Immediately following this guide, you will find the Commissioner's Overview for 2005-06 which includes a summary of significant issues, developments and achievements during the year, including key statistics as well as an outline for the year ahead for the Office.
The main chapters follow the Overview and the Annual Report is completed by the various Appendices, Glossary and Index.
Chapter 1 Respecting Privacy describes the Office's work for 2005-06 in providing advice on the privacy implications of legislation and government and private sector policy proposals that may have a significant impact on the handling of personal information.
Chapter 2 Promoting Privacy sets out the work the Office completed in promoting and educating key client groups on privacy issues. This includes liaising with key stakeholders in the private sector, networking with privacy contacts across Australian and ACT Government departments and agencies, handling media enquiries and assisting with speeches and presentations by the Commissioner and members of staff.
Chapter 3 Protecting Privacy records the work the Office undertook to encourage and enforce compliance with the Privacy Act. This includes handling enquiries, undertaking audits of Australian and ACT Government agencies, investigating complaints and conciliating disputes.
Chapter 4 Management and Accountability contains an overview of the Office's administrative arrangements, management of human resources and corporate governance.
The appendices contain information required under specific legislation together with any other useful material. These can be found following on from Chapter 4.
The Office of the Privacy Commissioner audited Financial Statements for 2005-06 are located immediately following the Appendices. The Glossary and Alphabetical Index can also be found at the end of the Financial Statements.
Information that relates directly to ACT Government matters can be found in sections 1.3, 3.8.1.1, 3.8.2.1 and 4.1.3.
For enquiries about this report or for copies of other Office of the Privacy Commissioner publications, please contact:
Director
Corporate and Public Affairs
Office of the Privacy Commissioner
GPO Box 5218 SYDNEY NSW 2001
Telephone: + 61 2 9284 9800
Fax: + 61 2 9284 9666
Email: privacy@privacy.gov.au
Website: www.privacy.gov.au
Hotline: 1300 363 992 local call
TTY: 1800 620 241 no voice calls
This report is also available on the Office of the Privacy Commissioner's website at www.privacy.gov.au/publications/index.html#A.
If you speak a language other than English and need help please call the Translating and Interpreting Service on 131 450 and ask for the Australian Government Office of the Privacy Commissioner on 1300 363 992. This is a free service.
Six years into the 21st century and technology moves on at an incredible rate. A plethora of new terms has evolved to make sense of this new era: the Information Age; the Knowledge Economy; Informationalism; the Digital Revolution; the Intangible Economy … the list goes on. Researchers at the University of California at Berkeley recently estimated that now in the 21st century we can expect five billion gigabytes of new information to be produced yearly. If one gigabyte is a truckload of books, five billion gigabytes is beyond comprehension. Startlingly, only 0.01 per cent of those five billion gigabytes will be paper based; the vast majority of new information instead being produced in magnetic media such as hard disks.1
A considerable amount of this information will undoubtedly identify individuals. In the Information Age, personal information can be used in ways previously inconceivable in a world of paper documents and this raises a number of questions about privacy. Have our expectations about privacy changed in this new technological climate? Are current laws adequately protecting privacy? How can we ensure the protection of personal information while continuing to enjoy the advantages of electronic record systems, the internet and all manner of new technologies?
In 2005-06 we saw a number of positive steps towards addressing these important questions. In January, the Australian Law Reform Commission (ALRC) was given a reference by the Attorney-General to undertake a review of Australian privacy legislation in light of rapid technological advances. I was very pleased to see the Government take this step following recommendations I made in my 2005 review of the private sector provisions of the Privacy Act which called for a wider review of privacy laws to ensure the legislation best serves the needs of Australia in the 21st century. The final ALRC report is due to the Attorney-General in March 2008.
Over the year the Office also made a number of submissions relating to technological issues and initiatives. In 2005 my Office submitted to the Unauthorised Photographs on the Internet and Ancillary Privacy Issues: Discussion Paper while in 2006 submissions were made to the Review of the Spam Act 2003 undertaken by Department of Communications, Information Technology and the Arts and the Australian Government e-Authentication Framework for Individuals Discussion Paper released by the Australian Government Information Management Office.
2005-06 also saw the introduction of a number of anti-terrorism measures by the Government which brought to the fore the importance of balancing security with individuals' right to privacy. I believe that laws regulating individual privacy and national security are not mutually exclusive and can be synchronised to deliver safety to Australians in an environment where privacy is respected.
During the year my Office provided advice on the impact of counter-terror measures on privacy, including submissions to the Review of Security Legislation relating to Terrorism undertaken by the Security Legislation Review Committee in January 2006; the Inquiry into the Exposure Draft of the Anti-money Laundering Bill and Counter-terrorism Financing Bill 2005; and the Inquiry into the Provisions of the Telecommunications (Interception) Amendment Bill 2006, the latter two both undertaken by the Senate Legal and Constitutional Committee in March 2006.
A final area of major change in the Australian privacy landscape for 2005-06 came in April, with the Government's announcement of its intention to introduce a health and social services access card. Already, my Office has provided advice to the Government's Draft Smartcard Framework, and we will continue to inform the Government's development and implementation of the access card with a view to ensuring the continued protection and security of Australians' personal information. New technologies, such as smartcards, create challenges to the maintenance of privacy. However, with careful planning and early intervention, privacy safeguards can be built into system design.
In May 2006, I welcomed the Government's budget announcement that my Office would be allocated approximately $8.1m in additional funding over the next four years. This increase in resources will make 2006-07 and subsequent years an exciting and productive period for the Office.
The additional funding will be directed toward three major areas of Office activity. Firstly, it will allow us to effectively implement recommendations made in our review of Office complaint handling processes to ensure that privacy complaints are handled efficiently. Our aim is to reduce the current complaint backlog while enhancing service standards and conciliation techniques.
Secondly, the funding will allow us to respond to calls from business and industry for greater assistance in meeting their obligations under the Privacy Act. Following on from recommendations made in my 2005 review of the private sector provisions of the Privacy Act, my Office will work closely with business and consumer representatives to develop guidance and educational material to assist organisations and individuals to better understand their rights and responsibilities under the Privacy Act.
Thirdly, the additional funding will enable my Office to respond to government requests for high level privacy advice in the development of new policy initiatives. Encompassed within the Office's additional funding was $1.3m for Identity Security which includes advising the Government on privacy issues and conducting audits during the implementation of the Document Verification Service. The Office was also allocated $250 000 to assist the Australian Federal Police introduce guidelines in relation to the increased collection of information from closed circuit television (CCTV) systems as set out in the Anti-terrorism Act (No. 2) 2005. Certainly these will be major projects in 2006-07.
Over the coming year, I am also committed to working with the Government during the design phase of the Health and Social Services Access Card to ensure that privacy impacts are addressed and individual privacy continues to be respected.
Finally, at an international level, my Office will be contributing to processes to implement the Asia Pacific Economic Cooperation (APEC) Privacy Framework which was endorsed by APEC Ministers in November 2004. This will involve my Office working with other privacy regulators in the region on matters such as the development of strategies to enable the handling of complaints across jurisdictions. Implementation of the APEC Privacy Framework will coincide with Australia hosting APEC in 2007.
A brief summary of the Office's performance in 2005-06 is outlined below. A more detailed review of performance is contained in chapters 1 - 4.
The Office received 19 150 telephone enquiries in 2005-06 compared with 21 108 in 2004-05. This represents a 9% decrease in enquiries received by the Hotline. See section 3.2.1 for further information.
The Office received 2316 enquiries by email, post or facsimile in 2005-06 compared with 2094 written enquiries reported in 2004-05. This represents an 11% increase in the number of written enquiries received by the Office from the previous year. See section 3.2.2 for further information.
The Office received 1183 complaints in 2005-06 compared with 1275 in 2004-05. This represents an 7% decrease in the number of complaints received by the Office from the previous year. See section 3.3.1 for further
information. The Office closed 1131 complaints in 2005-06 representing a 2% decrease from the previous year.
The Office published 18 case notes on complaints that were closed during the year. The case notes are prepared to illustrate matters that may have a significant impact on a large number of people. Case notes serve to demonstrate to members of the public how the Commissioner handles complaints. Case notes also serve as a possible indication of the Commissioner's view in relation to aspects of privacy law. See section 3.5 for further information.
The Office produced 155 advices on significant policy issues; this represents an 11% increase in the number of policy advices the Office prepared in comparison to 2004-05.
Policy advices include letters and emails to government departments and agencies and private sector organisations on specific proposals, submissions to public consultation processes and Senate inquiries, advice for guidance material published by the Commissioner and advice for inclusion in other reports and published documents.
Following the receipt of an application for a further Temporary Public Interest Determination regarding the collection of health information about individuals from Medicare Australia's Prescription Shopping Project Information Service, the Commissioner made two Temporary Public Interest Determinations (TPIDs) in February 2006: Temporary Public Interest Determination No. 2006-1 and Determination No. 2006-1A under section 80B(3) giving general effect to the Temporary Public Interest Determination No 2006-1. The Determinations and the Explanatory Statement are available at www.privacy.gov.au/act/publicinterest/index.html#3.
The Commissioner also issued three Credit Determinations in 2005-06 including Credit Provider Determination 2006-1 concerning assignees of debt and Credit Provider Determination 2006-2 concerning the classes of credit providers. See section 1.4.3 for further information. The consultation papers covering the three determinations can be found at www.privacy.gov.au/act/credit/index.html#cpd.
148 media enquiries were received in 2005-06. This is a decrease in comparison to the number of enquiries for 2004-05 in which the Office received 234 media enquiries.
39 speeches and presentations were delivered in 2005-06. The presentations addressed ongoing and emerging privacy issues. Further information on speeches and presentations can be found at section 2.4 and a list of all speeches and presentations delivered by the Office can be found at Appendix 3.
The Office undertook an internal review of its complaint handling procedures in 2005-06. Key to the review were assessing current complaint handling procedures and developing methods of resolving complaints with quicker turnaround times and greater satisfaction by the parties concerned. The review produced a series of recommendations which are in the process of being implemented. See section 3.1 for further information.
In 2005-06, the Commissioner provided 19 submissions to government departments and parliamentary inquiries on policy proposals or Bills before parliament, providing analysis on the privacy implications of the proposal or Bill and offering advice on methods to ensure privacy is appropriately considered and protected.
The following submissions were made by the Office.
Karen Curtis Privacy Commissioner
1 Peter Lyman & Hal R. Varian, How Much Information? 2003, retrieved from www.sims.berkeley.edu/how-much-info-2003 on 8 August 2006.
The Hon Philip Ruddock MP Attorney-General
Parliament House CANBERRA ACT 2600
Dear Attorney-General
I am pleased to submit to you, for presentation to the Parliament, the annual report for the Office of the Privacy Commissioner on the operation of the Privacy Act 1988 for the year ended 30 June 2006.
This report has been prepared in accordance with section 97 of the Privacy Act 1988.
Yours sincerely
Ms Karen Curtis Privacy Commissioner
11 October 2006