Site Changes

On 1 November 2010 the Office of the Privacy Commissioner was integrated into the Office of the Australian Information Commissioner and a new website established at www.oaic.gov.au.

Note 1: Major changes to the Privacy Act 1988 will come into effect in March 2014. Agencies, businesses and not for profits need to start preparing for these changes. For more information go to our privacy law reform page at www.oaic.gov.au
Note 2: From 12 March 2013 content is no longer being added to, or amended, on this site, consequently some information may be out of date. For new privacy content visit the www.oaic.gov.au website.

Types

Topic(s):

Draft Annual Review of Regulatory Burdens; Submission to the Productivity Commission (July 2009)

document icon pdf (103.48 KB)

Mr Les Andrews

Assistant Commissioner, Regulation Stocktake

Annual Review of Regulatory Burdens on Business
Productivity Commission
GPO Box 1428
Canberra City ACT 2601

Dear Mr Andrews

Submission on Draft Annual Review of Regulatory Burdens on Business: Social and Economic Infrastructure Services

The Office of the Privacy Commissioner (the Office) appreciates the opportunity to make a submission to the Productivity Commission’s draft Annual Review of Regulatory Burdens on Business: Social and Economic Infrastructure Services (draft Annual Review). The Office understands that the draft Annual Review is the third such review undertaken by the Productivity Commission as part of a five year series of annual reviews which commenced in 2007.

The Office has identified several matters in the draft Annual Review which may raise privacy implications. These are discussed below.

Draft Annual Review: Chapter 2 – Aged Care

Draft recommendation 2.3 of the draft Annual Review proposes that a publicly available evaluation of the current police check requirements for aged care staff and volunteers be conducted to explore whether the benefits of the existing regime could be achieved in a less costly manner.

The Office suggests that in conducting such an evaluation consideration be given to individuals’ expectations that personal information about them will be adequately protected. This is particularly the case given the sensitive nature of the type of personal information involved. Under the Privacy Act 1988 sensitive information includes information relating to an individual’s criminal record. Criminal records go to a person’s fundamental reputation and integrity of character. The consequences of misuse or inappropriate disclosure are potentially serious and may include unjustified discrimination, stigmatisation or marginalisation. For this reason, care needs to be taken to protect the collection and handling of this type of information while achieving the important policy objective behind the police checks to protect the welfare of a vulnerable group in the community.

The Office suggests that a Privacy Impact Assessment (PIA) could be conducted as part of the evaluation process to examine the privacy implications arising out of the current police check requirements for aged care staff and volunteers and any proposed changes to that process. A PIA is a valuable tool which can assist in identifying and addressing the privacy implications associated with a particular project. Further information about PIAs can be found on the Office’s website at www.privacy.gov.au/publications/pia06/index.html .

Draft Annual Review: Chapter 4 – Information Media and Communications

Page 110 of the draft Annual Review contains a table (identified as Figure 4.3) which represents the key regulatory bodies in the information media and communications industry. The Office notes it has been omitted from this table.

The Office has an important role in the information media and communication industry’s regulatory framework. In addition to the NPP obligations imposed upon all private sector organisations in the industry, Part 6 of the Telecommunications Act requires that the Australian Communications and Media Authority (ACMA) consult with the Office on all industry codes and standards which directly or indirectly deal with a privacy issue.

Part 13 of the Telecommunications Act also sets out strict rules for carriers, carriage service providers and others in their use and disclosure of personal information. Under Division 5 of this Part carriers and carriage service providers are obliged to make records of disclosures of personal information including those disclosures authorised under the Telecommunications (Interception and Access) Act 1979 (Cth). Section 309 of the Telecommunications Act confers upon the Privacy Commissioner the function of monitoring compliance with the record keeping provisions contained in these provisions.

If you wish to discuss any aspect of this letter please do not hesitate to contact Mr Andrew Solomon, Policy Director, on (02) 9284 9708.

Yours sincerely

Karen Curtis

Australian Privacy Commissioner

July 2009