Privacy Law and Policy Reporter
New Federal Privacy Commissioner Karen Curtis
Ms Karen Curtis has been appointed as the new Australian Federal Privacy Commissioner, commencing 12 July 2004. For the last six years she has been with the Australian Chamber of Commerce and Industry (ACCI), where she is currently the Director of Industry Policy, including responsibilities for ACCI’s small business policy unit. She has been a statutory appointee to the Privacy Advisory Committee since 2001.
Timothy Pilgrim is Acting Federal Privacy Commissioner until Ms Curtis commences.
ACCI were one of the principal business organisations that influenced the Prime Minister’s 1997 abandonment of plans for private sector privacy legislation (see (1997) 4 PLPR 1), and may have also influenced his subsequent U-turn which led to the Privacy (Amendment) Act 2000.
Privacy NSW gutted
The NSW Government’s apparent determination to make the office of NSW Privacy Commissioner ineffective has taken a new turn. The salary of Privacy Commissioner, which did not previously come from the Privacy NSW Budget, is now coming from that budget, resulting in a proposed 25% reduction (two positions) of an already very small office. The final reorganisation has not yet been announced. However, the two most senior staff members of Privacy NSW, Deputy Commissioner Anna Johnston and Senior Legal Officer John Gaudin, have already taken redundancy packages. Ms Johnston and Mr Gaudin are widely respected for their knowledge, experience and commitment in matters concerning privacy.
Two advertised positions at Privacy NSW, that of Correspondence Manager and Communications Manager, have also not been filled. The current appointment of Acting Privacy Commissioner John Dickie is only until 30 June, and the status of Mr Dickie’s position beyond that date is not known.
The government attempted to abolish the Privacy Commissioner last year by transferring his functions to the Ombudsman (see (2003) 10(6) PLPR 101). It would not be surprising if they now attempted to revive that Bill.
Privacy Act complaints up
The latest statistics published on the OFPC web site record 1013 complaints received between 1 July 2003 and the end of April 2004, compared to 1090 for the whole of 2002-03. Hotline enquiries may not reach the 2002-03 total of 21290, but are still a very large number – 16630 to 30 April.
Senate Estimates hearings in February 2004 revealed that OFPC is currently closing 31% of all complaints within 10 days, 58% in 30 days or leas, and 73% in within 90 days. These figures include cases which are found to be outside jurisdiction, so of substantive complaints a significant proportion are still taking more than 3 months to resolve.
Source: OFPC Website www.privacy.gov.au and Hansard
Big Brother awards NZ
New Zealand’s first “Big Brother Awards”, for outstanding contributions to the abuse of privacy in New Zealand, has gone to Government Ministers and others responsible for what organisers describe as a series of draconian new “anti-terrorism” and surveillance laws. The corporate award went to Baycorp, the government department award to the spy agency GCSB and “long-term menace” award went to public registers of personal information. The awards are modeled on Big Brother Awards held annually in many countries around the world, and are judged by a panel of academics and practitioners who are specialists in privacy law.
Two awards were made to champions of privacy. Associate Professor Peter Wills of Auckland University was recognised for exposing the privacy implications of the PBRF (Performance Based Research Funding) exercise conducted by the Tertiary Education Commission. A joint award to Bruce Slane, the former NZ Privacy Commissioner, and Blair Stewart, the Assistant Privacy Commissioner, recognised their long-term contribution to the first decade of NZ’s Privacy Act 1993.
Source: Auckland Council for Civil Liberties
Outsourcing prompts Indian privacy promise
India’s government made a commitment almost a year ago (September 2003) to introduce a data protection initiative to give more protection to companies outsourcing their data processing to India. The newly-elected Congress government in India does not have any specific policy on the issue. After a state government (Andhra Pradesh) proposed an EU-style data protection law in 2002, the central government IT Ministry decided that a federal initiative was preferable, and established an Advisory Committee of three lawyers. There is considerable pressure from US companies to simply rely on contractual protections between US companies and Indian outsourcers, whereas the EU continues to exert pressure for data protection legislation. Among the options reported by Stewart Dresner to be under consideration by the Indian government is negotiation of a US-style ‘Safe Harbor’ agreement with the EU, but the EU is said to have little enthusiasm for this. Getting legislation through the Indian parliament usually takes years, but there is an alternative of a government Ordinance which must be ratified by Parliament within six months or its becomes void. Dresner considers that any Indian initiative is lkely to be limited in scope to outsourced overseas personal data, as there is little local pressure for information privacy laws in light of the other more pressing concerns of most sections of Indian society and politics.
Source: Stewart Dresner, ‘India gives commitment on new privacy initiative’, Privacy Laws & Business Internationl Newsletter, March/April 2004
Interception of Electronic Communications
The Telecommunications Interception Amendment (Stored Communication) Bill 2004 (Cth) has been referred to the Senate Legal and Constitutional Committee, with submissions invited by 28 June. The Bill includes the government’s third attempt in two years to remove the safeguards of the Telecommunications (Interception) Act 1979 from stored electronic communications (Emails, SMS etc) before they have been read by recipients.
New Passports Act
A bill for a new Passports Act was expected to be introduced into Australia’s federal Parliament on 24 June. It will clarify the evidence of identity requirements for passport applications and will lay the foundations for the introduction of biometrics (including the use of face recognition software) into the Passports system. This is at least partly driven by US government requirements.
The Australian Communications Authority has invited expressions of interest for a Registry Operator for the Australian ENUM trial. ENUM is a proposed system for linking email addresses with telephone numbers. ENUM has the potential to provide a single point of contact for an ENUM subscriber. Privacy and Security are specifically addressed in the invitation documents, which include Privacy Guidelines.
Secure complaints to Privacy Victoria
Privacy Victoria has launched a new secure on-line complaints facility
Victorian website guidelines
Privacy Victoria has published Website Privacy Guidelines for the Victorian Public Sector (May 2004). These advisory (non-binding) guidelines arise out of an audit of Victorian Government websites by Privacy Victoria, the findings of which were published in September 2003.
New Privacy NSW website
Privacy NSW has launched a redesigned website, with many new features
NSW Health Privacy law delay
The NSW government has announced that the Health Records and Information Privacy Act (HRIPA) 2002 will now commence on 1 September 2004 (delayed from 1 July 2004).
New money laundering law
Australia’s federal government has issued a paper outlining its proposals for new anti-money laundering legislation to replace the Financial Transaction Reports Act 1988 (Cth). The new law would significantly extend the record-keeping and reporting requirements from ‘cash dealers’ to a much wider range of organisations that deal in ‘transfers of value’ including real estate agents and jewellers.
The government claims that the reforms are needed to meet international obligations in relation to combating money laundering and terrorism, but critics have suggested the proposed new obligations go beyond what is required and in any case are objectionable on various grounds.
Privacy and the Car
The Autumn 2004 edition of Privacy Victoria’s newsletter Privacy Aware has the theme of ‘Privacy and the Car’, with articles including ‘Driver’s licence: the defacto ID card?’, ‘New speed camera system in Victoria’, ‘Future cars fuelled by personal data’ and ‘Tollways and privacy’
Northwest Airlines decision undermines privacy policies
Privacy advocates from the Electonic Frontier Foundation (EFF) and Electronic Privacy Information Centre (EPIC) have attacked that part of the decision, saying it made website privacy policies effectively unenforceable. They claimed the Courts should focus on the claims made by companies on their websites.
Source: C|net News.com