Annual Report 2006-07:
User's Guide and Commissioner's Overview 2006-07
User’s Guide
Immediately following this guide, you will find the Commissioner’s Overview
for 2006–07 which includes a summary of significant issues, developments and
achievements during the year, key statistics, and an outline for the year ahead
for the Office.
The main chapters follow the Overview and the Annual Report is concluded by
the various Appendices, Glossary and Index.
Chapter 1 Respecting Privacy describes
the Office’s work for 2006–07 in providing advice on the privacy implications of
legislation and government and private sector policy proposals that may have a
significant impact on the handling of personal information.
Chapter 2 Promoting Privacy sets out
the work the Office completed in promoting and educating key client groups on
privacy issues. This includes liaising with key stakeholders in the private
sector, networking with privacy representatives across Australian and ACT
Government departments and agencies, handling media enquiries, maintaining the
Office’s website and assisting with speeches and presentations by the
Commissioner and members of staff.
Chapter 3 Protecting Privacy records
the work the Office undertook to encourage and enforce compliance with the
Privacy Act. This includes handling enquiries, undertaking audits of government
agencies, investigating complaints and conciliating disputes.
Chapter 4 Management and
Accountability contains an overview of the Office’s administrative
arrangements, management of human resources and corporate governance.
The Appendices contain information required under specific legislation
together with any other useful material. These can be found following on from
Chapter 4.
The Office of the Privacy Commissioner’s audited Financial Statements for
2006–07 are located immediately following the Appendices. The Glossary and
Alphabetical Index can be found at the end of the report.
ACT Government
Information that relates directly to ACT Government matters can be found in
sections 1.4, 3.8.1.1,
3.8.2.1 and 4.1.3.
How to find out more
For enquiries about this report or for copies of other Office of the Privacy
Commissioner publications, please contact:
Director
Corporate and Public Affairs
Office of the Privacy
Commissioner
GPO Box 5218
SYDNEY NSW 2001
Telephone: + 61 2 9284
9800
+ 61 2 9284
9666
Email: privacy@privacy.gov.au
Website:
www.privacy.gov.au
Enquiries line: 1300 363 992 local
call
TTY: 1800 620
241 no voice calls
This report is also available on the Office of the Privacy Commissioner’s
website at www.privacy.gov.au/publications/index.html#A.
Non-English Speakers
If you speak a language other than English and need help, please call the
Translating and Interpreting Service on 131 450 and ask for the Australian
Government Office of the Privacy Commissioner on 1300 363 992. This is a free
service.
Commissioner’s Overview 2006–07
2006–07 was a year characterised by strategic analysis, reflection on the
operation of the law and looking to the future.
Two projects in particular capture this. One was my Office’s submission to
the Australian Law Reform Commission (ALRC) review of privacy. The other was our
development of a new Strategic Plan to guide our operations over the next three
years.
Our substantial submission to the ALRC review of privacy crystallises our
thoughts on what the future of privacy regulation in Australia should look like.
This submission brings together my Office’s position on issues as varied as the
privacy principles, technology, transborder data flows, exemptions to the
Privacy Act, health and telecommunications, to name a few.
A central theme of the submission was that any reform of Australia’s privacy
laws should aim to enhance regulatory consistency and reduce complexity.
Nationally consistent privacy legislation will reduce compliance difficulties
for agencies and organisations and empower individuals to understand and
exercise their privacy rights without confusion.
Currently, the Privacy Act contains two sets of privacy principles. One set
applies to Australian and ACT Government agencies and the other to the private
sector. I believe that a technology-neutral, principles-based approach remains
the best way to regulate personal information handling in the context of rapid
technological change. However, my Office has suggested that these two sets of
principles should be replaced by a single set of principles to reduce regulatory
complexity.
Further information about the ALRC review of privacy is available in
section 1.2 of this report.
The second project that caused the Office to look to the future was our
development of a new Strategic Plan; a project vital to all aspects of our
operations.
For me, a Strategic Plan is essential to the success of an agency. It focuses
the agency’s energies and gives a clear and steady direction to its many
operations and functions.
Our strategic planning process involved the whole Office and I am very
pleased with the outcome, which is a plan that combines high standards and goals
with practical actions for achieving those goals.
Our vision, as articulated in our new Strategic Plan, is of ‘an Australian
community in which privacy is valued and respected’. This simple but powerful
vision lies at the heart of all our efforts to promote, protect and encourage
respect for that simple but powerful value: privacy.
Many have commented on the upheaval we have seen in the past few decades
(particularly in the realm of information technology) and how this has impacted
on privacy and the way we make ourselves known to the world. But what hasn’t
changed is that we will still need privacy to live full, autonomous and free
lives.
Our Strategic Plan heralds the next instalment of our work to promote and
protect this important value. The Plan is attached to this Annual Report at
Appendix 8.
The new Strategic Plan and our submission to the ALRC review of privacy were
major pieces of work for 2006–07. However there were many significant projects
undertaken by my Office during the year.
During 2006–07 my Office continued to work closely with the Office of Access
Card and the Consumer and Privacy Taskforce to provide advice on the privacy
framework surrounding the proposed Health and Social Services Access Card.
In 2006–07, the Office also implemented many of the recommendations made in
its Complaint Handling Review in an ongoing effort to reduce the complaint
backlog and enhance our service standards and conciliation techniques.
In 2006, my Office joined with state and territory privacy regulators to
promote ‘Privacy Awareness Week’. During the week, the Office released a number
of promotional items and hosted an event at which the Attorney-General launched
the Office’s new layered privacy policy, and Privacy Impact Assessment Guide.
In November 2006, my Office also marked the five year anniversary of the
National Privacy Principles (NPPs). My Office hosted a function which offered a
chance both to look back at how the NPPs had performed and to look forward. This
event is, I hope, the first of many Privacy Connections events hosted by the
Office to raise privacy awareness in the private sector.
The year ahead
In 2007–08, the Office will continue to host Privacy Connections events
across Australia to raise awareness in the private sector about privacy
obligations under the Privacy Act. These events will likely involve speakers
from the Office as well as guest speakers sharing their knowledge of information
handling in their organisations.
We will also work to promote privacy via the Privacy Awareness Week
initiative, which in 2007 will be promoted in coordination with other data
protection authorities in the Asia Pacific region.
In 2007, the Office will be releasing the results of community attitudes
research it has commissioned. This research seeks to find out what individuals
think about privacy in different contexts. The research will help the Office to
‘tune in’ to community expectations about privacy and will be vital for ensuring
that Office operations and activities match the needs of key stakeholders.
During the reporting period, the Office undertook to audit all of its
publications to check for accuracy and currency. In 2007–08 the Office will
update publications based on the findings of the audit. Our aim is to have
guidance material available to stakeholders that is clear, up-to-date,
accessible, and written in plain English.
Tying in closely with the publications review is the redevelopment of the
Office’s website which will be progressed in the coming year. The website
redevelopment seeks to make our publications easy to find and improve the layout
and accessibility of the Office’s online presence.
With many of the recommendations implemented from the Office’s Complaint
Handling Review, the Office will move to taking a more proactive approach to
encouraging compliance with the Privacy Act and look to address systemic privacy
issues.
In 2007–08, the Office looks forward to participating in the next phase of
the ALRC review of privacy. The ALRC is due to release a discussion paper in
2007 and then its final report in 2008. The Office will continue to consult with
the ALRC during this period to ensure the best outcome for privacy legislation
in Australia.
And finally, the Office is committed to implementing the actions and goals
encompassed in its new Strategic Plan and work towards the vision of ‘an
Australian community in which privacy is valued and respected’.
The year in review – a summary
A brief summary of the Office’s performance in 2006–07 is outlined below. A
more detailed review of performance is contained in chapters 1 – 4.
Telephone Enquiries:
The Office received 17 392 telephone enquiries in 2006–07 compared with 19
150 in 2005–06. This represents a 9% decrease in enquiries received by the
Enquiries Line. See section 3.2.1 for further
information.
Written Enquiries:
The Office received 2182 enquiries by email, post or facsimile in
2006–07 compared with 2316 written enquiries reported in
2005–06. This represents a 6% decrease in the number of written
enquiries received by the Office from the previous year. See section 3.2.2 for further information.
Complaints:
The Office received 1094 complaints in 2006–07 compared with 1183 in 2005–06.
This represents an 8% decrease in the number of complaints received by the
Office from the previous year. See section 3.3.1
for further information. The Office closed 1210 complaints in 2006–07,
representing a 7% increase from the previous year.
Case Notes:
The Office published 24 case notes on complaints that were closed during the
year. The case notes are prepared to illustrate matters that may have a
significant impact on a large number of people. Case notes serve to demonstrate
to members of the public how the Commissioner handles complaints. Case notes
also serve as a possible indication of the Commissioner’s view in relation to
aspects of privacy law. See section 3.5 for further
information.
Determinations:
In 2006–07, the Office renewed three credit provider determinations. See
section 1.5.3 for further information.
On 23 December 2006, Temporary Public Interest Determinations (TPIDs) issued
by the Privacy Commissioner, which allowed health practitioners to collect
patients’ health information from the Prescription Shopping Information Service
without consent, and without breaching NPP 10, expired. Amendments to the
Privacy Act in 2006 removed the need for further TPIDs in this area. See section
1.6.3 for further information.
Complaint Handling Review:
As signalled in last year’s Annual Report, and in line with Recommendation 42
of the Office’s 2005 report, Getting in on the Act: The Review of the
Private Sector Provisions of the Privacy Act 1988, the Office has reviewed
its complaint handling processes. A series of changes were recommended, and
these changes have either been implemented, or are close to final
implementation. Key changes include:
- clarifying our conciliation process
- new respondent and complainant response timeframes
- developing strategies to proactively pursue responses
- updating the Complaint Handling Manual
- drafting Determination guidelines and
- designing and implementing a uniform training program for Compliance Section
staff.
Where changes directly affect complainants and respondents the Office has
given stakeholders clear notice of the changes. For example, the Office
announced the reduction in timeframes in the Office’s newsletter Privacy
Matters and amended timeframes on its website. The impact of changes will
be evaluated after they have been in operation for a reasonable period. This is
likely to be within 12–18 months. See section 3.1 for
further information about the Office’s compliance activities.
Media:
132 media enquiries were received in 2006–07. This represents an 11% decrease
in comparison to the number of enquiries for 2005–06, in which the Office
received 148 media enquiries. See section 2.3 for
further information.
Speeches:
26 speeches and presentations were delivered in 2006–07. The presentations
addressed ongoing and emerging privacy issues. Further information on speeches
and presentations can be found at section 2.4 and a
list of all speeches and presentations delivered by the Office can be found at
Appendix 3.
Policy Advices:
The Office produced 163 advices on significant policy issues. This represents
a 20% increase in the number of policy advices the Office prepared in comparison
to 2005–06.
Policy advices include letters and emails to government departments and
agencies and private sector organisations on specific proposals, advice for
guidance material published by the Commissioner and advice for inclusion in
other reports and published documents.
The number of submissions made by the Office to public consultation processes
is listed separately below.
Submissions:
In 2006–07, the Commissioner provided 32 submissions to government
departments and parliamentary inquiries on policy proposals or Bills before
parliament, providing analysis on the privacy implications of the proposal or
Bill and offering advice on methods to ensure privacy is appropriately
considered and protected.
The following submissions were made by the Office:
- Research Study into Public Support for Science and Innovation; Productivity
Commission (August 2006)
- Extradition and Mutual Assistance Treaties with Malaysia; Joint Standing
Committee on Treaties (August 2006)
- Consultation on the second exposure draft of the Anti-Money Laundering and
Counter-Terrorism Funding Bill 2006; Attorney-General’s Department (August 2006)
- Consultation on the Australian Government Health and Social Services Access
Card – Discussion Paper Number 1; Department of Human Services: Access Card
Consumer and Privacy Taskforce (August 2006)
- Industry Standard for the Making of Telemarketing Calls – Discussion Paper;
Australian Communications and Media Authority (September 2006)
- Review of the Taxation Secrecy and Disclosure Provisions – Discussion Paper;
Treasury (September 2006)
- Inquiry into the Privacy Legislation Amendment (Emergencies and Disasters)
Bill 2006; Senate Legal and Constitutional Affairs Committee (October 2006)
- Review of Australia’s Mutual Assistance Law and Practice; Attorney-General’s
Department (October 2006)
- Families, Community Services and Indigenous Affairs and Veterans’ Affairs
Legislation Amendment (2006 Budget Measures) Bill 2006; Senate Standing
Committee on Legal and Constitutional Affairs (November 2006)
- Queensland Law Reform Commission Guardianship Review Stage 1 –
Confidentiality in the Guardianship System: Public Justice, Private Lives;
Queensland Law Reform Commission (November 2006)
- Inquiry into the Anti-Money Laundering and Counter-Terrorism Financing Bill
2006 and the Anti-Money Laundering and Counter-Terrorism Financing (Transitional
Provisions and Consequential Amendments) Bill 2006; Senate Legal and
Constitutional Affairs Committee (November 2006)
- Consultation on the Exposure Draft of the Human Services (Enhanced Service
Delivery) Bill 2007; Office of Access Card (January 2007)
- Telecommunications (Do Not Call Register) (Telemarketing and Research Calls)
Draft Industry Standard 2006; Australian Communications and Media Authority
(January 2007)
- Review of the law on Personal Property Securities, Discussion Paper 1,
Registration and Search Issues; Attorney-General’s Department (February 2007)
- Exposure Draft of the Telecommunications (Interception and Access) Amendment
Bill 2007; Attorney-General’s Department (February 2007)
- Inquiry into the AusCheck Bill 2006; Senate Legal and Constitutional Affairs
Committee (February 2007)
- Inquiry into the AusCheck Bill 2006 – Questions on Notice Supplementary
Submission; Senate Legal and Constitutional Affairs Committee (February 2007)
- Australian Law Reform Commission Review of Privacy – Issues Paper 31;
Australian Law Reform Commission (February 2007)
- Inquiry into the Human Services (Enhanced Service Delivery) Bill 2007;
Senate Finance and Public Administration Committee (February 2007)
- Draft Consolidated Anti-Money Laundering and Counter-Terrorism Financing
Rules; AUSTRAC (March 2007)
- Consultation Draft Telecommunications Integrated Public Number Database
Scheme 2007; Australian Communications and Media Authority (March 2007)
- Consultation on the Privacy Blueprint – Unique Health Identifiers (Version
1.0); National E-Health Transition Authority (March 2007)
- Draft of Telecommunications Integrated Public Number Database Legislative
Instruments 2007; Department of Communications, Information Technology and the
Arts (March 2007)
- Consultation on the Australian Government Health and Social Services Access
Card – Discussion Paper Number 2; Department of Human Services: Access Card
Consumer and Privacy Taskforce (March 2007)
- Government Agency Coercive Information-Gathering Powers, Draft Report;
Administrative Review Council (March 2007)
- Australian Law Reform Commission Review of Privacy – Issues Paper 32: Credit
Reporting Provisions; Australian Law Reform Commission (April 2007)
- Consultation on the Australian Government Health and Social Services Access
Card – Discussion Paper Number 3 on Registration; Department of Human Services:
Access Card Consumer and Privacy Taskforce (April 2007)
- Consultation on Australian Government Smartcard Framework (version 0.12),
Standards and Model Specification (‘Part c’); Australian Government Information
Management Office (April 2007)
- Consultation on Australian Government Smartcard Framework Part d (Working
Draft Version 2.0); Australian Government Information Management Office (May
2007)
- Research Calls on Sundays; Australian Communications and Media Authority
(May 2007)
- Legal Professional Privilege and Commonwealth Investigatory Bodies – Issues
Paper 33; Australian Law Reform Commission (June 2007)
- Consultation on Model Offences to Combat Identity Crime 2007; Model Criminal
Law Officers’ Committee of the Standing Committee of Attorneys-General (June
2007).
Karen Curtis
Privacy Commissioner
|
HOME > User's Guide and Commissioner's Overview 2006-07
