Privacy Law and Policy Reporter
Compiled by Graham Greenleaf and Nigel Waters
Qld Attorney-General Matt Foley’s Christmas present to the people of Queenlsand was the announcement of Cabinet approval for a legislation-free ‘Privacy Regime’ for the Queensland public sector. He said it would ‘protect the use and transfer of personal information held in the Queensland public sector including Government owned corporations’.
The Qld ‘Privacy Regime’, to operate from from 31 March 2001, will involve:
The scheme will be reviewed in two years, ‘at which time the need for specific privacy legislation would be considered’ said Mr Foley. There are 23 other current Information Standards issued by the Department of Communication and Information under the Financial Management Standard.
While there is value in government agencies implementing privacy rules as a matter of good bureaucratic policy, the result of Mr Foley’s approach is that the people of Queensland will have no enforceable privacy rights against government misuse of personal inform-ation. Public sector privacy is now protected by legislation in the Common-wealth (since 1988) in NSW (since 1998) and in Victoria (from 2001). The Foley ‘Privacy Regime’ is a second-rate solution for Queensland.
The Privacy Amendment (Private Sector) Act 2000 received the Royal Assent on 21 December, and will take effect on 22 December 2001. The delayed commencement allows time for private sector organisations to amend practices to comply with the new law. It is also intended to allow time for organisations or industry bodies to develop privacy codes or to review existing self-regulatory codes to submit to the Privacy Commissioner for approval. The Privacy Commissioner intends to consider the suitability of proposed codes before the legislation commences so that codes can be ready to take effect from that date.
Given that the new Act requires the Privacy Commissioner to perform a lot of functions prior to December, it is surprising that those sections in the Act conferring new functions and powers have not been made to commence immediately. The Attorney-General’s Department advises that they are relying on the Acts Interpretation Act 1901 (Cth) and general principles of statutory interpretation to ensure that the Commissioner is not acting outside his powers (ultra vires). However, there remains a question about whether any dispute about how the Commissioner is performing his new functions properly could be resolved formally without the relevant provisions having commenced.
The Privacy Act 1988 (Cth) provides for a Privacy Advisory Committee (PAC) to assist the Commissioner, both generally and specifically in relation to Guidelines and community education (Part VII). After several years in which the PAC has not been at full strength and has been relatively inactive, the Governor-General has now appointed new members in most of the categories specified in Part VII. The position requiring Trade Union experience remains unfilled.
The new members are Ms Karen Curtis, Director of Industry Policy, Australian Chamber of Commerce and Industry; Mrs Margaret Smith AO, the immediate past President of the Country Women’s Association of Australia; Mr Graeme Innes AM, Deputy Discrimination Commissioner, Human Rights and Equal Opportunity Commission; and Mr Peter Ford, Head of the Information and Security Law Division, Attorney-General’s Department.
They join existing member Mr Peter Upton, appointed when he was with the Australian Information Industries Assoc-iation, but now Director, Federation of Automotive Products Manufacturers.
The Privacy Agencies of New Zealand and Australia (PANZA) held their 12th meeting at the National Maritime Museum in Auckland on 30 October 2000. Previous meetings have been held in Sydney, Auckland, Canberra and Adelaide and Perth. Representatives attended from New Zealand, Australia and Hong Kong. Detailed discussion flowed from the written and oral reports from the jurisdictions represented. Specific privacy items discussed included electronic health records and databases, child protection policies, public registers, adequacy under the EU Directive and privacy impact assessment. At an administrative level participants also reviewed developments in the use of computers in Commissioners’ offices. The meeting was joined for lunch by the Proceedings Commissioner, who litigates privacy cases before the Complaints Review Tribunal on behalf of the NZ Privacy Commissioner; staff from the NZ Human Rights Commission and Ombudsmen’s offices; and, by Elizabeth Longworth and Tim McBride from the Editorial Board of Privacy Law & Policy Reporter.
The next meeting of the Privacy Agencies of Australia and New Zealand is to be held in Melbourne on 27 April 2001. This invitation-only meeting brings together Privacy Commissioners from Australia, New Zealand, NSW and Hong Kong, the SA Privacy Committee and officials with privacy responsibilities in other jurisdictions.
Contact Michael Wheelahan at the Department of Justice, Victoria, on email: <firstname.lastname@example.org>