Home | Databases | WorldLII | Search | Feedback Privacy Law and Policy Reporter

Privacy Law & Policy Reporter --- "Private Parts" [2004] PrivLawPRpr 42; (2004) 11(3) Privacy Law and Policy Reporter 90

Private Parts

Compiled by Graham Greenleaf

Tasmania’s privacy Bill half-baked

A Personal Information Protection Bill 2004 was introduced into the Tasmanian Parliament by the Minister for Justice and Industrial Relations, Judith Jackson on 21 September 2004.

The Bill has both familiar and unusual features. It has a set of personal information protection principles (PIPPs) (Schedule 1) which are based closely on the National Privacy Principles found in the Commonwealth private sector, Victorian and Northern Territory legislation. The Bill applies only to the Tasmanian public sector, namely a public sector body (as defined), a council or the University of Tasmania (‘personal information custodians’), any contractors who deal with them in relation to personal information, and any prescribed bodies.

Most disappointing, the Bill does not provide any means my which a complainant can obtain a decision enforcing observance of the PIPPs. The Bill does not create any separate privacy or information Commissioner, and nor does it have any provision for enforcement of the PIPPs by an administrative decisions tribunal (unlike NSW, Victoria or the NT), or the Courts.

Instead, the Ombudsman can investigate complaints of PIPPs breaches, but if he concludes that a PIPP has been contravened, he can only make recommendations to complainant and respondent (s22). However, where he does so, his conclusion and recommendations must be given to the Minister (s22(2)), who must then table both within five sitting days (s22(3)). There is thus a strong incentive for agencies to resolve complaints before they get to the stage of a formal finding of breach and recommendation by the Ombudsman. While this may have some effectiveness, there are dangers of identification of and publicity about the complainant (which the Bill does not address). Parliamentary naming also seems like a blunt instrument of enforcement wherever a breach occurs, and its effectiveness will be difficult to measure.

The proposed approach is no substitute for providing enforceable privacy rights as has been done in four other Australian jurisdictions. In a small jurisdiction like Tasmania the Ombudsman might be the appropriate agency to undertake investigation and mediation of privacy complaints, but this should be supplemented by access to a tribunal or Court when mediation fails, not only Parliamentary ‘name and shame’.

The Bill contains a raft of exemptions, including: for judicially-related purposes (s7); for any ‘public information’ (s8); for law enforcement information (s9); for employee information (s10); for the collection of unsolicited information (s11); and for the disclosure of ‘basic information’ between public agencies (s12), among others. The Minister can make determinations granting more exemptions if satisfied concerning public benefit (s14).

While it deserves closer analysis, this Bill seems like a step backwards in the development of privacy protection in Australia, and may be the weakest legislative proposal on privacy put forward in Australian in the last decade. The Bill is at http://www.parliament.tas.gov.au/bills/pdf/52_of_2004.pdf

Federal Act review timetable

Federal Privacy Commissioner Karen Curtis and OFPC staff outlined the proposed timetable for the review of the private sector provisions of the Privacy Act 1988 at a meeting of a ‘consultative group’ at a meeting in Sydney on 9 September:

• Issues paper to be released second week of October

• Consultation/submission period about 2 months

• Some public and private meetings during this period

• Consultative group to meet again mid-November

• Submissions to close in December, possibly just pre-Xmas

• Discussion of draft Report with consultative group

• Report to government in February/March 2005, unless some extension of time is provided

The consultative group was drawn mainly from the business sector, plus a few ‘consumer’ representatives, of whom more are to be invited to join the group.

Victorian workplace privacy

Two models for regulating workers’ privacy have been put forward by the Victorian Law Reform Commission in an options paper released on 24 September.

The Commission has settled on two models. chosen because they both fulfil the Commission’s three goals for this review:

• To ensure minimum standards of privacy protection for workers without unduly limiting the ability of employers to run their businesses.s.

• To protect workers’ privacy in a way that is sufficiently flexible to accommodate the needs of different workplaces.

• To create mechanisms that ensure compliance with the selected regime.

Models proposed during the consultation process or were found in another jurisdiction were tested using these goals. The final options chosen achieve the three goals described above but in different ways and to different degrees.

Option One: A separate Act that would require employers to seek authorisation in advance from a regulator before undertaking either some or all surveillance, monitoring or testing practices in the workplace. The Commission makes no recommendation about who the regulator should be.

The key feature of the Act would be to require employers to seek written authorization from a regulator before conducting some or all types of overt and covert surveillance, monitoring or

testing in the workplace. The Act could allow employer associations to apply for authorisations on behalf of their members where practices are commonly used throughout a particular industry sector (such as video surveillance in the retail sector).

Other features of this option could include:

• a process for notifying workers that an application for authorisation has been submitted to the regulator (with the exception of certain covert practice applications);

• a process for workers to be properly consulted about the application (either by the regulator or the employer);

• powers for the regulator to conciliate or hear disputes about the application between the employer and workers;

• a complaints-based mechanism;

• powers for the regulator to conciliate or investigate worker complaints, and to enforce the Act and authorisation conditions by having the ability to audit employers and issue compliance notices;

• an educative role to be fulfilled by the regulator; and

• removal of workplace surveillance issues from the Surveillance Devices Act 1999.

Option Two: A separate Act that would require employers to comply with a set of principles on how they implement and conduct workplace surveillance, monitoring and testing. This option would put more direct responsibility on employers, and may have less significant resource implications for government. Other features of this option could include:

• a code or codes produced by the regulator (or an equivalent, developed by industry and approved by the regulator) to provide practical details on how employers can comply with the principles in relation to particular practices— the codes would not be binding, but compliance with a code could be used by employers to defend themselves against worker complaints;

• a complaints-based mechanism with powers for the regulator to conciliate or investigate complaints about breaches of the principles;

• powers for the regulator to issue compliance notices for serious breaches of the Act;

• an educative role to be fulfilled by the regulator; and

• removal of workplace surveillance issues from the Surveillance Devices Act 1999.

Submissions to the Commission may be made up until 30 November 2004. The Final Report to the Attorney- General is intended to be completed in time for the autumn 2005 session of parliament. The options paper is available from the Commission’s website at

http://www.lawreform.vic.gov.au/

(Adapted from the Commission’s press release and options paper)

Undelivered email Bill delayed

For the third time, Australia’s federal Government has failed to succeed in changing the Telecommunications (Interception) Act 1979 concerning interception of undelivered email, SMS and voice mail messages. This time the Bill failed to pass because the Senate decided to adjourn for the election without debating that Bill , or numerous other Bills before it.

Post--election, if the then government wishes to proceed, the TI Bill will have to go through both the House and Senate again It could be ‘revived’ or re-introduced, but either way both houses will have to consider it. (See Odgers’ Australian Senate Practice Ninth Edition, 12.20 Revival of bills - http://www.aph.gov.au/senate/pubs/html/chap1220.htm).

(From information provided by Electronic Frontiers Australia (EFA))