Page 620 - Week 02 - Thursday, 20 March 2014

Next page . . . . Previous page . . . . Speeches . . . . Contents . . . . Debates(HTML) . . . . PDF . . . . Video


The bill marks a significant shift from the existing scheme of privacy protection established by application of the commonwealth Privacy Act 1988 as it stood in 1994 with some modifications. Since 1994 privacy legislation at the commonwealth level has changed but the legislation that applies in the ACT has not. Most recently, the new Australian privacy principles took effect from last Wednesday, 12 March.

The result has been confusion about the status of privacy laws in the ACT as well as the application of laws that are out of date and do not necessarily reflect the ACT situation. At the same time, the challenges and opportunities presented by digital transformation and the push towards open and efficient government mean that the amount of information being stored is greater than ever before and the pressures to share information are increasing.

The Australian Law Reform Commission recognised these challenges in its 2008 report, For your information: Australian privacy law and practice. The central theme of that report was that, as a recognised human right, privacy protection generally should take precedence over a range of other countervailing interests, such as cost and convenience, when agencies deal with personal information. Changing technologies, and social expectations about the nature of privacy, mean that it is not realistic to simply create blanket prohibitions on the collection and use of personal information. The right to privacy must necessarily be balanced against other individual rights and collective interests, such as freedom of expression and open government.

The Information Privacy Bill 2014 has been drafted to reflect changes to commonwealth privacy legislation that were introduced by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 of the commonwealth, which commenced on 12 March 2014. The changes to the commonwealth Privacy Act, which respond to the recommendations of the ALRC report, consolidate key privacy principles that apply throughout the whole of the personal information lifecycle, including collection, use, disclosure, storage, destruction and de-identification. These changes have been reflected in this bill to the extent that they are appropriate to the circumstances of the ACT.

The bill introduces eleven substantive territory privacy principles, which are consistent with the new Australian privacy principles. Another two general principles—principles 7 and 9—are included only as markers to maintain consistent numbering with the Australian privacy principles. They are not relevant to the ACT because they regulate direct marketing and the use of commonwealth government identifiers such as tax file numbers or Medicare numbers.

The eleven territory privacy principles will regulate the handling of personal information by public sector agencies in the ACT. The bill also requires public sector agencies to ensure that all contracts for services with private sector organisations include contractual clauses to ensure that the contracted service provider and any subcontractor does not do an act or engage in a practice which would be in breach of the Information Privacy Act.


Next page . . . . Previous page . . . . Speeches . . . . Contents . . . . Debates(HTML) . . . . PDF . . . . Video