Background to the Privacy Act 1988 (Cth)
The Privacy Act was passed by federal Parliament at the end of 1988. The Act gave effect to Australia's agreement to implement Guidelines adopted in 1980 by the Organisation for Economic Cooperation and Development (OECD) for the Protection of Privacy and Transborder Flows of Personal Data, as well as to its obligations under Article 17 of the International Covenant on Civil and Political Rights.
The Act had a two-pronged objective: the protection of personal information in the possession of federal government departments and agencies and safeguards for the collection and use of tax file numbers (the latter connected with the up-grading of the tax file number system following the demise of the 'Australia Card' proposal). Eleven Information Privacy Principles (IPPs), which are based on the OECD guidelines, set out strict safeguards for any personal information that is handled by federal government and ACT government agencies. The IPPs principally cover the collection, storage, access, use and disclosure of this information. The ACT government agencies became bound by the Privacy Act through the passing of the Australian Capital Territory Government Service (Consequential Provisions) Act 1994 (Cth).
In December 2000, the Privacy Amendment (Private Sector) Act 2000 (the Amendment Act) was passed by federal Parliament and extended coverage of the Act to most private sector organisations. The new scheme came into effect for most organisations covered by the Privacy Act on 21 December 2001. See Information Sheet 1-2001 Overview of the Private Sector Provisions.
The National Privacy Principles (NPPs) in the Privacy Act set out how private sector organisations should collect, use and disclose, keep secure, and provide access to personal information. The principles give individuals a right to know what information an organisation holds about them and a right to correct that information if it is wrong. The Privacy Commissioner has written Guidelines to the National Privacy Principles to assist private sector organisations to meet their obligations in the handling of personal information. A series of Information Sheets has also been developed and provides more detailed explanations and good practice or compliance tips on various aspects of the NPPs and the Private Sector provisions.
Other additions to the Privacy Commissioner's jurisdiction
The Privacy Amendment (Private Sector) Act 2000 has been one of many additions to the Privacy Commissioner's jurisdiction since the Act began in 1988. Interim Tax File Number Guidelines were contained in the Privacy Act and came into effect 1 January 1989.These were replaced with the Tax File Number Guidelines 1990 which came into effect October 1990. The 1990 Guidelines were replaced with the Tax File Number Guidelines 1992 which came into effect 21 December 1992. The 1992 Guidelines were replaced with the Tax File Number Guidelines 2011 which came into effect December 2011
In 1989, the Commissioner was given functions in relation to spent convictions information. The following year two major additions were made in the areas of credit reporting and data matching. The credit reporting jurisdiction was the first major extension of the Act to a private sector area of activity and generated significant involvement with the private sector in the development of legally-binding rules for the handling of credit information. The data-matching jurisdiction led to the creation of a separate unit within the Commissioner's office (located in Canberra) dedicated to the oversight of the Commissioner's responsibilities under the Data-matching Program (Assistance and Tax) Act 1990.
The Privacy Commissioner acquired additional functions under amendments to the National Health Act (passed in 1991) section 135AA, in relation to guidelines to safe guard personal information provided for the purposes of the Pharmaceutical and Medical Benefit Schemes.
A new function was conferred on the Privacy Commissioner by the Telecommunications Act 1997 (Cth) in relation to records made by telecommunications carriers, carriage service providers and others of their disclosures of customer information. The Act also provides for industry codes and standards of conduct in a range of consumer protection areas, including privacy. The Commissioner must be consulted on any privacy codes and standards.
In 2012, a new function was conferred on the Information Commissioner by the Personal Property Securities Act 2009 (Cth) (PPS Act) in relation to personal information contained in the Personal Property Securities Register. Under s 28B of the Privacy Act, the Information Commissioner has the power to investigate an act or practice that may be an interference with the privacy of an individual under subsection 157(4) or 173(2) of the PPS Act.
Passage of the Privacy Bill - Submissions to Parliament
- Privacy Commissioner's submission to Senate Legal and Constitutional Legislation Committee Inquiry into the provisions of the Privacy Amendment (Private Sector) Bill 2000 (September 2000) - PDF
- Privacy Commissioner's submission to Senate Select Committee on Information Technologies, Inquiry into E-Privacy (July 2000) - PDF
- Privacy Commissioner's submission to Inquiry into the Privacy Amendment (Private Sector) Bill 2000 by the House of Representatives Standing Committee on Legal and Constitutional Affairs (25/5/2000) - PDF