Privacy Law and Policy Reporter
This report appeared in the 1999 Annual Report of Insurance Enquiry and Complaints Ltd (IEC), the voluntary complaints body established by the General Insurance Industry, and is reprinted here by kind permission of IEC Ltd and the author, who is Chair of the IEC’s Privacy Compliance Committee.
In the Foreword to the IEC’s 1998 Annual Review, the Chairman of the Board reported the finalisation of the General Insurance Industry Information Privacy Principles (Privacy Principles) to be administered by the IEC. This was a significant milestone in that the general insurance industry was the first to adopt information privacy principles which had the approval of the Commonwealth Privacy Commissioner.
The Privacy Principles provide that the IEC will be responsible for monitoring compliance with the principles and that there shall also be a committee of the IEC, namely the Privacy Compliance Committee (Privacy Committee).
The principal functions of the Privacy Committee are to:
The Privacy Committee was appointed by the Board of the IEC on 29 October 1998. The Committee met five times in the eight months to 30 June 1999.
The Privacy Committee’s first task was to assist the ICA and IEC in promoting the adoption by insurers of the Privacy Principles. A series of breakfast seminars with insurers was conducted in November 1998 in Sydney, Melbourne, Brisbane, Adelaide and Perth to explain the essence of the Privacy Principles and the processes by which insurers could adopt them.
To date insurers have, generally speaking, been slow to formally adopt the Privacy Principles. Only seven had adopted them as at 30 June 1999. In light of this, the Privacy Committee invited representatives of insurers to an informal meeting in Sydney on 9 June 1999. At the meeting the Privacy Committee members sought to ‘demystify’ the Principles and in turn asked attendees to raise any questions or issues. A frank exchange of views and information took place and the outlook at the conclusion of the meeting was very positive.
It has become clear that a number of factors have operated to delay many insurers in their adoption of the Privacy Principles. Four factors in particular have clearly contributed to the delay.
By far the most important factor has been the announcement in mid-December 1998 by the Commonwealth Government that it would, after all, legislate for information privacy principles for the non-government sector. The legislation has not as yet been introduced or even made public, thus creating some uncertainty as to its final form and effect. However, the Privacy Committee was able to explain at the 9 June meeting that the Commonwealth Government’s declared intention is to base the Bill on the Privacy Commissioner’s National Principles, which are almost identical to the insurance industry’s Privacy Principles. It is expected that the Bill will be introduced in the Spring session.
The other factors which are believed to have contributed to the delay are:
Each of these matters has required urgent attention by insurers and their advisors.
Uncertainty about the implications of the Privacy Principles has also been addressed by training materials developed by the Australian Insurance Institute. These have been available since May and should assist insurers to move toward the adoption of the Privacy Principles.
The Privacy Committee has substantially completed a draft set of Practice Notes dealing with its complaint handling practices. At the informal meeting with the industry on 9 June 1999, the Committee undertook to make the draft available for comment before finalising the Practice Notes.
In drafting the Practice Notes, the Committee has drawn heavily on the Practice Notes issued by the IEC for the General Insurance Enquiries and Complaints Scheme procedures. The Committee’s priorities are to avoid unnecessary formality and to ensure that all parties to a dispute will know the substance of the case which they have to meet.
Despite the relatively slow start, the Privacy Committee believes, particularly after hearing the views of the representatives of insurers who attended the meeting on 9 June 1999, that the great majority of general insurers will formally adopt the Privacy Principles prior to the target date of 6 August 2000.
The members of the IEC Privacy Compliance Committee are Richard Viney, Chair, Robert Drummond, Industry Representative, and Nigel Waters, Consumer Representative.
Disclosure: Nigel Waters, Editor of this issue of PLPR, receives a fee for participation in the IEC Committee. He was also engaged by the Australian Insurance Institute to assist in the development of the training materials referred to.