Skip to main content


Annual Report 1999-2000: Privacy

to 1999 - 2000 Annual Report Contents

Annual Report 1999 - 2000

Malcolm Crompton, Privacy CommissionerPrivacy

Statement of the Privacy Commissioner

I have pleasure in
presenting the twelfth Annual Report on the operations of the Privacy
Act 1988 for the year 1999-2000. The year past has been a challenging
and productive year for the Office.

In our modern democratic
society our individual privacy is an issue that is taken for granted.
However, the year that has just past has seen a re-emergence of privacy
as a key issue for the community. Much has happened that has re-kindled
the privacy debate including issues such as the establishment of large
databases of personal information in the private sector, whether criminal
record information should be published on the Internet, the use of public
register information by government, the way in which forensic DNA information
should be collected, matched and stored and the publication of a "first
draft" of the human genome.

Privacy is clearly
perceived by Australians as a fundamental human right, and a right we
are eager to preserve in a rapidly changing global environment. As always,
the challenge in the debate is to balance this important human right with
our rights and responsibilities as members of a civil society; that is,
the right to privacy must be balanced against factors such as the need
to maintain a free flow of information through the media and elsewhere
and the importance of ensuring government and business are able to achieve
their objectives in an efficient way.

A significant development
in Australia has been the introduction to Parliament of the Privacy Amendment
(Private Sector) Bill 2000 (the Bill). Over the last year the Office contributed
to the development of the Bill in a number of ways, including providing
several key submissions on its development. The last of these submissions
during the year was to the House of Representatives Legal and Constitutional
Committee, which reviewed the Bill at the request of the Attorney-General.

In that submission
I welcomed the Government's move to extend privacy legislation to the
private sector by introducing the Bill. This is an important development
for the community, as it would introduce privacy law for the private sector
and establish a framework to protect personal information held by private
sector organisations. This is particularly relevant today with the rapid
growth in Australian and Global organisations' utilisation of information
handling technologies. There is ample evidence to show that all consumers
expect to have control over their personal information and to be able
to protect their privacy with minimum inconvenience. Without this control,
consumers are unlikely to be willing to participate fully in the developing
information economy.

As stated in my submission
to the Committee, I believe that the fundamental approach presented in
the Bill is sound. However, the Bill also contained a number of exemptions
that I believe need careful consideration by Parliament so that the appropriate
balance is achieved for the community.

Of these, the exemption
for political organisations is of particular concern. If we are to have
a community that fully respects the principles of privacy and the political
institutions that support them, then these institutions themselves must
adopt the principles and practices they seek to require of others. The
challenges faced by politicians in appropriately respecting individual
privacy are no different than those faced every day by many other professions,
including the health professions. I firmly believe that political organisations
should follow the same practices and principles that are required in the
wider community.

In the submission,
I also drew attention to the issues raised by other exemptions. The Committee
sought to address these concerns in many of its recommendations. Clearly,
the challenge now put to the Parliament is to reach a balance that reflects
community expectations. I will look forward to contributing to that debate
in the year ahead. Chapter 2 deals with the Bill at greater length.

While the Office
has been focusing on these new developments, it has also continued to
work on improving compliance with the current legislation. These current
responsibilities have also raised new challenges. Many of these are questions
arising from new uses of information enabled by new technologies, including
the Internet and data mining. The involvement of the Office in assessing
the privacy implications of the new taxation system resulted in decisions
to change the new tax legislation so that information provided by people
for the purpose of obtaining an Australian Business Number would be better
protected. Similarly, the Office investigated the provision of an electronic
copy of the electoral roll, by the Australian Electoral Commission, to
the Australian Taxation Office for mail-out purposes. Recent public debate
indicates that the community is apprehensive about the use of public registers,
including the electorate roll, for purposes other than the purpose of
collection. This is particularly so when there is some compulsion to provide
information to the government for these registers.

Similar community
concerns were expressed following the launch of commercial on-line databases
that made personal information, such as convictions and debt, publicly
available. While the Office's jurisdictional involvement with such databases
was from a credit reporting perspective, I have expressed my general concern
about the use they are making of sensitive information collected from
court reports and other publicly available information. This again raises
the question of how the community expects publicly available information
to be used. The Office intends to undertake some research into this area
in the year ahead.

Debate about privacy
on-line for Australians using the Internet has escalated in the past year.
Questions have arisen with respect to appropriate behaviour for businesses
operating online, consumers seeking to transact and preserve the privacy
of their personal information online, and employers and employees trying
to work out rights and responsibilities in relation to e-mail protocols.
The Office has worked consistently on these issues, building on the Guidelines
on Web Browsing and Privacy released in 1998-1999, by developing Guidelines
on Workplace E-mail, Web browsing and Privacy in 1999-2000. The guidelines
were launched by the Attorney-General in March 2000. These guidelines
advocate building an environment of trust between employers and employees
and were the most frequently downloaded item from the Office website in

Personal health information
can be intensely intimate information about the fundamentals of an individual's
life. Its misuse can also cause great harm. For these reasons alone, it
is very important to protect this information appropriately and to ensure
that people have a reasonable level of control over their health information.
With public debate increasingly focusing on Health Providers' management
of information, the government has been concerned to review mechanisms
that can be used to protect such information while at the same time ensuring
that health consumers have access to services made possible through powerful
new technologies. At the Attorney-General's request, I provided advice
on the appropriateness of the National Privacy Principles [1]
as a tool to protect personal health information. This advice was based
on broad consultation with key health organisations and has been addressed
in the development of the current amendments to the Privacy Act 1988.

Given the range of
work that the Office is undertaking both in our current jurisdiction and
with the development of the private sector legislation we need to ensure
that our efforts are well focused. To that end, over the last year the
Office undertook a significant strategic planning process designed to
prepare us for our extended role.

The Attorney-General
launched the Office's strategic plan in March 2000. The Plan commits the
Office to achieve results in the key areas of:

  • establishment
    of the Privacy Connections network that will support organisations
    and individuals in the development and implementation of privacy solutions;

  • development
    of a comprehensive understanding of current community perceptions
    of privacy to ensure the solutions we develop are meeting the needs
    of our clients;

  • ensuring that
    strategic themes are reflected in the job roles of everybody in the
    Office; and

  • ensuring that
    the Office is ready and prepared to implement the new legislation.

Even though the plan
was only launched in April 2000, the key result area relating to the roles
and skills of the Office is now completed. With this fundamental strategy
complete, work on the remaining strategies has already commenced. This
preparatory work meets a commitment made in last year's annual report.

With all that is
happening within Australia it is important that we do not lose sight of
what is happening internationally. Clearly, the increasing awareness and
concern within the Australian community of privacy issues reflects similar
developments elsewhere.

In 1995, the European
Union (EU) passed a directive[2] that restricts the transfer
of personal information from member countries to other countries unless
adequate privacy safeguards are in place. In part, the government's private
sector privacy legislation aims to provide those safeguards for Australian
companies, ensuring Australian access to international markets.

It has been very
interesting to watch the United States of America move from a self-regulatory
environment to one potentially covered by a great deal of privacy law.
Consumer reaction to privacy intrusions by a number of key online organisations,
for example, Double-Click, and the sale of personal information held by
failed Internet companies has placed the issue firmly on the agenda. The
US Federal Trade Commission has called on the American Congress to enact
new laws regarding online privacy. This represents a significant change
of emphasis, and privacy has become an election issue in the USA.

Seeking an answer
to the EU Directive in a currently unregulated environment, the US Government
entered into "Safe Harbor" discussions with the EU. Once negotiations
are complete, US companies that meet "Safe Harbor" requirements for protecting
information would be granted the right to transfer and use data on European

The 21st International
Data Protection Commissioners' Meeting held in Hong Kong in September
1999, saw online privacy assurance programs as a key issue, and established
a working group (of which I am a member) to consider the effectiveness
of such programs in promoting good privacy practice. We will deliver a
report on the project to the 22nd meeting in Venice in September 2000.

Looking Ahead 2000-2001

I believe that the
next twelve months will see the community focus even more on the privacy
issue. The Office will focus on the development of privacy schemes for
the private sector, and also continue our work in supporting privacy rights
and responsibilities in relation to Federal Agencies, Credit Reporting
Agencies, and users of Tax File Numbers. The Office is also likely to
contribute significantly to the appropriate protection of health information
stored electronically.

The Strategic Plan
will guide the Office throughout the year. It will continue to evolve
and as we implement the strategies the Office will focus on the subsequent
key results to be achieved for the years ahead. With the passing of the
Privacy Amendment (Private Sector) Bill 2000, I anticipate that a key
strategy will develop in relation to a communication program to inform
Australians of their privacy rights and responsibilities, and the role
the Office can play in developing privacy solutions.

For next year, however,
the Office will focus on developing the Privacy Connections network into
a vibrant resource, and improving our appreciation of community perceptions
of privacy, and best practice privacy solutions.

I would like to note
that 1 July 2000 marks the formal commencement of our Office as the new
Office of the Federal Privacy Commissioner. The formal separation of the
Office from the Human Rights and Equal Opportunity Commission is based
on sound administrative principles and will ensure that the Office can
give best effect to the proposed private sector legislation. We acknowledge
the significance of our relationship with the Commission and the importance
this has played in recognition of privacy as a fundamental human right.

The National Privacy Principles are as set out in the Privacy Amendment
(Private Sector) Bill 2000, and are developed from the National Principles
for the Fair Handling of Personal Information as issued by the Office
in 1999.

1995 European Union Directive on the Protection of Individuals with Regard
to the Processing of Personal Data and on the Free Movement of Such Data,
issued 24 October 1995.

updated 1 December 2001.