Welcome

I begin by acknowledging the traditional owners of this land their Elders, both past and present, and their connections with this land.

Senator Faulkner, distinguished guests, ladies and gentlemen, I am pleased to welcome you all to another Privacy Connections forum for compliance professionals in the private sector.

Our last Privacy Connections Forum was in July 2007 when we heard from Peter Cullen, the Chief Privacy Strategist at Microsoft, regarded as a pre-eminent privacy practitioner. I know many of you were present then.

Continuing our commitment to providing compliance professionals with an opportunity to hear key thinkers and decision makers offer their perspectives on privacy issues, I am delighted that Senator Faulkner has agreed to be our keynote speaker at today''s forum.

This forum marks two important events in the history of privacy in Australia: 20 years of the Privacy Act and the launch of the inaugural Australian Privacy Awards and the Australian Privacy Medal.

1988 saw the passage of federal legislation to protect the way the Commonwealth collected, used, stored and disclosed personal information.

[Indeed 1988 was a watershed year in Australia -

• Our population reached 16 million
• We celebrated the 200 years of European settlement
• We hosted World Expo 88 in Brisbane
• The Holden Commodore was born
• The first episode of Home and Away aired
• Dustin Hoffman won an academy award for Rainman, and
• Appropriately once we had privacy legislation passed, Grammy Award winner Bobby McFerrin told us Don''t worry, be happy.]

Australia until 1988 had no legislation governing the handling of personal information by government agencies. Since that time the Act has been amended to widen its coverage, most significantly to cover credit reporting agencies and credit providers in 1990 and the private sector in 2001.

While I am happy, particularly in today''s digital world, that in Australia we have in place protections for personal information, I am worried that the Privacy Act continues to remain technologically relevant.

Twenty years ago, one could not have imagined the sheer range and scope of technologies that were to evolve and how they would influence our daily lives.

[I also remember in Canberra in 1987 when PCs were appearing on about every tenth desk, that I thought I wouldn''t need one. After all, there would always be a typing pool to type up my work. But I moved to Brisbane in 1988 to work at EXPO 88 and when I returned to work in Canberra in May 1989, not only was there a PC on everybody''s desk, but there was no typing pool!! How quickly times change.]

Likewise, no one had, for example, imagined doing banking transactions via a computer from the comfort of one''s home or office or indeed their mobile telephone.

It is interesting that the Australian Law Reform Commission''s 1983 report on privacy - which led to the development of the Privacy Act - discusses how, and I quote:

''personal computers may provide effective safeguards for privacy because they are not interconnected - the information they store may be available only to a few''.

With the advent of the commercialisation of the Internet in the early 1990s, the ability for personal computers to be linked together to transfer information across town, across Australia and around the globe at the touch of a button became a reality, and the world has changed irrevocably as a result.

Over the past 20 years, the Act has, I believe, managed to strike a good balance between protecting the privacy of Australians while not being overly burdensome to organisations.

There is sometimes criticism that the Privacy Act can serve to limit effective commercial activity. On occasion, businesses have complained that compliance with the National Privacy Principles, or a particular NPP, can be too onerous and can stop the business from engaging in certain activities that some view as necessary in a competitive business environment.

My response to this is twofold:

Firstly, the Act itself recognises the cost of compliance. It is for this reason that many small businesses that do not handle large quantities of personal information are exempt from the Privacy Act.

Secondly, compliance with the Act and adoption of good information handling practices can enhance a business rather than being detrimental to a business. Good privacy is good business.

A business collecting more client information than it really needs, using or disclosing that information inappropriately, and failing to secure its databases may lose customers'' trust and of course risk brand damage and significant loss of market share.

My Office conducted a nation wide survey last year on Community Attitudes to Privacy which showed that over one-third of Australians have decided not to deal with a business or charity because of concerns over the way that organisation might handle their personal information.

Law reform

The Privacy Act is not a perfect piece of legislation. However, it has generally served Australians well. But, having said this, there is no question that it needs to be reviewed 20 years on. There is certainly scope for enhancing the protections it offers, particularly in addressing the impact of technology in the 21st century.

Using an analogy, our privacy legislation is a bit like a building. So, an office block built in 1988 may be adequate and indeed fine for its tenants. But, 20 years on, the tenants would expect while the foundations to be still solid, that other elements would need to meet current community expectations about environmental and safety standards, and be refurbished and possibly have 21st century décor.

That way the office block would continue to meet the needs of its tenants in the years ahead; much like the Privacy Act must continue to meet the needs of Australians in the years ahead.

We have the review and refurbishment of our act underway. In January 2006 the Australian Law Reform Commission received terms of reference from the then Attorney-General to conduct a comprehensive inquiry into the Privacy Act. Since that time the ALRC has undertaken a consultation process and has released two Issues Papers and a Discussion Paper. The ALRC''s final report and recommendations are due at the end of May.

This review has truly been a once in a generation opportunity to enhance the consistency and effectiveness of privacy regulation.

My Office has made a significant contribution to the review process. Many of you will have read my Office''s three major submissions to the review (totalling about 1500 pages!), or the articles about our various positions that have appeared in the media.

I would not be doing our submissions justice by attempting to summarise them in the space of only a few minutes.

However, let me take just one of our positions if I may. It is, perhaps, the most fundamental of all of them - national consistency.

At present, organisations can have privacy obligations under several laws, which can create significant confusion for members of the public and the organisations themselves.

The current national framework of privacy regulation has inconsistencies, including:

• differing privacy principles for the Australian Government and the private sector;
• possible overlap with state and territory laws; and
• inconsistencies with other Commonwealth legislation, such as with the Telecommunications Act.

National consistency with other Commonwealth and State laws, and internal consistency within the Privacy Act would minimise government and private sector compliance burdens and allow individuals to better understand and exercise their rights.

The desirability of privacy protection principles being uniform across Australia is also a key term of reference for the NSW Law Reform Commission's review of privacy.

There are a number of ways that current privacy regulations could be harmonised. These include:

• adopting a single set of privacy principles to replace the Information Privacy Principles for the public sector and the National Privacy Principles for the private sector, which can be uniformly adopted across federal, state and territory jurisdictions;
• ensuring that privacy regulation of health and credit and other areas of heightened sensitivity are kept within the uniform principles framework;
• ensuring that privacy protections in state and territory jurisdictions are consistent with, and at least equivalent to, the Privacy Act;
• providing greater guidance on the operation of existing laws, and how they relate to other regulations; and
• enhancing powers to enable regulators, including my Office, to cooperate more effectively.

I am sure that the ALRC Review, the Government''s response, and ultimately the legislative response will deliver a first class privacy regime.

It is my belief that the Privacy Act will continue to be a solid foundation for the protection of Australians'' personal information in the years ahead. And I''ll be happy and I won''t be worried!

Awards Launch

Aside from the 20 year anniversary of the Privacy Act, we are also marking another important milestone for privacy in Australia: The launch of the first ever Australian Privacy Awards program and the Australian Privacy Medal.

Other private sector organisations overseas - such as the International Association of Privacy Professionals - run privacy awards programs. To my knowledge though, no other privacy regulator runs a program on the scale of our Awards, covering organisations in both the public and private sectors.

It is exciting that Australia will be the first privacy regulator worldwide to launch such a program that recognises good privacy performances and practices.

The idea of an Awards program has been on my mind for some time now. One of the functions of my Office is to promote awareness of the Privacy Act and to promote compliance with its principles.

As I mentioned earlier, good privacy is good business and increasingly many businesses recognise this, including many of you in this room, but how can this message be conveyed more broadly to the marketplace?

One way is by recognising and rewarding businesses, industry bodies, charities, NGOs, advocacy groups, community organisations and government agencies for their good privacy practices, it encourages others to follow in their footsteps.

I have no doubt that the future winners of the Awards - and their privacy compliance staff - will become the role models for many other organisations.

Awards will be given in four categories:

1. The Large Business Award is for businesses with more than 100 employees.
2. The Microsoft Small to Medium-sized Business Award is for those with less than 100 staff.
3. The Community and NGO Award is for sporting and community groups, NGOs, charities, industry bodies, and advocacy groups.
4. The Symantec Government Award is for Federal, State and Local government agencies.

And an overall Grand Award will be presented to the most outstanding entrant.

The Awards will be presented at a Gala Presentation Dinner to be held in Sydney on Wednesday evening, 27 August, during Privacy Awareness Week.

At the Dinner we will also be presenting the Australian Privacy Medal. This will be awarded to an individual who has made an outstanding contribution to the field of privacy in Australia.

If your organisation has engaged in a privacy project or initiative, or has adopted a privacy-enhancing system that you believe warrants broader acclaim, we want to hear from you. Aside from recognising your organisation for all its good work, the Awards can help to:

• enhance your organisation''s reputation among your customers, external audiences and other stakeholders;
• raise your organisation''s profile as a leader in the privacy field, and
• boost the morale of your staff.

For those of you with corporate clients, we also invite you to encourage them to enter the Awards.

If a member of your organisation or someone you know has made a major contribution to the Australian privacy field, then it would be terrific for them to be nominated for the Australian Privacy Medal. An individual can nominate themselves or someone else.

Copies of the nomination booklet for both the Awards and the Medal are available in the foyer. Information is also available on our website at www.privacy.gov.au.

I also mention the four Awards'' sponsors whose generous support makes this important initiative possible. Our Major Sponsors are Symantec and Microsoft, our Executive Sponsor is Clayton Utz, and our other sponsor is Australian Finance Conference. These organisations represent a cross-section of Australian industry.

Symantec is a leader in the security, storage and systems management field. Microsoft is a major player in the information technology area. Clayton Utz is one of Australia''s leading law firms. And the Australian Finance Conference is the representative body for the finance industry.

All of these organisations have shown leadership in the privacy compliance field and I thank them for their generous support. I am pleased to welcome today representatives from all of these organisations.

Introduction to the Minister

To mark 20 years of the Privacy Act and to officially launch the Australian Privacy Awards 2008 and the Australian Privacy Medal 2008, it is my pleasure to call on our Minister, Senator the Hon John Faulkner.

In December last year, Senator Faulkner was appointed Special Minister of State, Cabinet Secretary and Vice-President of the Executive Council.

As you may be aware, the Government has moved privacy and freedom of information from the Attorney-General''s portfolio to the Prime Minister and Cabinet portfolio. As a result, Senator Faulkner is now the Minister with oversight of privacy.

Since entering the Senate in 1989, Senator Faulkner has held a number of ministerial roles, including: Veterans'' Affairs; Defense Science and Personnel; the Environment, Sport, and Territories; and he was Manager of Government Business in the Senate for three years.

Senator Faulkner has also served as Leader of the Opposition in the Senate, and has held a number of shadow portfolios, including: Special Minister of State, Social Security, Home Affairs, Territories, Public Administration and Government Services, Olympic Coordination and the Centenary of Federation.

Please join me in welcoming Senator Faulkner.