Privacy Law and Policy Reporter
Marie Shroff — New NZ Privacy Commissioner
New Zealand Cabinet Secretary Marie Shroff has been appointed as the new Privacy Commissioner, succeeding retiring Commissioner Bruce Slane. She will probably commence in the role in September. Associate Justice Minister Lianne Dalziel said the appointment followed a rigorous selection process from among a number of highly qualified applicants. Applications were called for the position, as occurs in Victoria, but unlike the practice in the Commonwealth and NSW.
Ms Shroff has 15 years’ experience as Cabinet Secretary and Clerk of the Executive Council under governments of different parties, and was previously a journalist and teacher. Minister Dalziel thanked Bruce Slane for more than a decade of service as the first Privacy Commissioner, saying he had made the office ‘a respected institution’. l
Source: press release by New Zealand Government 23 June 2003.
Canadian Federal Privacy Commissioner forced to resign
The Canadian Federal Privacy Commissioner, George Radwanski, has been forced to resign as a result of a House of Commons investigation and report into allegations against him of abuse of expenses, compounded by obstruction of the investigation. A House of Commons Committee had taken the first steps towards removal of Mr Radwanski from office, which would have required a resolution of both Houses of Parliament. In the meantime, the Auditor-General was also to conduct a review of financial controls in the Commissioner’s office, and there were associated allegations of undue pressure on staff of the office. In its report, tabled after the resignation, the parliamentary committee accused the former Commissioner of financial abuses, creating a ‘culture of intimidation’ for his employees, and not meeting the required standard of honesty.
Mr Radwanski denied the allegations against him in his letter of resignation, claiming that the Committee ‘has produced a scathing condemnation of me through closed door proceedings that have denied me every right to fairness and due process’ and listing numerous claimed abuses.
Radwanski has been an outspoken advocate for privacy — taking on the Government over several major initiatives, particularly in the post September 11 security context. His ‘Commissioner’s Overview’ in his Annual Report 2001-02 is probably the most sustained attack on a Government’s policies and legislation ever undertaken by a Privacy Commissioner. However, his abrasive style had won him few friends or supporters, even in the privacy and civil rights community in Canada.
The Report of the Standing Committee on Government Operations and Estimates Matters Relating to the Office Of The Privacy Commissioner (June 2003) is at <www.parl.gc.ca/ InfoComDoc/37/2/OGGO/Studies/ Reports/oggorp05-e.htm>. l
Law Reform Commission recommends genetic privacy regulation
The Australian Law Reform Commission has published the final report of its two year joint enquiry with the Australian Health Ethics Committee into the protection of human genetic information. Entitled Essentially Yours, the report makes 144 recommendations about how to deal with the ethical, legal and social implications.
Privacy laws should be harmonised and tailored to address the particular challenges of human genetic information, including extending protection to genetic samples, and acknowledging the familial dimension of genetic information.
Employers should not be permitted to collect or use genetic information — except in those rare circumstances where this is necessary to protect the health and safety of workers or third parties, and the action complies with stringent standards set by a new Human Genetics Commission of Australia (HGCA). The insurance industry should be required to adopt a range of improved consumer protection policies and practices with respect to its use of genetic information (including family history) for underwriting purposes.
A new criminal offence should be created to prohibit someone submitting another person’s sample for genetic testing knowing that this is done without consent or other lawful authority. DNA parentage testing should be conducted only with the consent of each person sampled (or both parents in the case of young children) or pursuant to a court order.
Australian governments should develop national minimum standards on the collection, use, storage, destruction and matching of DNA samples and profiles for law enforcement purposes. No inter-jurisdictional sharing of information should be permitted except in accordance with these minimum standards (see below for specific recommendations of another review). l
Source: ALRC media release at <www.alrc.gov.au/media/2003/ mr2905.htm>.
Anti-spam legislation draws closer?
The Minister for Communications, Senator Alston, convened a meeting in Canberra on 26 June to discuss proposed federal legislation to control unsolicited e-mail or spam. The Internet Industry Association (IIA) highlighted the difficulty of defining spam for the purposes of regulation, and the limited ability of any one government to control the vast amount of cross-border spam was broadly acknowledged. l
Source: <www.smh.com.au/ text/articles/2003/06/26/ 1056449370787.htm>.
OECD, US focus on spam and scams
The OECD has released a set of guidelines outlining a framework for co-operation between member states on dealing with fraudulent and deceptive business practices, particular through fraudulent email scams. The guidelines recommend that ‘member countries should work together to develop fast, efficient methods for gathering and sharing information’, including stepping up measures to ‘gather and share information, including consumer complaints and notifications of pending investigations and cases, through online tools and databases’. Meanwhile, the USFederal Trade Commission is seeking increased powers to hunt down spammers operating from outside of the United States. The FTC has drafted an International Consumer Protection Enforcement Act that strengthens its investigative and enforcement powers for spam and general online consumer protection issues, and is seeking Congressional support for the proposed law. l
Source: contributed by Tim Dixon, editorial board member.
OFPC anticipates two year review
The Office of the Federal Privacy Commissioner has written to a range of stakeholders — agencies, businesses and NGOs — inviting them to consider systematically collecting information about their experience under the Privacy Act, with a view to making a submission later in 2003. This request anticipates the ‘two year’ view of the Act foreshadowed by the Attorney-General when the private sector amendment legislation was introduced, but which has not yet been formally requested by the Government.
The Commissioner is particularly keen to obtain information about the number and type of enquiries and complaints, and how they have been dealt with; relevant survey results; and impact on business costs and processes. l
Sources: letter from Privacy Commissioner June 2003.
Safeguards for DNA use in law enforcement
The Report of the Review of Pt 1D of the Crimes Act 1914 was tabled in Parliament on 15 May. The review, which was completed in March 2003, was chaired by Tom Sherman, former head of the NCA. Other members were the federal Privacy Commissioner, and representatives of the Commonwealth Ombudsman, the DPP and the Australian Federal Police.
Part 1D established procedures for DNA testing in relation to Commonwealth offences, and established a national DNA database system which is co-ordinated by CrimTrac, a Commonwealth agency. The system, when fully operational, will enable the comparison of DNA profiles across all Australia’s jurisdictions for law enforcement purposes. The system is underpinned by Commonwealth, State and Territory legislation.
The major deficiency identified by the Review is that the national system is not yet operational and only one jurisdiction (NSW) has loaded profiles onto the relevant CrimTrac database, known as the National Criminal Investigation DNA Database (NCIDD). The Review calls for redoubled efforts on the part of the Commonwealth, the States and Territories to move quickly to negotiate the relevant arrangements which are necessary to make the system fully operational.
While there has been relatively little experience of the operation of Pt 1D, the Review has recommended improved accountability arrangements both within and across Australia’s jurisdictions. The Review sees effective accountability mechanisms as crucial to maintaining public confidence in the use of DNA analysis for law enforcement purposes.
The Review recommends that the external scrutiny mechanisms be based upon existing co-operation between Australian Ombudsmen with involvement of Privacy Commissioners and other monitoring bodies. The Review recommends that Ombudsmen (or equivalents) in each jurisdiction report to their respective Ministers in 12 months on whether there are any legislative impediments to the cross- referral of matters between jurisdictions.
There will be a further review of Pt 1D in two years’ time.
The Review flags the issue of potential extension of the uses of DNA samples. The Attorney-General noted in Parliament in the debate on the relevant legislation that ‘[t]he analysis of the DNA samples will only reveal the sex of the person from whom it is taken. It does not reveal any other personal characteristics’. The Review notes that it seems inevitable that the potential to use DNA material for purposes other than identification will continue to expand. To ensure that any extended use of these new developments should occur by way of deliberative action of parliament and not by way of some unregulated extension, the review recommends that Pt 1D should only be used for analysis aimed at non-personal identification and the legislation should be amended to specifically exclude testing of DNA for the purpose of detecting phenotypically expressed information including health or medical conditions.
The Privacy Commissioner and Commonwealth Ombudsman have both welcomed the report of the Review. l
Source: OFPC media release <www.privacy.gov.au>.