1 February 2006

Privacy Commissioner Karen Curtis, has signed an instrument which will revoke the General Insurance Information Privacy Code effective on 30 April 2006.

"The privacy protection given to personal information held by general insurance companies is not weakened by the revocation of this code," said Ms Curtis.

"All insurers must still comply with the Privacy Act and my Office will continue to investigate alleged privacy breaches.

"Following a review of the Code in 2005, the Insurance Council of Australia (ICA) applied to me to have the Code revoked.

"The revocation of the Code does not reflect any problems with privacy compliance in the general insurance industry, nor with insurers that are presently bound by the General Insurance Information Privacy Code.

"I have been assured by ICA that revocation of the code does not mean that the general insurance industry has turned away from a culture of privacy. ICA members will continue to support, implement and observe the national privacy principles.

"ICA has also advised me that the commitment to the protection of the personal information of private individuals, which prompted the industry's establishment of the Privacy Code, will continue among all ICA member companies.

"To ensure a smooth transition in complaint handling, complaints made to the General Insurance Information Privacy Code adjudicator after 31 January 2006 will be referred to my Office and our complaint handling staff will consult with the complainant before agreeing to accept the complaint. After 30 April 2006, all complaints should be made directly to my Office," said Ms Curtis.

A feature of the Privacy Act is the option for organisations to develop their own privacy codes, which when approved, replace compliance with the National Privacy Principles (NPPs).

Where an organisation consents to be bound by an approved code, the code operates in place of the NPPs until the organisation ceases to be bound by the code. Where an organisation chooses not to adopt an approved code it will be bound by the NPPs.

The General Insurance Information Privacy Code, when it was initially approved on 17 April 2002, included provisions that complaints under the Code be handled by an independent adjudicator, rather than the Privacy Commissioner.

In March 2005 the Insurance Council of Australia commissioned a review of the Code, which was completed on 4 July 2005.

• 24 organisations had agreed to be bound by the Code;
• During the three years of implementation, the Code adjudicator received five complaints, and was required to make determinations in three of these complaints;
• Expenditure equated to $65,330 per complaint determined under the Code;
• During the same period, the OPC reported 82 complaints about the insurance industry.

As a result of the cost, the low number of privacy complaints, and the degree of industry take-up of the Code, the reviewer concluded that it could not be said that there was value in the continued operation of the Code.

On the basis of the findings of the independent review, and the request by the ICA, the Privacy Commissioner decided to revoke the Code under section 18BE of the Privacy Act.

The Revocation and Explanatory Statement will be available on the Office's website at http://www.privacy.gov.au/business/codes/#code and lodged on the Federal Register of Legislative Instruments located at www.frli.gov.au.