• Commissioner's Message
• Checklist to help Agencies with Privacy Complaints
• Privacy Professionals mark NPP Anniversary
• Robin Banks appointed to Privacy Advisory Committee
• 60 Second Website Survey
• Memoranda of Understanding
• Diary Notes
• APEC Seminar takes on the Cross-Border Privacy Challenge
• Privacy Awareness Week goes International
• Records now at the Office's Disposal
• Recent Submissions

Privacy Matters - Archived Issues

Volume 1 Issue 2 Summer 2007

Commissioner's Message

Photo: Guest speakers the Hon. Philip Ruddock MP and Suzanne Pigdon at the NPP anniversary. Click here for details.

Strategic planning is vital to a vibrant accountable organisation. As Thomas Edison said, "there's a better way to do it, find it" and as Gloria Steinem said, "the future depends entirely on what each of us does each day".

In the latter half of 2006, the Office developed a strategic plan for 2007-2009. In developing the plan collaboratively, the Office has adopted a new strategic framework that recognises our changing environment and puts focus on the most important things we need to do to fulfil our mandate.

The new plan builds on the gains of the past plan and offers a vision for the coming years. Somewhat different in structure to the 2003 plan, which listed strategic themes and key result areas, the new plan focuses on goals, strategies and actions. The goals are:

1. High quality results
2. Increased awareness of privacy choices and obligations within the community
3. Robust relationships
4. A confident and competent workforce.

Underpinning these goals and all aspects of our work is a new vision statement, "An Australian community in which privacy is valued and respected", as well as a new purpose statement, "To promote and protect privacy in Australia".

I am confident that the Office will meet these goals over the coming years and continue to work towards creating an Australian community in which privacy is truly valued and respected.

Karen Curtis

Checklist to help Agencies with Privacy Complaints

The Privacy Act sets rules for Australian and ACT Government agencies in relation to handling personal information, and enables individuals to complain to the Privacy Commissioner if they think that their privacy has been interfered with. In the Office's complaint handling experience, the best and most efficient resolution of complaints often occurs when the complaint is dealt with at the first point of contact in the agency.

The Privacy Act reflects this philosophy by generally requiring complainants to first seek to have their complaints dealt with by respondents before asking the Privacy Commissioner to consider investigating. The Office's website currently provides tools such as the Complaint Checker and the translated Complaint Form to assist complainants to make their complaints.

We have now also developed a Complaint Checklist to assist Australian and ACT Government agencies to deal with privacy complaints. The Complaint Checklist helps agencies decide whether complaints relate to their handling of personal information, and if so, how they will go about dealing with the complaint in a manner which is transparent and accountable. We hope the checklist will also assist agencies to come to a view as to whether they have complied with the Information Privacy Principles (IPPs), and if not, what steps they might take to address the complainant's concerns. The checklist is not a substitute decision-maker, but a best practice tool for dealing with privacy complaints in an efficient, fair and effective way.

Before using the checklist, an agency may first want to consider the following issues:

• Are individuals able to complain to your agency? Does your agency provide feedback or complaint forms in printed and electronic form? Are those forms easily accessible, e.g. are they available in various languages and formats?
• If an individual complains, are they being heard? It might be possible to resolve a complaint prior to an investigation, especially where individuals just want to be heard and be offered a genuine apology.
• Does your agency have a culture of continuous improvement? Positive change often comes through recognition of problems.

Some of the main steps involved in handling a complaint, as set out in the checklist, include:

Considering whether the complaint relates to personal information handled by the agency.

• Contacting the complainant with a view to possible early resolution.
• Making and communicating preliminary findings.
• Assessing the complainant's response and considering what the complainant is seeking.

For the full checklist, go to our website at www.privacy.gov.au/government/officers/news.

The checklist was launched at the December 2006 Privacy Contact Officer meeting in Canberra.

The Office is encouraging agencies to use the checklist for a trial period of six months commencing in December 2006 and to complete a feedback survey on the checklist later this year. Agencies will also be invited to share their views about the checklist throughout the trial period. If the checklist proves to be successful, the Office would hope to produce a similar checklist for the private sector.

For further information about the application of the IPPs, agencies can visit our website at www.privacy.gov.au or contact us on 1300 363 992.

Note: Agencies should be aware that the checklist is designed specifically for privacy complaints. It is not intended to be a best practice tool for complaint handling generally. For guidance about complaint handling generally you may wish to consult the Australian Standard on Complaint Handling (AS 4269).

Privacy Professionals mark NPP Anniversary

The first event, a breakfast marking five years since the introduction of the National Privacy Principles, was held in Sydney on 23 November 2006. The 130 people in attendance heard presentations from the Attorney-General, the Hon. Philip Ruddock MP, Suzanne Pigdon, former Privacy and Advocacy Manager for Coles Myer, and the Privacy Commissioner. The presentations highlighted the importance of incorporating privacy laws into every-day business operations. Attendance at the recent APEC Privacy Seminar was also encouraged.

The event was extremely well received, with the Office receiving plenty of positive feedback and requests for further similar events. The breakfast provided a significant opportunity for networking between the Office and private sector privacy professionals. The Office will be hosting similar events in various States throughout 2007.

Memoranda of Understanding

Commonwealth Ombudsman

The Commonwealth Ombudsman, Prof. John McMillan and Privacy Commissioner, Karen Curtis at the signing of the MOU.

On 30 November 2006, the Privacy Commissioner and the Commonwealth Ombudsman, Prof. John McMillan, signed an agreement that allows for greater cooperation between their offices when dealing with privacy-related complaints.

The agreement facilitates the exchange of information, subject to the expectations of the individuals concerned, so that individuals with complaints can continue to have their concerns dealt with effectively and efficiently.

It aims to provide a smoother handling of complaints by avoiding unnecessary duplication between the two offices (e.g. where both offices are considering the same issue) and to provide Australians with an ongoing, high level of redress if they believe their privacy has been breached.

Department of Human Services

The Office has also recently formalised an agreement with the Department of Human Services (DHS) which allows for close consultation on privacy-related issues in the development and roll-out of the Health and Social Services Access Card.

The Office has entered into this agreement with the aim of ensuring that the Access Card includes an effective and comprehensive privacy framework.

Under the agreement, the Office will provide advice to DHS on the privacy implications of the Access Card system, participate in site visits with registration authorities to observe and analyse the privacy aspects of the registration process, and assist in the development of privacy-related information and educational materials.

Robin Banks appointed to Privacy Advisory Committee

The appointment by the Governor-General of Robin Banks to the Privacy Advisory Committee (PAC) for a three year term has been welcomed by the Privacy Commissioner. Ms Banks is the Chief Executive Officer of the Public Interest Advocacy Centre. Her wealth of experience, particularly in the community sector, will ensure that the contribution Ms Banks makes to the PAC will be significant.

"I am very pleased to have been appointed to the PAC, and I am particularly looking forward to providing advice from a consumer and human rights perspective," Ms Banks said recently. "I will also enjoy the opportunity to work with the other PAC members, who bring such a range of other interests and perspectives to the privacy field."

Ms Banks replaces Graeme Innes AM, who resigned from the PAC in 2006 following his appointment as Human Rights Commissioner. The PAC advises and provides strategic input to the Privacy Commissioner on privacy issues. For more information on the PAC, see our website at www.privacy.gov.au/act/pac.

Records now at the Office's Disposal

The Director-General of the National Archives of Australia, Mr Ross Gibbs, Privacy Commissioner Karen Curtis and staff at the RDA presentation ceremony.

On 15 August 2006, the Office was officially issued with a Records Disposal Authority (RDA) by the Director-General of the National Archives of Australia, Mr Ross Gibbs. At the RDA presentation ceremony held on 6 December 2006, Mr Gibbs and Ms Curtis especially acknowledged all the work Ms Chris Cowper from the Office had done to see the project to fruition.

The RDA outlines criteria for determining when records held by the Office can be disposed of. The Office's RDA Committee has commenced work on the implementation of the RDA by identifying files that can be disposed of. The Committee is also looking at the Office's information management systems and assessing whether improvements could be made.

APEC Seminar takes on the Cross-Border Privacy Challenge

As part of its role as host of APEC 2007, Australia recently held a two day seminar in relation to the implementation of the APEC Privacy Framework. The seminar was held in Canberra on 22-23 January.

The seminar brought together privacy experts, regulators, consumers, and representatives of government and business to discuss the challenging issues surrounding mechanisms for the development of Cross-Border Privacy Rules. The rules are envisaged to eventually be recognised within the APEC region. The practical implications of these rules for business, consumers and regulators were also discussed.

This seminar proved to be a valuable step towards the ultimate goal of facilitating the responsible and accountable transfer of personal information across APEC borders.

The next seminar in this series will be held in Cairns on 22-23 June 2007. More information on this upcoming seminar will be available through the Attorney-General's Department website at www.ag.gov.au/apec_privacy.

"As global business and e-commerce continues to become the norm, the APEC Privacy Framework offers us all the opportunity to develop regionally relevant cross-border privacy rules. Rules that stem from the willingness of governments and business to voluntarily come together in an effort to promote the common goal of good privacy practice.

Most importantly, however, we must recognise the diversity of our region and always be aware that the attainment of our common goal requires flexibility and cooperation. That is, flexibility in our own domestic implementation of this international framework, and the willingness to cooperate with each other, particularly on issues of compliance and enforcement."

Excerpts from the Privacy Commissioner's speech to the APEC 2007 Data Privacy Seminar, 22 January 2007.

Privacy Awareness Week goes International

Building on the positive response to Privacy Awareness Week (PAW) activities in 2006, PAW will be embraced across the Asia-Pacific region in 2007.

Members of the Asia Pacific Privacy Authorities (APPA) forum, which includes privacy authorities from across the region including Australia, New Zealand, Hong Kong and Korea, have agreed to make PAW 2007 a regional event.

PAW 2007 will provide a powerful opportunity to promote privacy awareness to agencies, organisations and the wider community across the Asia-Pacific region. It will also help to create a united voice among APPA members on privacy issues in the region.

Details on PAW activities will be released later in the year. For more information on the APPA forum, see our website at www.privacy.gov.au/international/appa.

Recent Submissions

The Office has made a number of submissions since the last newsletter, including in relation to the:

• Department of Human Services' exposure draft legislation (first tranche) on the Access Card
• Senate Legal and Constitutional Affairs Committee's Inquiry into the (now enacted) Anti-Money Laundering and Counter-Terrorism Financing legislation
• Queensland Law Reform Commission's Guardianship Review Stage 1 "Confidentiality in the Guardianship System: Public Justice, Private Lives"
• Attorney-General's Department's review of Australia's Mutual Assistance Law and Practice
• Senate Legal and Constitutional Affairs Committee's Inquiry into the (now enacted) Privacy Legislation Amendment (Emergencies and Disasters) legislation
• Treasury Department's discussion paper on the Taxation Secrecy and Disclosure Provisions.

To see the Office's submissions go to 'Submissions' on our website at www.privacy.gov.au/materials#S.

Diary Notes

• Australian Law Reform Commission: Review of Privacy - Credit Reporting Provisions (IP32): submissions close 9 March 2007
• Australian Law Reform Commission Privacy Inquiry - Public Meetings:
  • 19 March 2007, Sydney
  • April 2007, Coffs Harbour (day to be confirmed)
• Asia Pacific Privacy Authorities Forum: 20-21 June 2007, Cairns
• APEC Data Privacy Seminar: 22-23 June 2007, Cairns.

For more diary notes please visit our website at www.privacy.gov.au/news/calendar.

60 Second Website Survey

Have you completed our 60 Second Website Survey yet? Go to www.privacy.gov.au/survey/ and have your say.