Privacy Law and Policy Reporter
This Codewatch records developments since the last Codewatch columns in PLPR Issues 10.5 and 11.1 (private sector codes) (Associate Editor)
National health privacy code
At the request of Australian Health Ministers, a proposed national health privacy framework, comprising a National Health Privacy Code and supporting guidelines, is being developed by the National Health Privacy Working Group of the National Health Information Management Group . If implemented, it would provide a consistent and enforceable standard of privacy protection for data shared for monitoring and research purposes under a national linkage infrastructure. But progress on the Code has been very slow and it remains unclear as to how it would be implemented – particularly in those jurisdictions which have already passed health privacy laws.
New Zealand sectoral codes
Under the Privacy Act 1993, the NZ Privacy Commissioner can issue Codes of Practice which modify the Information Privacy Principles set out in the Privacy Act to take into account the special characteristics of specific industries, agencies or types of personal information. The provisions in a code may be more stringent or less stringent than the principles.
The Telecommunications Information Privacy Code, which took effect in November 2003 was amended on 3 June 2004. According to the accompanying Explanatory Note the amendments to the Code, which came into effect on 1 August:
• omit exceptions contained in rules 2, 3, 10 and 11 of the code relating to foreign law enforcement authorities and foreign telecommunications laws
• alter the Code’s controls on electronic directories of subscribers so that searches may be made by reference to name alone
• require telecommunications agencies that publish subscriber directories on the Internet to take steps to inform affected subscribers and to act promptly to remove details when subscribers withdraw authorisation
• make several minor changes of a technical nature or to correct errors.
Other codes in effect in New Zealand Privacy Act are the Health Information Privacy Code 1994, revised edition 2000; the Justice Sector and Unique Identifier Codes for the Justice Sector (1998); Superannuation Schemes (1995) and Post-compulsory Education (2001). A Credit Information Privacy Code – issued by the Commissioner as a draft for consultation in July 2003, has not progressed.
New South Wales
There has been little substantive change to the range of Codes and Directions which provide additional exemptions from the effect of the Privacy and Personal Information Protection Act 1998 (PPIPA). The Privacy NSW website lists 11 active Codes and 8 currently operating Directions – all of which have simply rolled over previous Directions for another ‘temporary’ period – seven of them until 31 December 2004, with the Direction for the Infringement Processing Bureau (currently controversial for other reasons) due to expire on 30 September Given the resource crisis at Privacy NSW reported in previous issues, it seems unlikely that there will be any further rationalisation of the messy exemption situation in the immediate future.
Private sector codes under the Privacy Act 1988
There are three registered Codes of Practice under Part IIIA of the Act which have replaced the National Privacy Principles. The approved Codes are the General Insurance Privacy Code , the Clubs Queensland Industry Privacy Code , and the Market and Social Research Privacy Principles . There is no requirement for an annual report from the Code Administrators for the Clubs Queensland and Market Research codes, as they do not have separate Code Adjudicators. The websites as at 21 September 2004 show that there are 41 signatories to the Clubs Code and 90 to the Market Research Principles.
The Administrator for the Insurance Code – the Insurance Enquiries and Complaints Limited – did submit the required report for 2002-03 which is summarised in the IEC’s Annual Review for 2003 available on its web site . The Review also includes a report on the activities of the IEC Privacy Compliance Committee8, which is the Code Adjudicator, acting as a ‘first tier’ external complaints body standing between insurers’ internal processes and the Privacy Commissioner. As at 21 September 2004 there were 24 signatories to the General Insurance Privacy Code.
Other Codes under consideration
The three Codes submitted to the Privacy Commissioner but still under consideration are the Biometrics Privacy Code9, the Internet Industry Association (IIA) Privacy Code and the Australian Casino Association Privacy Code . The latter two were submitted more than a year ago, and the Biometrics Code in May 2004. The OFPC is understood to be actively working on the Biometric Code. No further information as to progress with the other two submitted codes has been made available by OFPC or the Code authors.
Nigel Waters is Associate Editor of PLPR <firstname.lastname@example.org>
 See http://www.health.gov.au/pubs/nhpcode.htm
 It is assumed that the NSW Health Privacy Code of Practice is affected by the commencement on 1 September of the Health Records and Information Privacy Act 2002, although the website has not yet been updated
 http://www.amro.com.au/privacy_advice.htm  http://www.iecltd.com.au/
 The author declares an interest as the consumer member, since its inception, of the IEC Privacy Compliance Committee.