The Privacy Commissioner has released her report on the private sector provisions of the Privacy Act.
“While I have made a number of recommendations I believe that there
is no fundamental flaw with the private sector provisions in the
Privacy Act,” she said.
“The overall effect is that the National Privacy Principles have
worked well and delivered to individuals protection of personal and
sensitive information in Australia in those areas covered by the Act.
“The Report contains 85 recommendations stemming from a balanced and
pragmatic examination of the Privacy Act, within the terms of reference
set by the Attorney General,” said Ms Curtis.
“The submissions also made it clear that the health sector would
particularly benefit from national consistency and I have therefore
recommended that a national health code be implemented across federal,
state and territory levels.
“Another issue highlighted in many submissions was the need to raise
the privacy awareness of organisations and individuals and therefore a
number of my recommendations address this issue. Those recommendations,
if implemented, would form the ‘lynch pin’ of an improved privacy
scheme that would benefit individuals while recognising the right of
businesses to achieve their objectives in an efficient way.
“Consumer control over personal information, a key feature of the
private sector amendments to the Privacy Act, was addressed in the
Review. I have recommended that the control that individuals have over
their personal information be strengthened, particularly in relation to
information collected about them indirectly or used or disclosed for
other purposes such as direct marketing.
“Simple steps that could be taken to make this happen include
measures to promote clearer and more easily understood privacy notices
and a general opt-out right for all direct marketing approaches.
“The report also contains recommendations about the small business
exemption with the aim of simplifying its application while suggesting
that some sectors that handle large volumes of personal information,
such as internet service providers for example, should be covered by
the private sector provisions.
“Because of their complexity, the issue of privacy and research, in
particular medical research, and privacy and new technologies warrant
further debate. The main recommendation on these issues is that they
should be considered in the context of a wider review of the Privacy
Act.
Other recommendations relate to residential tenants and deceased persons:
The Australian Government should advance as a high priority the work
currently being undertaken by the Working Group on Residential Tenancy
Databases of the Ministerial Council on Consumer Affairs/Standing
Committee of Attorneys-General.
Deceased persons: If the National Health Privacy Code is adopted into the Privacy Act
(see recommendation 13), then protection for health information under
these provisions would extend to deceased persons. Also, the Australian
Government’s response to the Australian Law Reform Commission and the
Australian Health Ethics Committee’s inquiry into the protection of
human genetic information in Australia may have implications for the
Privacy Act. In addition, the Australian Government should consider as
part of a wider review (recommendation 1) whether the jurisdiction of
the Privacy Act should be extended to cover the personal information of
deceased persons.