Submission Home | Executive Summary | Submission Summary | Summary of Positions | Part A | Part B | Part C | Part D | Part E | Part F | Part G | Part H | Part I | Part J | Bibliography
1. The Office agrees with proposal 15-1(a).
2. The proposal is in accordance with the Office's position in its submission to the ALRC's Issues Paper 31 (IP 31) at question 4-36.[168]
3. The Office agrees with proposal 15-1(b).
4. Such an object would assist in ensuring that rights and obligations of various parties will be clearly understood.
5. The Office agrees with proposal 15-1(c).
6. The Office agrees with proposal 15-2.
7. The proposal is in accordance with the Office's position in its submission to the IP 31 at question 4-34.[169]
8. The Office agrees with proposal 15-3.
9. This accords with views the Office has expressed in chapter 13 of this submission. The Office has also expressed views on proposals concerning regulation making powers under the Privacy Act 1988 (Cth) (‘Privacy Act') at question 3-1 of this submission.
10. The Office agrees with proposal 15-4.
11. In the Office's view the NPPs are simpler, more concise and more user-friendly compared with IPPs.
12. The proposal is in accordance with the Office's view expressed in its submission to IP 31at question 4-35.[170]
i. The Office agrees that the National Privacy Principles should provide the general template in drafting and structuring the proposed UPPs.
1. The Office agrees with proposal 16-1.
2. As the ALRC notes, the Office's Guidelines to the National Privacy Principles provide general advice on consent.[171] Consent is also addressed in the Office's Guidelines on Privacy in the Private Health Sector.[172]
3. Regarding part (a) of proposal 16-1, the Office suggests that the need for further guidance material on consent could best be identified in consultation with agencies and organisations, as well as with consumer and privacy stakeholders. This consultation would ensure that the material produced is necessary and relevant to the specific sectors identified.
4. Regarding part (b) of proposal 16-1, the Office is currently producing guidance material on ‘bundled consent' and short form privacy notices, as per recommendation 22 from the Office's Review of the Private Sector Provisions of the Privacy Act (Private Sector Review).[173] Bundled consent was also discussed in the Office's submission to ALRC IP 31, question 4-11.[174]
Other options for addressing consent
5. The ALRC sets out other options for addressing consent issues. The ALRC considers amending the current definition of consent or using legislative provisions to set out consent requirements for a given sector.[175] The ALRC also considers introducing a separate Unified Privacy Principle (UPP) for consent.[176]
6. The Office would not support these approaches because, in its view, these options risk introducing greater complexity into privacy regulation without having demonstrated a deficiency in the current consent framework.
7. Accordingly, the Office suggests that guidance material is the best approach to reducing uncertainty on consent requirements.
Requirements for obtaining consent
8. The Office holds some concern about the ALRC's discussion on the specific requirements for obtaining consent. While the ALRC's comments do not directly affect proposal 16-1, they may inform subsequent consideration of consent issues. Accordingly, the Office wants to clarify its understanding of consent requirements.
9. Discussion Paper 72 states:
10. The ALRC also notes that ‘the level of effort that a data collector should be expected to undertake to secure the consent of an individual also will depend on these contextual factors.'[178]
11. While the Office agrees that the way consent is sought may differ according to the situation, the requirement of voluntariness remains constant. Individuals may give express or implied consent to information-handling. In the Office's view, the greater the sensitivity of the information or the practice, the more likely it is that consent should be expressed actively, rather than implied. In either case, however, consent involves the individual both having knowledge of the matter agreed to, and providing that agreement voluntarily.
12. In the Office's view, it is important to recognise that the ‘level of effort' undertaken by a data collector is not relevant to determining whether an individual has given their consent. The Office suggests that the ALRC gives further consideration to this matter, and that its report clarify the requirements for obtaining consent.
1. The Office agrees with many aspects of proposal 17-1, but suggests the current proposal be amended to clarify the principle's concepts and application.
2. As discussed in the Office's submission to IP 31[179] the Office supports the introduction of the anonymity principle as the first principle in the unified privacy principles.
3. The Office suggests that positioning anonymity as the first principle in the unified privacy principles (UPPs) is a useful reflection of the information handling life cycle and encourages agencies and organisations to consider the fundamental question of whether they need to collect personal information at all. In the Office's view, minimising the collection of personal information, including by permitting individuals to interact anonymously, remains the most effective way to guard against its misuse.
4. The Office stresses that the option to transact anonymously or under a pseudonym is only available where this is lawful and practicable. In the context of service delivery to particular individuals, in both the public and private sectors, the Office recognises that anonymous transacting may not be possible or practicable.
5. However, the Office is concerned that incorporating pseudonymity in the title of the principle may detract from this concept. Incorporating pseudonymity in the title of the first unified privacy principle may result in agencies and organisation equating the terms anonymity and pseudonymity. This may result in individuals losing their right to transact anonymously. In the Office's view, the obligation on agencies and organisation to provide individuals with the option to transact pseudonymously should be secondary to an individual's primary right to transact anonymously. While encouraging the use of pseudonyms may be a positive step to protecting privacy, anonymity would generally be an even more secure form of protection.
6. The Office also notes that the use of the term pseudonymity in the title may unnecessarily complicate the anonymity principle making it appear less accessible to the public and needlessly technical.
7. However the Office sees merit in incorporating the concept of pseudonymity in the text of the principle.
8. Incorporating pseudonymity in UPP 1 provides greater flexibility to the anonymity principle and recognises that there are likely to be various situations in which an individual while not able to transact anonymously will be able to transact with an agency or organisation using a pseudonym.
9. As noted by the ALRC in its DP, at paragraph 17.21, extending the anonymity principle to encompass pseudonymity could encourage organisations and agencies to build into their systems this privacy enhancing option.
10. Accordingly the Office supports the inclusion of a requirement that where is it not practicable for an individual to transact anonymously, organisations and agencies should, where it is practicable and lawful to do so, provide individuals with the option of transacting using a pseudonym.
11. The Office agrees in principle with proposal 17-2.
12. As noted in paragraph 7, the Office recognises that there are various situations where an individual will not able to transact anonymously (for example, when it is necessary to keep a record of transactions), but will be able to interact with an agency or organisation using a pseudonym.
13. The Office recognises that in many circumstances an agency or organisation will not be able to provide a service or carry out its functions or activities if the individual seeks to transact anonymously or pseudonymously.
14. The Office supports the inclusion of a requirement that where it is not practicable for an individual to transact anonymously, organisations and agencies should, where it is practicable and lawful, afford individuals the option of transacting under a pseudonym.
15. The Office agrees in principle with proposal 17-3.
16. The proposal is in accordance with the Office's position in its submission to IP 31.[180]
17. However, the Office has some concern that agencies and organisations may use the terms pseudonymity and anonymity interchangeably.
18. In order to satisfy the requirements of proposal 17-3, agencies and organisations need only offer individuals one of the options, that is, to transact anonymously or pseudonymously.
19. In this circumstance, an agency or organisation may fail to give consideration to the most appropriate manner of transacting with an individual, opting rather to incorporate only the capability for pseudonymous transactions into its system design. This could have the effect of reducing an individual's choice over the manner in which they interact.
20. Of equal concern is the potential for agencies and organisations to build a comprehensive repository of information based on an individual's use of a particular pseudonym, in circumstances where it is unnecessary. While this is unlikely in itself to amount to an interference with privacy, agencies and organisations should, where possible, avoid the unnecessary collection of information.
21. A related but more significant concern is the possibility that information collected in a pseudonymous transaction could in some circumstances amount to personal information. For example, new technology may enable an organisation or agency to use information provided by an individual under a pseudonymous transaction to identify the individual Alternatively individuals may inadvertently provide personal information in their choice of pseudonym. The Office could address this in its proposed guidance material on the meaning of ‘personal information' and ‘identifiable'.
22. Where information collected by the agency or organisation or in the agency or organisation's possession falls within the definition of personal information the organisation or agency will be under an obligation to handle this information in accordance with the Privacy Act 1988 (Cth).
23. Accordingly, the Office suggests that the wording of the principle be clarified to ensure that organisations and agencies provide individuals with the option of interacting anonymously where this is lawful and practicable. Where it is not practicable for an individual to transact anonymously or where the individual chooses to transact under a pseudonym an agency or organisation is required to give individuals the clear option to transact pseudonymously if this is lawful and practicable.
24. The Office agrees with proposal 17-4.
25. In addition to the guidance recommended under this proposal, it would also be useful for the Office to provide guidance to organisations and agencies onthe differences between transacting anonymously or pseudonymously.
1. The Office agrees with proposal 18-1(a).
2. The proposal reflects the Office's position in its submission to ALRC IP 31 at question 4-3.[181]
3. The Office agrees with proposal 18-1(b).
4. The Office acknowledges the need for guidance to clarify the circumstances in which it would not be reasonable and practicable to collect information from the individual concerned.
5. The Office generally agrees with proposal 18-2, but suggests that the provision be clarified as discussed in detail below.
6. Proposal 18-2(a) is broadly consistent with the Office's position as outlined in its submission to ALRC IP 31, question 4-5.[182]
‘Destroy the information immediately...'
7. The Office notes that the term ‘immediately' may be difficult to apply if interpreted literally. For example, in a large business, incoming information may be passed through several sections of the organisation before it is assessed. It may not be possible to achieve this within the compressed timeframe suggested by ‘immediately.'
8. Paragraph 18.32 of DP 82 clearly notes that where an entity collects personal information from a third party, that ‘this will require the entity to consider' two matters:
9. However, the proposal, with its emphasis on ‘immediate' destruction does not provide for this deliberative period. While this need not necessarily be reflected in the principle, it could usefully be clarified in the ALRC's final report.
Collection obligations and unsolicited information
10. The Office supports the intent of paragraph (b) of proposal 18-2 - that unsolicited information be subject to the UPPs where it is used or disclosed by an agency or organisation.
11. The usual collection requirements of necessity and lawfulness should still apply to such collections.
Meaning of ‘unsolicited information'
12. Based on its discussions with stakeholders, the Office notes that there may be a need for guidance material to address the meaning of ‘unsolicited information.' There are a number of different scenarios for how personal information may be received without being solicited, including:
13. In the Office's view, this uncertainty could best be addressed through guidance material.
14. The Office supports proposal 18-3, which reflects the Office position in its submission to ALRC IP 31, question 4-35.[183]
15. The wording of proposal 18-3 is similar to the current NPP 1.1, but introduces a requirement of reasonableness.
16. The IPPs and NPPs currently use several different formulations of this requirement. The ALRC uses the ‘reasonably believes' formulation where applicable throughout the proposed UPPs. The Office supports using this terminology consistently across the Privacy Act.
Collection for a ‘reasonable' purpose
17. As noted in DP 72, the Office has previously suggested that the test of reasonableness could not only extend to the necessity of the collection, but to the purpose of collection. This was in response to the observation made in ALRC Issues Paper 31 that existing principles appear to not to consider the degree to which any given purpose of collection is legitimate. The Office noted that this is less likely to be a concern for agencies, in that their functions will be based in enabling legislation.
18. At paragraph 18.41, DP 72 cites section 11(2) of the Alberta Personal Information Privacy Act S.A (2003), which says:
Where an organization collects personal information, it may do so only to the extent that is reasonable for meeting the purposes for which the information is collected.
19. However, the Office previously noted s 11(1) of this same Act, which requires that:
An organization may collect personal information only for purposes that are reasonable.
20. In the Office's view, establishing that the purpose of collection is reasonable is more important than whether there is a reasonable necessity. If only the latter requirement applied, collections may be necessary, albeit for purposes that would seem unreasonable and beyond what individuals may expect is a reasonable function or activity of that organisations or agency. For example, an organisation could claim that a highly invasive activity (such as ‘conducting surveillance on all its customers') was one of its functions, and that the collection of personal information was reasonably necessary for that function. There is little scope in the proposal to examine whether this claimed function is reasonable in the specific context of that organisation.
21. Accordingly, the Office reiterates the potential value of a collection principle requiring that an organisation may only collect personal information for purposes that are reasonable, where 'reasonable' means 'what a reasonable person would consider appropriate under the circumstances'.
Lawful purpose
22. The Office suggests that the proposed Collection UPP also require that the purpose of collection be lawful. The Information Privacy Principles (IPPs) currently make a provision to this effect. IPP 1 states that:
23. Agencies operate within a legislative framework which authorises or requires certain collections of personal information. It would seem reasonable that collections by agencies should fall within the ambit of what is permitted by their statutory functions.
24. For lawfulness to be incorporated into UPP 2.1, it would also need to be demonstrated that the provision would be workable for the private sector. It does not appear that introducing a ‘lawful purpose' requirement would increase the private sector's regulatory burden, but would be consistent with any other laws to which organisations might be subject. Collections that are prohibited by other laws would not be permitted, while other collections would be lawful.
25. In addition, the Office notes that New Zealand's privacy legislation, which regulates both public and private sectors, contains a provision to this effect. Principle 1 of the Privacy Act 1993 (New Zealand) states that:
26. The Office suggests that consideration be given to incorporating a reference to ‘lawfulness' in the proposed UPPs.
1. The Office agrees with proposal 19-1.
2. The Office agrees that requirements relating to sensitive information apply to both agencies and organisations.
3. In its submission to the ALRC's Issues Paper 31 (IP 31), the Office addressed the question of whether both agencies and organisations should be bound by provisions for the collection of sensitive information. As stated in its response to IP 31 individuals' sensitive information requires continuity and consistency of protection regardless of whether the information is handled by a public or private sector entity.[184]
4. The Office also supports the second element of proposal 19-1, that the sensitive information requirements should be located in the proposed ‘Collection Principle.'
5. The Office generally supports proposal 19-2, which is consistent with the Office's position in its submission to ALRC IP 31, question 4-33.[185]
6. As discussed at question 13-1 of this submission, legal requirements or authorisation for information handling should be clearly apparent from the law in question. Accordingly, the Office supports the condition of ‘specific authorisation' being added.
7. The requirement of specific authorisation is particularly appropriate in the context of sensitive information, where the community expects rigorous protections around the collection of their personal information.[186] While the Office recognises that this would reflect a possible lowering of protections, in that collection of sensitive information is currently subject to the higher test of ‘required by law', the Office believes that an explicit statement from Parliament, or other properly recognised source of law, should provide sufficient protections against misuse.
8. The Office does not support proposal 19-3, in that the removal of the ‘imminence' test would appear to significantly lower privacy protections. While the Office recognises the need to collect sensitive information in emergency situations, there does not appear to be a sufficiently strong case to lessen privacy protections by departing from the current model provided by NPP 10.1(c).
9. NPP 10.1(c) provides that an organisation must not collect sensitive personal information unless:
10. The ALRC notes that its proposed exception would only apply where the individual is incapable of giving consent.[187]
11. In the Office's view, a lack of decision-making capacity should not mean that individuals are deprived of receiving necessary health care, support and other services. Yet neither should an individual's privacy rights be undermined unnecessarily by virtue of their inability to give consent. In such situations, where the threat is not imminent, it may be possible to seek the necessary information through other means, such as contacting the person's authorised representative.
12. In addition, even where the individual lacks legal capacity, consideration should be given to how that individual can be involved in decision-making where practicable. Further discussion of privacy issues in this area may be found in the Office's Guidelines on Privacy in the Private Health Sector.[188]
13. As discussed in chapter 22, the requirement that a threat be both serious and imminent plays an important role in preventing individual's privacy protections being reduced unless the circumstances give rise to an immediate and compelling need.
14. However, in the event that the requirement of imminence is removed, the Office submits that organisations and agencies should be required to seek the consent of an authorised representative for the individual wherever reasonably practicable.
15. The Office believes that the sensitive information provisions should not allow for collection in the circumstances envisaged by question 19-1.
16. The ALRC notes concerns from welfare service providers about the difficulties providing services to people who are unable to consent to their personal information being collected. The ALRC notes that homeless people may fall into this category where they are not subject to an immediate threat to their life or health, but require basic assistance.[189]
17. While the Office recognises the difficulty of this situation, it does not see that extending the exception is a viable solution. While the proposal is a response to a specific problem, any amendment would not be limited to such circumstances, but would have general effect. It is difficult to forecast what unintended or undesirable consequences this proposal might have in other circumstances.
Ambiguity of the provision
18. The Office is concerned that the generality of both clause b) and c) of question 19-1 may make it difficult for agencies, organisations and individuals to clearly understand their position under this provision.
19. The term ‘essential service' may prove difficult to define beyond what is already covered by health information provisions. The Macquarie Dictionary defines ‘essential' as ‘absolutely necessary; indispensable.' While some situations affecting an individual's health may fall within this definition, it is not clear that other services, such as financial services or welfare in general are properly described as ‘essential', despite being potentially beneficial to the individual.
20. The Office raised similar concerns in its submission to ALRC IP 31 regarding a proposal to permit collections where necessary for an individuals' ‘welfare.' [190]
21. The question of what is ‘reasonable in all the circumstances' is also unclear in its scope and application. Therefore, it appears that the exception may be too difficult to apply to give substantial assistance to service providers. Given its reliance on relatively vague terms, it may also lead to regulatory complexity and uncertainty as it may be difficult for the Office to apply consistently.
Lack of accountability
22. In addition, the absence of adequate accountability mechanisms in the formulation used in question 19-1 may leave the provision open to abuse. It appears to bypass any existing authorised representative mechanisms in place for the individual. This may permit agencies or organisations to collect information without consulting that individual's representative.
23. Where no such authorised representative arrangement exists, the Office suggests that the need for effective controls on collecting information is especially pronounced. As indicated above, requiring collection to be ‘reasonable in all the circumstances' is unlikely to provide a sufficiently rigorous test against which agencies and organisations' collections may be assessed.
Public Interest Determination: An interim solution?
24. The specific issue raised by submissions and referred to in DP 72 may not be readily resolved in the context of the present inquiry. It would be difficult to anticipate how a provision as general as that proposed by the ALRC would apply in the complex area of homeless persons' services. Nevertheless, the Office recognises that service providers may have a legitimate need to collect sensitive personal information.
25. Rather than introduce a legislative provision at this point, the Office suggests that service providers consider the merits of applying for a Public Interest Determination (PID). Instruments of this nature are, in the Office's view, more able to be tailored to the particularities of the situation. The PID process requires the Privacy Commissioner to conduct consultation, including in the form of conferences (hearings). This process is likely to permit more careful and deliberate consideration of the specific issue than can be undertaken in this more wide ranging inquiry. The consultation process would permit the Commissioner to canvass a wide range of stakeholders' views on the particular question of service delivery to homeless persons, before determining whether the public interest test required for PIDs is met.
26. Unlike an amendment to the principles, a PID, if made, could also be drafted more precisely to ensure that its scope is more certain than a generally applicable exception to a collection principle. Such precision allows for regulation to be created that is narrow and focused on addressing the specific matter at hand.
27. In addition, a determination, if made, could be made to have limited duration. This period may provide an opportunity to ‘test' an approach and assess its effectiveness and privacy impacts. This experience may inform the Australian Government and Parliament regarding whether or not a legislative solution is required.
28. The Office notes that any PID applicant would need to be an agency or organisation for the purposes of the Privacy Act, and seek to carry out the act or practice in question.
1. The Office agrees with proposal 20-1.
2. The proposal is consistent with the Office's response to question 4-1 of the ALRC's Issues Paper 31(IP 31)[191] in which the Office proposed that provisions relating to the collection of personal information and notice to an individual should be addressed in separate principles. The Office understands that the emphasis on the specificity of notification is intended to distinguish this requirement from what may be broader and more general forms of notice provided as part of privacy policies.
3. The Office agrees with proposal 20-2(a) in principle. As discussed in DP 72[192], the Office agrees that with the development of technologies capable of collecting personal information without the knowledge of an individual, there may be the need for a principle to require agencies and organisations to specifically notify an individual that they have collected the individual's personal information along with the circumstances in which that collection has occurred.
4. Similarly, the Office also agrees that there will be many instances in which such notification would be pointless as the fact of collection and surrounding circumstances would be self-evident to the individual. To require mandatory notification in such instances may result in notification serving no useful purpose as well as becoming excessively onerous on the entity. Similarly, it may have the consequence of excessively lengthening privacy notices.
5. The Office believes that the requirement for entities to take ‘reasonable steps' to meet the obligations outlined in Unified Privacy Principle (UPP) 3.1 already permits entities to determine the extent of notification that is required in the circumstances. Further discussion of the meaning and parameters of ‘reasonable steps' is outlined below.
6. The Office agrees with the inclusion of the obligations outlined in (b) and (c) and notes they are consistent with the Office's response to question 4-35 of IP 31.[193]
7. The Office agrees with the inclusion of this obligation and notes this is substantially similar to the Office's response to question 4-35 of IP31.[194] The Office notes that the collector would still need to be able to identify a ‘primary' purpose of collection, though this requirement would also require individuals to be notified of secondary purposes. Such a requirement ensures that individuals have a clear and comprehensive understanding of how their personal information may be handled.
8. The Office agrees with the inclusion of this obligation and notes this is substantially similar to the Office's response to question 4-35 of IP31.[195]
9. However, the Office believes that the current wording of National Privacy Principle (NPP) 1.3(f) which states ‘the main consequences (if any) for the individual if all or part of the information is not provided' (italics added), may be more appropriate.
10. In many instances, not providing any information or only part of the information requested will not result in any material consequences. Agencies and organisations should be aware that they have the obligation to notify individuals that, in some instances, only providing part of the information requested will not result in the consequences outlined and therefore allow individuals to make an informed choice regarding the extent of information they provide.
11. The Office agrees with the inclusion of this obligation and notes this is substantially similar to the Office's response to questions 4-1[196] and 4-35[197] of IP31.
12. Recommendation 74 of the Office's 2005 report Getting in on the Act: Review of the private sector provisions of the Privacy Act (‘Private Sector Review') was that the current NPP 1.3(d) should be amended to make clear that individuals should be notified of likely disclosures generally, including to public sector agencies of the Australian Government, state or local governments, other bodies and private individuals.[198] Proposal 20‑2(f) seems appropriately broad to cover the full spectrum of potential recipients of personal information thereby ensuring that individuals are comprehensively notified regarding the usual recipients of their personal information from a particular collector.
13. Moreover, the Office notes the ALRC's comment that the level of specificity required when supplying this notification should be provided by the Office.[199] The Office is committed to providing practical guidance to support the privacy principles.
14. The Office agrees with the inclusion of this obligation and notes this is substantially similar to the Office's response to question 4-35 of IP31.[200]
15. However, as outlined in the Office's response to IP 31 and the Office's Private Sector Review,[201] the Office believes that it may be beneficial to require entities to notify individuals that, if the complaint is not resolved, the individual can also complain to the Privacy Commissioner or (where relevant) the code adjudicator. This will ensure that individuals are routinely made aware of the role of the Office and the Commissioner should other avenues of complaint be exhausted.
Additional provisions
16. The Office notes that the proposed Specific Notification principle does not contain a requirement for agencies or organisations to notify the individual that the collection of particular personal information is required by a specific law.[202]
17. The Office believes that a provision obliging notification of a law that requires or authorises the collection of specific personal information remains an important matter about which individuals should be informed.
The proposed specific notification principle and ‘reasonable steps'
18. The issue of clarifying the term ‘reasonable steps' within the context of the notification requirements outlined in the current NPP1.3 and 1.5 was initially raised in the Office's Private Sector Review. In that review, the Office recommended legislative amendment to make clear that there are situations in which the reasonable steps an organisation might take to provide notice to an individual may equate to no steps.[203] Further, in response to the ALRC's question regarding whether NPP1 should be amended,[204] the Office reiterated its view that an amendment to NPP 1 should be considered to clarify that there may be circumstances in which it is reasonable for organisations to take no steps regarding notification.[205]
19. Subsequently, DP 72 reported that a large number of stakeholders also indicated their support for the proposal of a legislative amendment to make this point clear.[206]
20. Having identified and supported the need for legislative clarification, the ALRC has proposed the inclusion of the ‘reasonable person test'. While the Office acknowledges that its submission to IP31 recommended that a ‘reasonable person test' be included in the notification principle, the Office wishes to clarify this recommendation. Specifically, this recommendation related to assisting agencies and organisations to determine what reasonable steps should be taken to ensure that an individual was made aware of certain matters rather than whether they needed to notify the individual. The presumption should remain strongly in favour of providing notification.
21. Consequently, the Office believes that legislative clarification may be achieved by a simple amendment. The Office proposes that UPP3.1 (and UPP3.2) could be amended satisfactorily by the addition of the words ‘if any' after the term ‘reasonable steps'. This is similar to the qualification contained in the current IPP 2.
22. That is, UPP 3.1 would read: ‘...it must take reasonable steps, if any, to ensure that the individual is aware of the:...'
23. The Office believes that this qualification would provide the inference that, in some circumstances, ‘reasonable steps' may equate to no steps. In turn, this would be supported by guidance produced by the Office as outlined in Proposal 20-7.
24. Additionally, the Office is of the opinion that the adoption of the ‘if any' qualification would allow the notification principle to remain sufficiently high level and consequently provide appropriate flexibility to address the broad array of situations where notification of collection may or may not be required or necessary.
'Reasonable steps' in other UPPs
25. The Office draws a distinction between ‘reasonable steps' in the context of notification requirements and ‘reasonable steps' where it appears elsewhere in the proposed UPPs. As discussed above, the addition of the qualification ‘if any' to the notification principle will more effectively address the circumstances in which it is reasonable that no steps need to be taken to provide notification to an individual.
26. However, the Office notes that the term ‘reasonable steps' appears in numerous proposed UPPs. Whilst the Office recommends that the ‘if any' qualification may be appropriate in the context of notification, applying this qualification in other contexts may yield anomalous and undesirable results. For example, the addition of an ‘if any' qualification to the proposed Data Security principle under UPP 8 would have the result that in some cases an agency or organisation would not have to take any steps to keep information secure. The Office cannot conceive of circumstances in which it may be appropriate that either an agency or organisation could take no steps to ensure the security of the personal information it holds.
27. As such, the Office wishes to clarify that the proposal of an ‘if any' qualification should only apply within the context of the Specific Notification principle. The inclusion of such a qualification may also assist in distinguishing between:
28. The Office holds the view that, should legislative clarification be provided to the term ‘reasonable steps' by the inclusion of ‘if any' in the proposed UPP 3.1 and 3.2 as outlined above, the need for the above qualifications and exceptions which are reflected in the proposed UPP3.3 would be unnecessary.
(1) in circumstances where a reasonable person would expect to be notified - UPP 3.3(a)
29. The Office notes the introduction of a ‘reasonable person test' and cautions that its application in the format currently drafted may result in the unintended consequence of lessening the privacy protections presently afforded to individuals.
30. As currently drafted, the Office is concerned that the introduction of the proposed ‘reasonable person test' establishes a threshold test for agencies and organisations to determine whether they are under an obligation to provide specific notification. Only once they have determined that the notification requirements are applicable to the circumstances, do they then need to consider what might constitute ‘reasonable steps'. As such, the Office is concerned that UPP3.3(a) effectively establishes a mechanism by which agencies and organisations can exclude themselves from their notification obligations entirely.
31. As discussed above, the Office acknowledges that its submission to IP31 recommended that a ‘reasonable person test' be included in the notification principle. However, the Office wishes to clarify that its recommendation of the inclusion of such a test was aimed at assisting agencies and organisations to determine what ‘reasonable steps' may constitute rather than leaving it completely to the discretion of the entity.[207] The Office had no intention that a ‘reasonable person test' be employed as a threshold test to determine whether or not notification had to be given at all.
(2) except to the extent that making the individual aware of the matters would pose a serious threat to the life or health of any individual - UPP 3.3(b)(i)
32. As stated in the Office's Guidelines to the current National Privacy Principles,[208] the aim of NPP 1.5 is to ‘ensure that an individual knows what happens to information about them regardless of whether the information is collected directly or indirectly.'
33. The Office acknowledges that UPP 3.3(b)(i) is reflective of the exception outlined in the current NPP 1.5 which relates to the collection of personal information about an individual from ‘someone else'. However, UPP3.3(b)(i) is broader in that it will also apply to personal information collected directly from the individual.
34. While the Office acknowledges the policy reasons behind making notification of personal information collected from a third party conditional upon any serious threats to the life or health of any individual, the Office is uncertain whether sufficient policy reasons exist to require this exception to notification in instances where the information is collected directly from the individual themselves.
35. In addition, the Office believes that the exception should relate to threats that are serious and imminent, rather than simply serious. The importance of the dual element of ‘imminence' is discussed further in chapter 22.
36. The Office suggests that, should the ‘if any' qualification be incorporated into the proposed UPP3.1 and 3.2, the exception currently outlined in UPP3.3(b)(i) would not be necessary. The requirement for both agencies and organisations to take reasonable steps, if any, to notify an individual about the collection of their personal information would be sufficiently broad to encompass situations where making the individual aware of collection would pose a serious and imminent threat to the life or health of any individual and therefore, in such circumstances, taking no steps to provide notification would be the most appropriate course of action.
(3) subject to any other relevant exceptions - UPP 3.3(b)(ii)
37. In its response to IP 31, the Office recognised that an exception to notification requirements may be necessary for some law enforcement purposes.[209] However, the Office is concerned that the application of the proposed exception as outlined in UPP3.3(b)(ii) is significantly broader and questions whether such a broad exception to notification obligations for all agencies is necessary and justified.
38. As discussed in its response to IP 31, notification is a fundamental aspect of providing an individual with choice and control over how they manage their personal information and is intrinsic to assisting individuals to make an informed decision regarding whether they provide their personal information.[210] Furthermore, the Office holds the view that the proposed exception to notification could potentially have the effect of significantly decreasing openness and transparency in the collection handling practices of government agencies.
39. The Office recognises that there will be instances in which certain agencies cannot provide an individual with notification of collection as this would run counter to some specific activities. However, the Office does not agree with the notion advanced by the ALRC that it would be:
...disingenuous to say that an agency has fulfilled the ‘reasonable steps' requirement to make an individual aware of certain matters where the agency is avowedly seeking to avoid making the individual aware of those matters.
40. As stated earlier, the Office maintains its position that there are situations in which the ‘reasonable steps' an organisation (or agency in this case) might take to provide notice to an individual may equate to no steps.[211] Further, if the qualification amendment proposed by the Office is accepted by the ALRC, the term ‘reasonable steps, if any' will adequately equip agencies to deal with circumstances where the notification of collection of personal information should be avoided as it would run counter to the agency's functions. Maintaining this approach would permit decisions regarding notification to be based on the circumstances and purposes of collection, rather than providing a blanket exception to avoid notifying the individual.
41. Additionally, the Office believes that other legislative mechanisms such as secrecy provisions already permit agencies to avoid their notification obligations where necessary.
42. As such, the Office does not support the proposed UPP3.3(b)(ii) provision. The Office holds the view that a combination of already existing mechanisms such as agency specific secrecy provisions, along with legislative clarification supported by guidance issued by the Office would adequately address the exception to notification that UPP3.3(b)(ii) attempts to achieve.
43. The Office agrees with proposal 20-3.
44. The proposal links to proposal 20-2(f) and the Office is committed to providing guidance to both agencies and organisations regarding the application of the privacy principles.
45. Additionally, in the Office's submission to IP 31, the Office suggested that the notification principle should also incorporate the notion contained in the current IPP 2(e) - that is, the obligation to advise the individual to whom they and any third-parties usually pass the information onto.[212]
46. The Office does not agree with proposal 20-4 as outlined above in the response to proposal 20-2. Where notification is required or specifically authorised not to be provided, it would be unreasonable to do so.
47. The Office agrees in principle with proposal 20-5(a)(i) which is incorporated in UPP3.2.
48. The proposal substantially reflects the Office's comments and responses to questions 4-1,[213] 4-3,[214] 4-4[215] and 4-5[216] of IP31.
49. As outlined above in proposal 20-2, the Office holds the view that the term ‘reasonable steps' would benefit from clarification by the inclusion of the qualification ‘if any'. As such, the Office proposes that UPP3.2 should read: ‘...it must take reasonable steps, if any, to ensure that the individual is or has been made aware of:...'. Again, this would permit the Specific Notification principle to remain sufficiently high level to be flexible enough to be applied to the various circumstances in which notification of a third party collection may or may not be required and appropriate.
50. The Office agrees in principle with proposal 20-5(a)(ii), however, in its response to IP 31, at question 4-5, the Office stated that a notification obligation regarding the indirect collection of personal information should not adversely affect the privacy of another individual.
51. The Office maintains its opposition to the inclusion of a stand alone ‘reasonable person test' as discussed above under ‘The proposed specific notification principle and ‘reasonable steps''.
52. In its submission to IP 31 at question 4-4, the Office commented that when personal information is collected from a third party, ‘...reasonable steps [should be taken] to notify the individual whenever possible and in circumstances where a reasonable person would expect to be notified.' As discussed above, the Office again clarifies that its reference to what a reasonable person would expect was made within the realms of an agency or organisation attempting to determine what ‘reasonable steps' would entail, rather than a ‘reasonable person test' becoming the threshold for whether notification should be provided or not.
53. As discussed above, the Office believes that this exception is not necessary should the inclusion of the ‘if any' qualification in relation to ‘reasonable steps' be accepted.
54. If, however, the ALRC does not incorporate the proposed qualification, the Office holds the view that this exception would continue to be necessary in relation to information collected from third parties. In that eventuality, the Office suggests that it would sit more appropriately within UPP3.2 itself and apply specifically to third party collections rather than also applying to collections from the individual themselves.
55. As discussed above in response to proposal 20-2, the Office suggests that this exception is unnecessary. In particular, the importance of notifying an individual of the collection of information from a third party to permit that individual to determine accuracy is fundamentally important. This is especially relevant in instances where individuals could be denied access to essential services supplied by agencies based on inaccurate information.[217]
56. The Office agrees with Proposal 20-6.
57. The proposal is linked to the proposed UPP 3.2 and the Office is committed to providing guidance to both agencies and organisations regarding the application of the privacy principles.
58. The Office agrees with proposal 20-7 particularly as it has consistently recommended that clarification surrounding what may constitute ‘reasonable steps' in the context of notification is required.
59. Similar to the ALRC's view taken in DP 72,[218] the Office agrees that providing clarification may best be achieved by engaging a two pronged approach, that is, through guidance issued by the Office as well as legislative clarification.
Guidance
60. The Office supports the proposal to provide guidance on the meaning of the term ‘reasonable steps' in the context of notification obligations and remains committed to assisting both agencies and organisations in interpreting the privacy principles.
Legislative Clarification
61. As stated above in proposal 20-2, the Office believes that legislative clarification may be achieved satisfactorily by the addition of the words ‘if any' after the term ‘reasonable steps' in both the proposed UPP 3.1 and 3.2. This is similar to the qualification contained in the current IPP2.
1. The Office agrees with proposal 21-1.
2. While the Office would prefer a common principle dealing with ‘notice' and ‘openness', the proposal is in accordance with the Office's position concerning the necessity of an openness principle in its submission to the ALRC's Issues Paper 31 (IP 31).[219]
3. The Office agrees in principle with proposal 21-2.
4. The proposal is generally in accordance with the Office's response to question 4-35 in the IP 31.
5. However, the Office notes that the proposed openness principle may be somewhat more prescriptive than required and hence may be contrary to the intention of having high level principles in the Privacy Act 1988 (Cth). The Office suggests that the ALRC review whether each of the proposed matters need be prescribed in law, or whether the value of some might be better expressed in guidance material. In addition, this approach would seem to pose the risk that the prescribed matters might be taken as an exhaustive list of contents for an openness policy. Other matters, such as the types of disclosures that may occur, might also be of value in a privacy policy.
6. As discussed in the Office's submission to IP 31, if it is deemed necessary, further guidance on the content of an agency's or organisation's policies on the management of personal information could be provided in the form of guidelines rather than as specific requirements in the openness principle. This will make the openness principle simpler and easier to apply.
7. The Office agrees with proposal 21-3.
8. The Office agrees with proposal 21-4.
9. The Office does not offer comment on the particular format in which an agency or organisation must make its privacy policy available provided that the policy is made available free of charge in a form that is easily accessible and useful to the individual.
10. The Office also notes that attention should be paid to the whether privacy policies are provided in a form that is accessible to individuals from non-English speaking backgrounds, and individuals with other special needs, such as the visually impaired. Agencies and organisations should consider such matters in light of their customer or constituent base.
11. The Office agrees with proposal 21-5.
1. The Office agrees with proposal 22-1.
2. The proposal is consistent with the position set out by the Office in its submission to IP 31, question 4-35.[220] In the Office's view, a single principle applying to how both agencies and organisation use and disclose personal information would significantly reduce complexity in privacy regulation.
3. The Office agrees with proposal 22-2.
4. While proposal 22-2 represents minimal change for the private sector, it would significantly change the provisions for use and disclosure by agencies. In comparing proposed UPP 5.1(a) with the present arrangements under the IPPs, the Office's general view is that the ALRC's proposed provision maintains the necessary level of privacy protections.
Regulation of agency uses under proposed UPP 5
5. For uses of personal information, the proposed UPP places different requirements on the connection between the secondary purpose and the primary purpose of collection than the IPPs. IPP 10.1(e) requires that the secondary purpose be directly related to the purpose of collection. UPP 5.1(a) only requires that the two be related - uses of sensitive information being the exception, where a ‘directly related' connection is still required.
6. However, this lessening of protections is balanced to some degree in UPP 5.1(a) introducing a ‘reasonable expectations' requirement. Currently, IPP 10 does not contain any reference to the individual's expectations in regulating agencies' use of personal information and imposes a simple ‘directly related purpose' test (regardless of whether the personal information in question is sensitive or not).
7. The Office also notes that a test of relevance would be imposed by proposed UPP 7 (Data Quality), which requires that agencies and organisations take reasonable steps to ensure that uses of personal information are relevant to the purpose of collection. This would appear to capture the existing test of relevance prescribed in IPP 9. Accordingly, this would appear to reinforce the policy objective that secondary uses or disclosures by agencies be relatively narrow.
Regulation of agency disclosures under proposed UPP 5
8. There are a number of differences between the proposed UPP 5.1(a) and IPP 11 (which regulates disclosure of personal information by agencies).
9. Firstly, the former creates a ‘reasonable expectations' test, whereas the latter imports a test of the individual being ‘reasonably likely to have been aware, or made aware' of the disclosure. In the Office's view, each expression has a common policy intent, and it is unlikely that this change would have significant implications. If adopted, this approach would seem to require that agencies (and organisations) consider both the information available to the individual and how a reasonable person would regard that disclosure.
10. Secondly, and perhaps more significantly, UPP 5.1(a) requires that, for personal information in general, the two purposes be related, and for sensitive information, that the two be directly related. There is no ‘related purpose' requirement in IPP 11.
11. The Office welcomes this measure as providing an additional protection to when personal information may be disclosed. Currently, under IPP 11, it is possible for agencies to disclose for any unrelated purpose, essentially provided that the individual is told. There are a number of occasions when individuals may have no real choice about providing personal information to agencies. In such instances, an individual may be ‘reasonably likely to be aware' of a potential disclosure, though still be uncomfortable about it. This may particularly be the case where the purpose of disclosure may seem to have little to do with why the information was initially provided. The introduction of a ‘related purpose' test offers some assurance that there are additional limits around possible secondary disclosures.
12. In the Office's view, UPP 5.1(a) appears to be an appropriate principle for regulating disclosures by both agencies and organisations. The co-tests of ‘related purpose' and ‘reasonable expectations' have generally proven effective in balancing privacy and operational requirements in how organisations handle personal information under NPP 2. The Office is not aware of any reason why such a mechanism would not be equally effective for agencies.
Reasonableness in notice and use and disclosure provisions
13. While including a test of ‘reasonable expectations' seem appropriate in the context of regulating use and disclosure, the Office notes in chapter 20 that it does not support this condition being included in the specific notification provisions of UPP 3.3(a). The Office draws this distinction because of the different roles the test would play in these two principles.
14. The Office does not support the proposal to remove the requirement of ‘imminence' from the proposed UPP 5. The Office expressed this position in its submission to ALRC IP 31, question 4-7.[221]
15. In the Office's view, the ALRC's Discussion Paper 72 (DP 72) does not establish a clear case for this lowering of privacy protection. As discussed in greater detail below, the Office submits that:
Enabling necessary information-flows within the existing principles
16. The Office notes that DP 72 proffers a number of justifications for the removal of the element of ‘imminence'. However, the Office submits that close examination indicates that the matters raised could be more appropriately addressed in ways that do not lower protections generally in all circumstances, including those not envisaged.
17. DP 72 notes the concerns of some stakeholders that the ‘serious and imminent' test precludes agencies or organisations from preventing or responding to potentially unlawful conduct.[222] The Office is not convinced of the merits of this argument, as ‘potentially unlawful conduct' is already adequately addressed by the ‘unlawful activity' or law enforcement provisions of the proposed UPP 5.1(d) and (f) respectively. In this context, if the existing law enforcement exceptions (upon which UPP 5 is based) are inadequate, they should be addressed specifically rather than through an amendment that will not be limited in effect to law enforcement contexts.
18. Alternatively, if DP 72 is proposing exceptions that would permit use and disclosure, without consent, in contexts that do not meet the threshold tests of the law enforcement exceptions, then the Office submits that this requires further consideration of the relative public interests involved. Personal information should only be used or disclosed without consent where there is a clear public interest. If proposal 22-3 envisages such handling in regard to lesser matters, such as where there may be a weak or unfounded suspicion of unlawful conduct, then this would appear to significantly change the existing balance of public interests in a way that requires further justification.
19. DP 72 also makes reference to use and disclosure in the context of emergency situations where the specific degree of threat to an individual cannot be determined to be imminent. Where a large-scale emergency (such as an offshore natural disaster) has occurred, the recently introduced Part VIA of the Privacy Act would seem to be the most appropriate mechanism for ensuring that the necessary information-flows take place.
20. These provisions have not yet been tested through the issuing of a declaration under Division 2 of Part VIA. The Office suggests that some stakeholders' concerns about uses and disclosures in large-scale emergencies may arise from situations that occurred prior to this enactment. Agencies have not yet had the necessity to rely on these provisions. The Office suggests that further amendments should not be pursued to address this issue until agencies and organisations have, through experience, found any deficiencies in the existing mechanism.
21. The Office also notes that, under the current NPP 2.1(e)(ii), a threat to public health or public safety is only required to be serious, as opposed to the serious and imminent test of NPP 2.1(e)(i) for threats to individuals. The Office notes the intention, expressed in the Explanatory Memorandum to the Privacy Amendment (Private Sector) Bill 2000, that these provisions would address possible outbreaks of infectious diseases where the threat:
...may be serious enough to warrant disclosures of personal information but may not be imminent in terms of time. [223]
22. However, the Office suggests that public health risks of this kind may be more appropriately addressed through mechanisms such as the National Notifiable Diseases Surveillance System, which operates under the National Health Security Act 2007 (Cth). Further, most state and territories have provisions in various public health statutes requiring the disclosure of information regarding notifiable diseases. This system creates a statutory and administrative framework for managing this information. Uses and disclosures occurring within the parameters of this Act would be more relevantly addressed under the legislative authorisation or requirement provisions of UPP 5.1(e), and would not appear to require a separate provision under UPP 5.1(c).
23. Accordingly, the Office does not believe that DP 72 has articulated a clear policy justification for removing the test of imminence. It is the Office's view that changes to existing protections should be clearly justified, particularly where they lower protections.
Clarifying the application of the imminence test
24. The Office recognises that further guidance could be useful in how the ‘imminence' test should be applied. To use the scenario provided in DP 72, the risk of a branch falling on a person may be described as imminent if the branch had nearly broken off the tree.[224] This latter interpretation informs the following discussion.
25. The ALRC reports the concerns of some stakeholders that the ‘serious and imminent' threat encourages overly conservative approaches to information-handling.[225] In the Office's view, legislative amendments may not be sufficient to change such approaches to interpreting the Privacy Act. These instances are better addressed through the provision of guidance material.
26. The ALRC also reports concerns that the ‘serious and imminent' test creates a ‘catch-22' situation in which an assessment of the threat cannot be made without the relevant person being made aware of the information in question.
27. The Office notes that the current NPP 2.1(e) provision is prefaced with ‘the organisation reasonably believes.' Consequently, imminence and seriousness are not purely objective tests. The information available to the disclosing entity at the time of making the assessment, in addition to the time pressures existing at that point, would all be relevant in considering whether the belief formed was reasonable.
The fragmented nature of a ‘serious threat'
28. In the Office's view, framing the test simply in terms of a ‘serious threat' poses a number of difficulties.
29. The Office is concerned that the term, used by itself, is too ambiguous to adequately contain the scope of uses and disclosures. While DP 72 asserts that ‘serious' also requires an assessment of the relative likelihood,[226] the Office suggests that the popular understanding of the term is too fragmented for those seeking to apply the test to necessarily interpret ‘serious' in this way.
30. The Macquarie dictionary has a number of related, though conceptually distinct definitions of serious:
1. Of grave or solemn disposition or character; thoughtful. 2. of grave aspect. 3. being in earnest, not trifling. 4. demanding earnest thought or application. 5. weighty or important. 6. giving cause for apprehension; critical.
31. It is not apparent that agencies or organisations would necessarily interpret the term ‘serious' in the manner envisaged in DP 72. Record-keepers seeking to apply this provision may, for instance, interpret ‘serious' as meaning ‘weighty or important', thus focusing on the severity of the consequences, without considering their likelihood. In the Office's view, therefore, the term, used by itself, is too wide in its scope to meaningfully regulate disclosures and uses of personal information.
The imminence test as an important source of privacy protection
32. In the Office's view, the principal benefit of imminence is that it requires organisations and agencies to consider the timeframe in which the threat may occur. Where a threat is not imminent, the agency or organisation has the opportunity to seek an alternate authority for the use or disclosure, such as to seek consent. As Parliament noted in the Explanatory Memorandum to the Private Sector Provisions:
...the use or disclosure of personal information in response to non-imminent threats to individuals may be dealt with by consent, or in reliance on other relevant sub-principles in NPP 2.[227]
33. The Office expressed a similar view in its submission to IP 31 submitting that:
Should the gravity of the threat not involve a measure of imminence, then the individual should retain the usual level of privacy protection as other mechanisms may be available to provide for the disclosure of the information. For example, an agency or organisation could seek the individual's consent before disclosure of personal information occurs (should none of the other exceptions apply).[228]
34. In addition, the removal of the imminence test ignores that risks may be mitigated in ways other than through the use or disclosure, without consent, of an individual's personal information.
35. The ‘imminence' test's role in guiding appropriate disclosures may be seen in the following example. Person A suffers a serious, but manageable health condition. While the onset of symptoms may have serious consequences, A's condition may be managed through medical treatment. Here, ‘seriousness' in itself - in the absence of any aspect of immediacy or urgency - is not a sufficiently clear test for authorising disclosures.
36. Framing the test solely in terms of a ‘serious threat' risks denying individuals such as A the opportunity to exercise an appropriate degree of control over the disclosure of their personal information. Given that many individuals in the Australian community live with chronic conditions, including potentially stigmatising sexual and mental health conditions, the Office would be concerned at the potential effects of removing imminence from the test.
‘Imminence' and missing persons
37. The ALRC asserts that relaxing the ‘serious and imminent' test is also necessary to enable information-flows where missing persons are involved.[229]
38. However, the Office is concerned that removing the ‘imminence' test may adversely affect the privacy of these individuals. In some cases, such as where a missing person is known to suffer a life-threatening condition, or to lack capacity, an agency or organisation could form a reasonable belief that there is both a serious and imminent threat to their life or health. Here, necessary uses or disclosures are likely to be authorised under the current provisions.
39. In other cases, however, there will not be any clear evidence for assuming that a missing person is at risk. The Office recognises that this creates a dilemma for those working in this area whereby there may be a concern with making decisions about how to handle personal information, yet lacking access to reliable data about the individual concerned.
40. However, the Office supports the views expressed in DP 72 that people may have legitimate reasons for choosing to dissociate themselves from family or friends.[230] For example, a person may leave home because they fear domestic violence. In this situation, allowing the use and disclosure of their personal information may compromise decisions which the individual has made for their own safety. Other individuals may simply, for their own reasons, choose to disassociate themselves from their families or friends due to breakdowns in relationships. This does not seem an appropriate matter for government regulation.
41. The role of law enforcement provisions in relation to missing persons is discussed further below under ‘Chapter 22 - Missing persons'.
Genetic Information
42. While the Office supports the retention of imminence as a core element of UPP 5.1(c), the Office acknowledges that alternative provisions are required for genetic information. Here, the Office recognises that a threat resulting from a latent condition may not manifest itself for many years after the information is initially collected, and hence, will not be ‘imminent'. In this instance, the Office regards the current NPP 2.1(ea) as an appropriate model. This exception addresses serious threats whether or not they are imminent, but includes two significant privacy protections:
43. In the Office's view, this latter requirement indicates two defining features of genetic information. Firstly, that it can relate to a group of relatives, and secondly, the potential interests of these relatives in having access to information which concerns them.
44. As indicated below, the Office suggests that the reference to ‘safety' be removed from this provision.
45. Accordingly, the Office does not regard the policy arguments advanced in favour of removing ‘imminence' as sufficiently convincing to warrant lessening privacy protections in this way. A test based solely on a ‘serious threat' is arguably too ambiguous to assist agencies and organisations. Furthermore, retaining ‘imminence' would help ensure that agencies and organisations consider the feasibility of obtaining consent from the individual concerned in the time available.
Secondary option - seek consent before relying on a ‘serious threat' exception
46. While the Office supports the retention of ‘imminence', it recognises that a number of stakeholders have voiced concerns surrounding this test. If the Australian Government determines that ‘imminence' should be removed, and the Australian Parliament proceeds to legislate to that effect, the Office regards it as important that a degree of privacy protection be maintained to contain the scope of uses and disclosures under this exception.
47. Accordingly, the Office suggests that an additional test be introduced requiring that, where a serious threat emerges, the organisation or agency seek the consent of the individual where reasonably practicable.
48. The Office makes the following comments on this proposed additional test:
49. The Office also notes the assertion in DP 72 that an assessment of ‘seriousness' should include an assessment of relative likelihood. The Office suggests that it would be valuable to include this assertion in an explanation of the meaning of ‘serious' in the definitions of the Privacy Act (currently in section 6).
Chapter 22 - Threats to ‘safety'
50. Proposal 22-3 refers to threats to individual and public safety. As the Office noted in its submission to ALRC IP 31, question 4-7, ‘safety' may be too broad to offer useful guidance.[231] The Office notes the generality of Macquarie dictionary's definition: ‘the state of being safe; freedom from injury or danger.' The Office is concerned that retaining ‘safety' in addition to ‘life or health' may create scope for uses and disclosures in wider circumstances than originally intended. It may, for instance, be used to justify uses and disclosures for unspecified, or poorly-defined threats. Accordingly, the Office submits that the reference to ‘safety' should be removed from UPP 5.1(c).
51. In the Office's view, the proposed use and disclosure principle should contain an exception for uses and disclosures which are ‘required or specifically authorised by or under law.'
52. As discussed in chapter 13 of this submission, this approach would add clarity to the relevant exception.
Chapter 22 - Missing Persons
53. A number of submissions to IP 31 advocated that the Privacy Act be amended to better provide for the role of law enforcement agencies in locating missing persons.[232] DP 72 has formed the view that special amendments are unnecessary because the situation would be addressed by the following proposals:
54. As indicated above, the Office does not support proposal 22-3.
55. While the Office supports the second proposal, it does not believe that this provision necessarily authorises the full range of potential uses and disclosures connected with missing persons. UPP 5.1(f)(i) refers, in part to:
the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
56. UPP 5.1(f)(iv) refers, in part to:
the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
57. While some scenarios would fit the terms of these provisions, this may not hold for all missing persons scenarios. For example, a 17 year-old may have a serious argument with his parents and leave unannounced to stay with a friend in another city for some weeks. This decision, assuming it is made with full capacity, is neither unlawful, nor does it necessarily fit the description of ‘seriously improper conduct.' It is not an area in which there appears to be a strong case for intervention by privacy regulation.
58. The Office recognises the complexities in this area, as well as the concerns of those involved in seeking to locate missing persons. However, this area may not be one which can be completely resolved through amendments within the parameters of the Privacy Act itself.
59. Consequently, the Office reiterates the position expressed in its submission to ALRC IP 31, at question 4-7, that the current exceptions in NPP 2 and IPPs 10 and 11 of the Privacy Act are adequate, achieve the right balance and are appropriate in these circumstances. In this context, the Office also noted that the Commissioner's power to make Public Interest Determinations (PIDs) provide a mechanism to deal with possible circumstances in which the provisions are not adequate.[234]
60. The Office notes the ALRC's discussion concerning the disclosure of ‘incidents' by insured professionals to insurers.
61. The Office agrees with the ALRC's view that this situation is adequately dealt with by the proposed UPPs.[235]