLawPRpr 55; (1998) 5(3) Privacy Law & Policy Reporter 49

32 recommendations to protect privacy in Queensland

Summary of Recommendations as contained in the Legal, Constitutional and Administrative Review Committee’s Report No 9 — Privacy In Queensland, May 1998

(From late 1996 the Legal, Constitutional and Administrative Review Committee of the Queensland Parliament into privacy. It conducted one of the most extensive Parliamentary investigations yet held in Australia and tabled its report in April 1998. The Report is at http://www.parliament.qld.gov.au/comdocs/legalrev/lcarc9.PDF The next issue of PLPR will include an article discussing the Committee’s Report. In this issue we include its 32 recommendations.

Section 24 of the Parliamentary Committees Act 1995 (Qld) requires that if a report of a parliamentary committee recommends that the government or a Minister should take particular action or not take particular action about an issue, then the Minister who is responsible for the issue must provide the Legislative Assembly with a response. This response is required to set out: any recommendations to be adopted and the way and time within which they will be carried out; and any recommendations not to be adopted and the reasons for not adopting them. This Ministerial response must be tabled within three months after a committee’s report is tabled — General Editor , with information provided by the Committee Secretariat)

Recommendation 1 - The committee concludes that Queensland’s current law with respect to protecting individuals’ privacy is inadequate and that there are valid privacy concerns which need to be addressed by legislative and/or administrative action.

Therefore, the committee recommends that the Queensland Government introduces measures to ensure the greater protection of individuals’ privacy. In particular, the committee recommends that the privacy protection of personal information held by Queensland Government departments and agencies is addressed as a matter of priority.

Recommendation 2 - The committee does not recommend that a statutory tort of privacy be created in Queensland.

Recommendation 3 - The committee recommends that the first element of a privacy regime in Queensland be the implementation of a consistent set of information privacy principles (IPPs) relating to personal information collected and held by Queensland Government departments and agencies.

The committee further recommends that the implementation of these IPPs should be phased-in over a period not exceeding one year.

Recommendation 4 - The committee recommends that a Queensland Privacy Commissioner or Committee be established by legislation, namely the Privacy Act (Qld). This Privacy Commissioner or Committee is to be the second element of a privacy regime applicable to personal information collected and held by Queensland Government departments and agencies.

Recommendation 5 - The committee recommends that the IPPs to be implemented in respect of personal information collected and held by Queensland government departments and agencies be modelled on those contained in s 14 of the Privacy Act 1988 (Cth).

However, the committee also recognises that given the increasingly blurred distinction between the public and private sectors, it is desirable that there be consistency between any information privacy regimes to apply to the private and public sectors. Therefore, the committee recommends that the Queensland Government monitor the federal Privacy Commissioner’s current process in relation to national principles for the fair handling of personal information in the private sector and the adoption of those principles by other jurisdictions. The committee believes that at some future stage the Queensland Government should consider adopting the set of IPPs emanating from that process if it will achieve the goal of national consistency in information privacy regimes applicable to all Australian public and private sectors.

Recommendation 6 - The committee recommends that the IPPs applicable to Queensland Government departments and agencies be implemented in legislation, [the Privacy Act (Qld)], and not by cabinet administrative instructions or other administrative means.

Recommendation 7 - The committee recommends that the Queensland Privacy Commissioner/Committee be able to modify the application of the IPPs by way of codes of practice to be promulgated as disallowable instruments. The committee further recommends that the provisions relating to codes of practice be modelled on those contained in Pt VI of the Privacy Act 1993 (NZ).

Recommendation 8 - The committee has already recommended that the Privacy Act (Qld) contain a set of IPPs substantially modelled on those contained in s 14 of the Privacy Act 1988 (Cth). The committee confirms that it also recommends the inclusion of the exceptions contained in the Commonwealth IPPs in those IPPs, subject to the following comments.

Firstly, in relation to the 'public revenue protection' exceptions, the committee recommends that an additional balance mechanism should be introduced. This mechanism should be a certification process whereby a designated senior officer of the public revenue collection body seeking personal information from a department or agency must certify to the department or agency that that particular information is required for public revenue protection purposes.

Secondly, in relation to the law enforcement exceptions, the committee recommends that:

the issues raised in the committee’s consultation process and noted in the discussion above should be considered in the drafting of any law enforcement exceptions and, where appropriate, further consultation with law enforcement agencies should take place;
there should be a certification process introduced whereby a designated senior officer of a law enforcement agency seeking personal information from a department or agency must certify to the department or agency that that particular information is required for law enforcement purposes; and
any privacy regime should have regard to the protection of ‘whistleblowers’ and ensure that protection offered to them is not diminished.

In addition, the committee recommends that:

the Privacy Act (Qld) contain a Part modelled on Pt VI of the Privacy Act 1988 (Cth) pursuant to which the Queensland Privacy Commissioner/ Committee will have the ability to make public interest determinations; and
the Queensland Privacy Commissioner/ Committee conduct further inquiry and consultation with respect to the need and/or desirability of public register privacy principles such as those contained in Pt VII of the Privacy Act 1993 (NZ).

Recommendation 9 - On the basis that the IPPs in the Privacy Act (Qld) are substantially modelled on those contained in s 14 of the Privacy Act 1988 (Cth), the committee recommends the following:

1. Those IPPs relating to:

manner of collection of personal information (IPP 1);

purpose for which personal information is collected (IPP 2); and

accuracy and relevance of information collected (IPP 3); apply to personal information collected after the commencement of the Privacy Act (Qld).

2. Those IPPs relating to:

the storage and security of personal information (IPP 4);

the maintenance of records kept by a record-keeper (IPP 5);

access to records containing personal information (IPP 6);

alteration of records containing personal information (IPP 7);

the requirement for record-keepers to check the accuracy etc of personal information before use (IPP 8); and

the requirement that personal information is only to be used for relevant purposes (IPP 9);

apply to personal information collected both before and after the commencement of the Privacy Act (Qld).

3. Provision be made for the IPPs regarding the use and disclosure of personal information (IPPs 10 and 11) to apply, as far as is reasonably practicable, to information collected both before and after the commencement of the Privacy Act (Qld).

4. Special provision be made in the case of the access principle (IPP 6) as it applies to certain health records, namely, that that principle will only apply to health services and records or entries made on an existing record where these occurred after the date of commencement of the Privacy Act (Qld). However, in cases where matters of fact are concerned, a person should have a right of access to these records whenever they were prepared.

Recommendation 10 - The committee recommends that, given the complexity of issues arising in considering the interrelationship between the Freedom of Information Act 1992 (Qld) and the Privacy Act (Qld), the Information Commissioner be extensively consulted with in the drafting of the Privacy Act (Qld) and any consequential amendments to the Freedom of Information Act 1992 (Qld).

However, the committee also recommends that, during that process, consideration be given to the committee’s points noted above, in particular, the committee’s:

questioning of the need for there to be consistency in terminology in both pieces of legislation;
suggestion that the effectiveness of a privacy regime might be restricted if its application is confined to ‘information concerning a person’s personal affairs’; and
discussion regarding the desirability for access and amendment provisions to be, as far as possible, contained in the Privacy Act (Qld).

Recommendation 11 - The committee recommends that the provisions in the Libraries and Archives Act 1988 (Qld) should interrelate with the Privacy Act (Qld). Therefore, the committee recommends that:

the definition of 'record' in the Privacy Act (Qld) should not include a record in the ‘open access’ period as currently set out in the regulations to the Libraries and Archives Act;
the terminology used in the 'privacy' exemption currently contained in reg 23(3)(c) of the Libraries and Archives Regulations 1990 should be redefined to relate to 'personal affairs information'; and
any issue relating to the disposal of public records by the Queensland Privacy Commissioner/Committee, should be the subject of disposal protocols between the Queensland Privacy Commissioner/Committee and the Queensland State Archivist.

The committee further recommends that the responsible Minister review, in the short term, Queensland’s archives legislation as proposed by the former Electoral and Administrative Review Commission and the former Parliamentary Committee for Electoral and Administrative Review.

Recommendation 12 - The committee recommends that the Privacy Act (Qld) provide for the establishment of a full-time Queensland Privacy Commissioner rather than a Queensland Privacy Committee.

The committee further recommends that the Queensland Privacy Commissioner be assisted by a privacy advisory committee also to be established under the Privacy Act (Qld). The provisions relating to the establishment, constitution and functions of that advisory committee should be broadly modelled on those contained in Pt VII of the Privacy Act 1988 (Cth).

Recommendation 13 - The committee recommends that the functions of the Queensland Privacy Commissioner should be broadly modelled on the functions of the Federal Privacy Commissioner as set out in s 27 of the Privacy Act 1988 (Cth). However, the committee recommends that these functions should be adapted to reflect that:

the Queensland Privacy Commissioner has a discretion to annually publish a Personal Information Digest as required by the equivalent of s 27(1)(g) of the Privacy Act (Cth); and
for the purposes of the functions contained in the equivalent of s 27(1)(c) and (r) of the Privacy Act (Cth), the Queensland Privacy Commissioner is required to report to the Minister and to Parliament.

The committee further recommends that:

a provision modelled on s 29 of the Privacy Act 1988 (Cth) be contained in the Privacy Act (Qld); and
the Queensland Privacy Commissioner should be primarily responsible for monitoring Queensland’s law enforcement agencies with respect to privacy issues given the desirability for consistency and lack of duplication in this regard. However, this matter is to be further considered and reported upon by the Queensland Privacy Commissioner as a matter of priority upon that officer’s appointment.

Recommendation 14 - The committee recommends that the Privacy Act (Qld) confer on the Queensland Privacy Commissioner the powers necessary to effectively and efficiently fulfil the Commissioner's functions under that proposed legislation including in particular:

the power of access and entry to premises occupied by an agency either with consent of the occupier or by warrant;
the power to initiate his/her own investigation in relation to an act or practice of an agency that may constitute an interference with the privacy of an individual;
powers in relation to the investigation of complaints lodged by individuals including powers of determination and declaration (regarding matters such as compensation); and
reporting powers.

Further, the committee recommends that these powers be broadly modelled on those powers available to the federal Privacy Commissioner under the Privacy Act 1988 (Cth), subject to the following considerations.

Firstly, the committee recommends that appropriate amendments be made in relation to appeal and review mechanisms open to complainants. These amendments should reflect that decisions of the Queensland Privacy Commissioner are subject to both judicial review under the Judicial Review Act 1991 (Qld) and merits review. The Committee recommends that, in determining which merits tribunal should hear matters brought under the Privacy Act (Qld), the Queensland government give further consideration to acting upon the recommendations of the former Electoral and Administrative Review Commission and the former Parliamentary Committee for Electoral and Administrative Review in this regard.

Secondly, the committee recommends that the reporting powers of the Queensland Privacy Commissioner be broadly drafted so as to permit the Commissioner to report in relation to any matter within his/her jurisdiction as the Commissioner sees fit. Relevant reports should be furnished both to the Minister and the Parliament.

Recommendation 15 - The committee recommends that the functions of the Queensland Privacy Commissioner should not be conferred on, or combined with, any other office. However, the committee accepts that for administrative efficiency, the administrative and corporate support provided to the Office of the Queensland Privacy Commissioner could be shared with another office.

Recommendation 16 - The committee recommends that the Queensland Privacy Commissioner be an independent officer of the Parliament, accountable to the Queensland Legislative Assembly through the Legal, Constitutional and Administrative Review Committee.

The committee further recommends that the Privacy Act (Qld) provide that the Legal, Constitutional and Administrative Review Committee should be:

consulted in relation to the appoint-ment, suspension and removal of the Queensland Privacy Commissioner; and
consulted in relation to the formulation of the budget of the Queensland Privacy Commissioner.

The relevant provisions in this regard should be modelled on those contained in the Parliamentary Commissioner Act 1974 (Qld). However, the committee makes this recommen-dation subject to any changes that it may propose to the provisions in that Act in response to the inaugural strategic review of the Ombudsman’s office which is currently being conducted.

Recommendation 17 - The committee recommends that the Privacy Act (Qld) apply to local governments.

Recommendation 18 - The committee recommends that the Privacy Act (Qld) should apply to private service-providers contracted by Queensland government departments and agencies (either state or local government) to perform services which would otherwise be performed by those departments or agencies.

Recommendation 19 - The committee recommends that, at this stage, the Privacy Act (Qld) should apply to the activities of GOCs and LGOCs to the same extent as those entities are subject to the Freedom of Information Act 1992 (Qld) and the Judicial Review Act 1991 (Qld).

However, the committee does believe that, in principle, the Privacy Act (Qld) should apply to all activities of GOCs and LGOCs. The committee recommends that this matter should be part of a larger review of the application of administrative law in general to GOCs and LGOCs.

Recommendation 20 - The committee recommends that the Privacy Act (Qld) place an onus on each department and agency covered by the Act to ensure that there is within that organisation an individual whose responsibilities include:

encouraging compliance by the organisation with the IPPs;
dealing with requests made to the organisation pursuant to the Act;
working with the Queensland Privacy Commissioner in relation to certain investigations conducted pursuant to the Act in relation to the organisation; and
otherwise ensuring compliance by the organisation with the provisions of the Act.

The committee recommends that the Privacy Act (Qld) provide that such officers are not to be individually liable for any breaches of the IPPs or the Act in general by the department or agency.

Recommendation 21 - The committee confirms that departments and agencies covered by the Privacy Act (Qld) should be required to provide annually to the Queensland Privacy Commissioner a copy of the record maintained in accordance with the Queensland equivalent of IPP 5 of the Privacy Act 1988 (Cth).

In addition, the committee recommends that departments and agencies should report on privacy issues that affect them in their annual reports. The Queensland Privacy Commissioner should issue generic guidelines as to the type of privacy matters that should be canvassed in annual reports.

Recommendation 22 - The committee recommends that the Privacy Act (Qld) contain a provision requiring the Queensland Privacy Commissioner to report annually to Parliament with respect to the exercise of his/her functions and the operation of the Privacy Act (Qld).

Recommendation 23 - The committee recommends that strategic reviews of the Office of the Queensland Privacy Commissioner be conducted at regular intervals and that in this regard a provision modelled on s 32 of the Parliamentary Commissioner Act 1974 (Qld) should be inserted into the Privacy Act (Qld).

The committee makes this recommendation subject to any changes that it may propose to s 32 in response to the inaugural strategic review of the Ombudsman’s office which is currently being conducted.

Recommendation 24 - The committee recommends that the Privacy Act (Qld) contain offence provisions modelled on the offence provisions contained in the Privacy Act 1988 (Cth).

Recommendation 25 - The committee recommends that the Queensland Government supports the Federal Privacy Commissioner’s efforts, in line with the Federal Government’s position, to reach agreement on a national scheme relating to information privacy in the private sector which includes both best practice privacy standards and effective supervisory, enforcement and complaint resolution mechanisms.

Recommendation 26 - The committee recognises that specific consideration needs to be given to issues associated with the privacy of health information, particularly in the private sector. However, it also recognises that any regulation in this regard should be nationally consistent.

Therefore, the committee recommends that the Queensland government supports the Federal Privacy Commissioner’s efforts, in line with the Federal Government’s position, to reach agreement on a national scheme relating to information privacy in the private sector which includes both best practice privacy standards and effective supervisory, enforcement and complaint resolution mechanisms in all areas including health.

However, the committee also recommends that, once established, the Queensland Privacy Commissioner review the privacy protection afforded to health information in the private sector as a result of that scheme, and make any necessary recommendations for change.

Recommendation 27 - The committee believes that, while the IPPs themselves and the functions of the Queensland Privacy Commissioner that relate directly to the IPPs and information privacy should be restricted to information privacy matters, the Queensland Privacy Commissioner should explicitly be given jurisdiction to deal with non-information privacy concerns.

Accordingly, the committee recommends that the parameters of the following functions that were recommended for the Queensland Privacy Commissioner in chapter 7 of this report be extended to enable the Commissioner to address non-information privacy matters (that is, matters that involve no record of personal information):

examining proposed legislation [mirroring the Privacy Act (Cth), s 27(1)(b)];
researching and monitoring technological developments [s 27(1)(c)];
publishing guidelines for the avoidance of privacy-intrusive acts or practices of an agency [s 27(1)(e)];
providing advice to a Minister or an agency on matters relevant to the Act [s 27(1)(f)];
conducting education [s 27(1)(m)];
doing anything incidental to the preceding functions [s 27(1)(o)]; and
reporting on matters that concern the need for, or the desirability of, legislative or administrative action [s 27(1)(r)].

This will ensure that the Queensland Privacy Commissioner has the capability to address both information and non-information privacy concerns that may arise in the future.

Recommendation 28 - The committee is concerned about the proliferation of the use of surveillance technology by both the public and private sectors.

Therefore, the committee recommends that the Queensland Privacy Commissioner, upon that Office’s establishment, inquire into surveillance undertaken by the private and public sectors in Queensland. The Commissioner’s inquiry should draw upon the consultation undertaken by, and the research and findings of, the NSW Law Reform Commission in relation to its current surveillance inquiry.

Recommendation 29 - The committee recognises that a number of privacy issues arise from the various existing and potential applications of smart cards and from the wider area of electronic commerce.

With respect to these issues in relation to departments and agencies covered by the Privacy Act (Qld), the committee:

notes that smart card systems will be required to comply with the information privacy principles in the Privacy Act (Qld); and
recommends that the Queensland Privacy Commissioner conduct an audit to establish the use or intended use of smart cards and:

(a) provide relevant guidance as to any privacy issues arising as a result of that use; and
(b) make recommendations as to any further regulation that might be required.

With respect to privacy issues arising as a result of smart cards and electronic commerce in the private sector, the committee reiterates that there must be national consistency in any privacy regulation and recommends that the Queensland Government continue to support national moves that address these privacy issues in a timely and appropriate manner.

Recommendation 30 - The committee recommends that, given:

the complexity of the issues associated with genetic testing and the collection and use of personal genetic information; and
the national dimension of many of those issues;

the matter be the subject of further consultation and inquiry by the proposed Queensland Privacy Commissioner. However, this consultation and inquiry should be undertaken in light of developments at the federal level and in conjunction with relevant federal bodies.

Recommendation 31 - The committee recognises:

the significant privacy issues that can arise in the context of media activity;
concerns expressed regarding the current self-regulatory measures; and
the desirability for any reform of the current system to be done on a national basis.

Therefore, the committee supports moves to review the current system of self-regulation in relation to the media, particularly in so far as privacy is concerned.

Recommendation 32 — The committee recommends that the Premier, as the Minister responsible for the Legislative Standards Act 1992 (Qld), amend s 4(3) of that Act to insert an additional example of what is meant by whether legislation ‘has sufficient regard to rights and liberties of individuals’, in terms of:

(l) does not allow for intrusion of the privacy of individuals (including information, communication, personal and territorial privacy) without adequate justification.

AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.austlii.edu.au/au/journals/PrivLawPRpr/1998/55.html