Home | Databases | WorldLII | Search | Feedback Privacy Law and Policy Reporter

Viney, Richard --- "General insurance industry: Privacy Compliance Committee report" [1999] PrivLawPRpr 53; (1999) 6(4) Privacy Law & Policy Reporter 57

General insurance industry: Privacy Compliance Committee report

Promotion of the Privacy Principles
Reasons for delay in adopting the Privacy Principles
Practice Notes
Conclusion

General insurance industry: Privacy Compliance Committee report

Richard Viney

This report appeared in the 1999 Annual Report of Insurance Enquiry and Complaints Ltd (IEC), the voluntary complaints body established by the General Insurance Industry, and is reprinted here by kind permission of IEC Ltd and the author, who is Chair of the IEC’s Privacy Compliance Committee.

In the Foreword to the IEC’s 1998 Annual Review, the Chairman of the Board reported the finalisation of the General Insurance Industry Information Privacy Principles (Privacy Principles) to be administered by the IEC. This was a significant milestone in that the general insurance industry was the first to adopt information privacy principles which had the approval of the Commonwealth Privacy Commissioner.

The Privacy Principles provide that the IEC will be responsible for monitoring compliance with the principles and that there shall also be a committee of the IEC, namely the Privacy Compliance Committee (Privacy Committee).

The principal functions of the Privacy Committee are to:

• receive complaints about alleged non-compliance with the Privacy Principles;
• consult with organisations in respect of alleged non-compliance;
• make recommendations (where necessary) for an organisation’s compliance with the Privacy Principles;
• propose sanctions where the Privacy Committee is of the opinion that there has been a material breach of the Privacy Principles and the organisation has failed to take all reasonable steps to ensure that procedures are established to stop the breach recurring; and
• having proposed sanctions to an organisation and having considered the organisation’s response, to impose sanctions in an appropriate case.

The Privacy Committee was appointed by the Board of the IEC on 29 October 1998. The Committee met five times in the eight months to 30 June 1999.

Promotion of the Privacy Principles

The Privacy Committee’s first task was to assist the ICA and IEC in promoting the adoption by insurers of the Privacy Principles. A series of breakfast seminars with insurers was conducted in November 1998 in Sydney, Melbourne, Brisbane, Adelaide and Perth to explain the essence of the Privacy Principles and the processes by which insurers could adopt them.

To date insurers have, generally speaking, been slow to formally adopt the Privacy Principles. Only seven had adopted them as at 30 June 1999. In light of this, the Privacy Committee invited representatives of insurers to an informal meeting in Sydney on 9 June 1999. At the meeting the Privacy Committee members sought to ‘demystify’ the Principles and in turn asked attendees to raise any questions or issues. A frank exchange of views and information took place and the outlook at the conclusion of the meeting was very positive.

Reasons for delay in adopting the Privacy Principles

It has become clear that a number of factors have operated to delay many insurers in their adoption of the Privacy Principles. Four factors in particular have clearly contributed to the delay.

By far the most important factor has been the announcement in mid-December 1998 by the Commonwealth Government that it would, after all, legislate for information privacy principles for the non-government sector. The legislation has not as yet been introduced or even made public, thus creating some uncertainty as to its final form and effect. However, the Privacy Committee was able to explain at the 9 June meeting that the Commonwealth Government’s declared intention is to base the Bill on the Privacy Commissioner’s National Principles, which are almost identical to the insurance industry’s Privacy Principles. It is expected that the Bill will be introduced in the Spring session.

The other factors which are believed to have contributed to the delay are:

• the special impact on the general insurance industry of the goods and services tax (GST) proposals;
• the Y2K computer issue; and
• the Treasurer’s CLERP 6 proposals.

Each of these matters has required urgent attention by insurers and their advisors.

Uncertainty about the implications of the Privacy Principles has also been addressed by training materials developed by the Australian Insurance Institute. These have been available since May and should assist insurers to move toward the adoption of the Privacy Principles.

Practice Notes

The Privacy Committee has substantially completed a draft set of Practice Notes dealing with its complaint handling practices. At the informal meeting with the industry on 9 June 1999, the Committee undertook to make the draft available for comment before finalising the Practice Notes.

In drafting the Practice Notes, the Committee has drawn heavily on the Practice Notes issued by the IEC for the General Insurance Enquiries and Complaints Scheme procedures. The Committee’s priorities are to avoid unnecessary formality and to ensure that all parties to a dispute will know the substance of the case which they have to meet.

Conclusion

Despite the relatively slow start, the Privacy Committee believes, particularly after hearing the views of the representatives of insurers who attended the meeting on 9 June 1999, that the great majority of general insurers will formally adopt the Privacy Principles prior to the target date of 6 August 2000.

The members of the IEC Privacy Compliance Committee are Richard Viney, Chair, Robert Drummond, Industry Representative, and Nigel Waters, Consumer Representative.

Disclosure: Nigel Waters, Editor of this issue of PLPR, receives a fee for participation in the IEC Committee. He was also engaged by the Australian Insurance Institute to assist in the development of the training materials referred to.