- If the NSWLRC's proposals translate into recommendations and are accepted by the NSW Government, then we may be one step closer to uniform privacy laws in Australia.
Late last year the Commonwealth Office of the Privacy Commissioner released its submission to the New South Wales Law Reform Commission ("NSWLRC") in relation to the review by the NSWLRC into privacy legislation in NSW. The Commissioner supported a number of the proposals made by the NSWLRC in its Consultation Paper on privacy law reform in NSW. This article briefly considers the main proposals from the Commissioner to harmonise State and Territory privacy laws with Federal legislation.
The key theme in the submissions made by the Commissioner was the importance of achieving greater national consistency in privacy regulation. The Commissioner considered that the goal of privacy law in Australia should be to achieve uniformity in privacy regulation across Commonwealth, State and Territory jurisdictions and that, at a minimum, there should be consistency in privacy protections across all jurisdictions. The Commissioner particularly welcomed the NSWLRC's proposal that privacy law reform in NSW should aim to achieve national uniformity.
A number of the key areas for reform discussed in the Commissioner's submission were the improvement of the regulation of health and information privacy and also the sometimes confusing distinction between the regulation of public and private sectors in privacy law. The Commissioner supported the proposals that would promote national consistency in privacy regulation and to amend the relevant NSW legislation to clarify that the Privacy Act 1988 (Cth) is the single source of obligation for privacy regulation within the private sector.
Overview of submissions
The Commissioner supported the following proposals from the NSWLRC's consultation paper.
- Proposal 1 - Reforms of New South Wales privacy law should aim to achieve national consistency.
- Proposal 2 - New South Wales should co-operate with the Commonwealth in the development of privacy principles that are capable of application in all New South Wales privacy legislation.
- Proposal 3 - New South Wales legislation should only apply to the handling of personal information by public sector agencies.
- Proposal 5 - The Health Records and Information Privacy Act 2002 (NSW) should be amended so that the handling of health information by private sector organisations is regulated under the Privacy Act 1988 (Cth).
- Proposal 6 - All state owned corporations should be covered by privacy legislation.
- Proposal 7 - The PPIPA should be amended to provide that where a public sector agency contracts with a non-government organisation to provide services for government, the non-government organisation should be contractually obliged to abide by the Information Privacy Principles ("IPPs") and any applicable code of practice in the same way as if the public sector agency itself were providing the services.
- Proposal 8 - If the PPIPA and the HRIPA are merged, the provision governing collection of personal information directly from an individual should contain the two exceptions currently provided for in IPP 2 together with a third exception currently provided for in HPP (Health Privacy Principle) 3, namely that information must be collected from the individual unless it is "unreasonable or impractical to do so".
The Commissioner further submitted that:
- the NSW Privacy Principles should include a principle
equivalent to the Commonwealth's proposed UPP 2.5 in that if an
agency or organisation receives unsolicited personal information it
- destroy the information without using or disclosing it; or
- comply with all relevant provisions in the UPPs as if the agency or organisation had actively collected the information; and
- if the entity retains the information it would need to comply with all relevant provisions in the UPPs. This includes, for example, informing the individual concerned that the collection has taken place and checking the accuracy of information obtained form third parties.
The PPIPA does not currently regulate the collection of unsolicited personal information to this degree, again producing inconsistencies between the Federal and State laws.
- there should be minimal exemptions under the Privacy Act 1988 (Cth). Exemptions in State or Territory laws should also be minimised and only be established where there are clear and compelling public policy reasons for doing so;
- there should be ongoing collaborations between governments to propose a statutory cause of action for invasion of privacy that could be uniformly applied across all jurisdictions;
- the collection of sensitive information should be more strictly regulated in New South Wales privacy laws than non sensitive personal information. Currently there are no additional restrictions. The Commissioner considers that any privacy principle regulating the collection of sensitive information should be equivalent to, and preferably uniform with, the relevant uniform privacy principle to ensure consistency; and
- the collection of sensitive information should be allowed if necessary to prevent a serious and imminent threat to the life or health of the individual concerned or another person.
The Commissioner strongly recommended that the main issues for improvement in the regulation of privacy laws are:
- the consistency across jurisdictions; and
- the lessening of the distinction between the regulation of the private and public sectors.
The Commissioner considered that harmonising the privacy principles would:
- reduce compliance difficulties for agencies and organisations;
- empower individuals to better understand and exercise their privacy rights; and
- help to promote clear and common understanding of privacy obligations across the community.
The NSWLRC will report in stages, with its first report likely to be released in the coming months. If the NSWLRC's proposals translate into recommendations and are accepted by the NSW Government, then we may be one step closer to uniform privacy laws in Australia. The Commissioner has welcomed the proposals for reform, however, it also strongly recommended that the best way forward for Australian privacy law is to have uniformity across the Commonwealth and all of the States and Territories.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.