Submission Home | Executive Summary | Submission Summary | Summary of Positions | Part A | Part B | Part C | Part D | Part E | Part F | Part G | Part H | Part I | Part J | Bibliography

PART J

TELECOMMUNICATIONS

CHAPTER 63

TELECOMMUNICATIONS ACT

Proposal 63-1 The Australian Government should initiate a review to consider the extent to which the Telecommunications Act 1997 (Cth) and the Telecommunications (Interception and Access) Act 1979 (Cth) continue to be effective in light of technological developments (including technological convergence), changes in the structure of communication industries and changing community perceptions and expectations about communication technologies. In particular, the review should consider:

(a) whether the Acts continue to regulate effectively communication technologies and the individuals and organisations that supply communication technologies and communication services;

(b) how the Acts interact with each other and with other legislation;

(c) the extent to which the activities regulated under the Acts should be regulated under general communications legislation or other legislation; and

(d) the roles and functions of the various bodies currently involved in the regulation of the telecommunications industry, including the Australian Communications and Media Authority, the Australian Government Attorney-General's Department, the Office of the Privacy Commissioner, the Telecommunications Industry Ombudsman and Communications Alliance.

1. The Office agrees with proposal 63-1.

2. The Office agrees with the ALRC's view that there is a need for telecommunications regulation to respond to a convergent communications environment and notes that the issues related to convergence extend beyond the terms of reference of the Inquiry. Accordingly, the Office supports the proposal for a wider review of the two Acts including the roles and functions of the various regulatory bodies involved in the telecommunications industry.

Question 63-1 Sections 279 and 296 of the Telecommunications Act 1997 (Cth) permit the use or disclosure by a person of information or a document if the use or disclosure is made ‘in the performance of the person's duties' as an employee or contractor. Is the exception too broadly drafted? Is it resulting in the inappropriate use or disclosure of personal information? If so, how should the exception be confined?

3. The Office submits that the exception in sections 279 and 296 of the Telecommunications Act 1997 (Telecommunications Act) is too broadly drafted and the scope of the exception should be confined.

4. In the Office's submission to the ALRC's Issues Paper 31 (IP 31), question 10-1 (paragraph 8) and question 10-2 (paragraph 58), it was noted that a number of exceptions in Part 13 of the Telecommunications Act, including sections 279 and 296, permit uses and discloses of personal information for a broader range of purposes than the National Privacy Principles (NPPs). The submission observed that this can result in diminished protections for privacy in the telecommunications sector. The Office suggested at question 10-2 (paragraph 62), that if the exceptions in Part 13 of the Telecommunications Act were retained, the ALRC may wish to consider whether the exceptions should be amended to ensure that, at a minimum, they would align with the protections against improper use and disclosure in NPP 2.

5. The Office submits that the exception should be aligned with the proposed ‘Use and Disclosure' Principle (currently NPP 2) so that the use or disclosure of personal information for a purpose (the secondary purpose) other than the primary purpose of collection would be permitted if both of the following apply:

• (i) the secondary purpose is related to the primary purpose of collection and, if the personal information is sensitive information, directly related to the primary purpose of collection; and
• (ii) the individual would reasonably expect the agency or organisation to use or disclose the information for that secondary purpose.

6. This approach would ensure that a nexus remains between theprimary purpose for which personal information is collected, and how it is used or disclosed, rather than being linked to how the employee or contractor's duties are defined (including matters that may not be related to the purpose of collection).

Proposal 63-2 Sections 280(1)(b) and 297 of the Telecommunications Act 1997 (Cth) should be amended to clarify that the exception does not authorise a use or disclosure that would be permitted by the proposed ‘Use and Disclosure' principle under the Privacy Act if that use or disclosure would not be otherwise permitted under Part 13 of the Telecommunications Act.

7. The Office agrees with proposal 63-2.

8. The proposal accords with the Office's position in its submission to IP 31, question 10-2 (paragraphs 67-68). The Office submits that these provisions should afford protections that are, in some places in Part 13, higher than those in the NPPs. Accordingly, it is appropriate that exceptions to the prohibitions on use or disclosure may be narrower than those available under the NPPs.

Question 63-2 Does the Telecommunications (Interception and Access) Amendment Bill 2007 provide adequate protection of personal information that is used or disclosed for law enforcement purposes?  For example, should the Bill be amended to:

(a) define ‘telecommunications data':

(b) provide greater guidance on how the privacy implications of an authorisation should be considered and documented under proposed s 180(5);

(c) include positive obligations on law enforcement agencies to destroy in a timely manner irrelevant material containing personal information and information which is no longer needed; and

(d) provide that the Inspector-General of Intelligence and Security monitor the use of powers by the Australian Security Intelligence  Organisation to obtain prospective telecommunications data?

9. Define telecommunications data: The Office observes that the Telecommunications (Interception and Access) Amendment Act 2007 (‘TIAA Act') could be improved to better ensure adequate privacy protection. In the Office's submission to the Australian Government Attorney-General's Department (AGD) on the Exposure Draft of the Telecommunications (Interception and Access) Amendment Bill (the submission),[609] the Office stated it was mindful that the distinctions between information or a document and contents or substance may be difficult to discern in some cases. The submission noted the serious penalties for unauthorised disclosure under those provisions, and suggested that there is merit in providing further clarity on the meaning of those terms. This could be done in the legislation or explanatory memorandum. The Office reiterates those views.

10. Greater privacy guidance to authorisation officers: The Office submits that the TIAA Act could provide greater guidance on how the privacy implications of an authorisation should be considered and documented. In its submission to the Senate Committee considering the TIAA Bill[610], the Office noted that there is merit in providing practical guidance to certifying officers to enable them to discharge the obligation stated in clause 180(5). The guidance could take the form of a note to the Bill or detail in the explanatory memorandum. For example, certifying officers could consider the proportion of non-targeted third parties whose personal information could be collected incidentally when only information of a much smaller number of persons is being sought. Additionally, a check list could be prepared which requires the certifying officer to be satisfied that the enforcement agency or body has appropriate procedures or protocols in place to deal with issues such as:

• the handling of irrelevant information;
• preventing secondary uses and disclosures;
• data security; and
• the timely destruction of records.

11. The Office reiterates those views.

Positive obligations to destroy irrelevant material:

12. The Office submits that the TIAA Act could be strengthened in this area. In its submission to the Senate Committee considering the TIAA Bill, the Office suggested that the Bill include positive obligations to destroy irrelevant material containing personal information collected, together with information which is no longer needed by such law enforcement agencies and to do so in a timely manner. The Office reiterates this view.

Monitoring the use of powers by ASIO:

13. The Office sees merit in the submission by the Inspector General of Intelligence and Security for that office to have the authority to monitor the use of powers by ASIO to obtain prospective telecommunications data.

Proposal 63-3 Sections 287 and 300 of the Telecommunications Act 1997 (Cth) should be amended to provide that a use or disclosure by a person of information or a document is permitted if:

a) the information or a document relates to the affairs or personal particulars (including any unlisted telephone number or any address) of another person; and

(b) the person reasonably believes that the use or disclosure is necessary to lessen or prevent a serious threat to:

(i) a person's life, health or safety; or

(ii) public health or public safety

14. The Office does not support proposal 63-3 as it diminishes privacy protection. In this regard, the Office notes that a threat might be serious but may not present itself for many years or may not occur at all. Over an extended period of time, other factors may intervene to mitigate the risk. This position is consistent with the Office's response to proposal 22-3.

15. The Office is not aware of any concern with the way the exceptions in sections 287 and 300 of the Telecommunications Acthave operated. It notes the ALRC's proposal to amend these sections appears to be based on harmonising them with its proposal to remove the requirement of ‘imminent' from the NPPs. In the Office's opinion, there are a number of exceptions in Part 13 which facilitate the use and disclosure of personal information in an emergency where the threat may be serious but not imminent (see in particular ss.282 and 289).

16. The Office observes that there are similar exceptions to sections 287 and 300 in the NPPs, particularly NPP 2.1(e). The Office has noted in relation to proposal 22-3, that the Privacy Act adequately addresses the use and disclosure of personal information in emergencies and disasters mainly through the enactment of Part VIA in the Privacy Act, which came into effect during December 2006 but also through the NPPs as follows.

17. Moreover, NPP 2.1 (a) would in many cases facilitate the use and disclosure of personal information in emergencies as a secondary purpose. There are also a number of broad exceptions in NPP 2 which allow for a use and disclosure for a secondary purpose in the context of unlawful or possible criminal activity, in the Office's view, which should adequately address the concerns raised in DP 72. These include NPPs 2.1(f) (g) and (h). For these reasons, the Office does not support the proposal.

Proposal 63-4 Section 289 of the Telecommunications Act 1997 (Cth) should be amended to provide that a use or disclosure by a person of information or a document is permitted if the information or document relates to the affairs or personal particulars (including any unlisted telephone number or any address) of another person: and   

(a) the other person has consented to the use or disclosure; or

(b) if the use or disclosure is for a purpose other than the primary purpose for which the information was collected (the secondary purpose);

(i) the secondary purpose is related to the primary purpose and, if the information or document is sensitive information (within the meaning of the Privacy Act 1988 (Cth)), the secondary purpose is directly related to the primary purpose of collection; and

(ii) the other person would reasonably expect the person to use or disclose the information.

18. The Office agrees with proposal 63-4.

19. The proposal accords with the Office's position in its submission to IP 31 question 10-2 (paragraph 62). The Office suggested that if the exceptions in Part 13 of the Telecommunications Act 1997 were retained, that the ALRC may wish to consider whether they should be amended to ensure that, at a minimum, they align with the protections against improper use and disclosure in NPP 2.

Proposal 63-5 part 13 of the Telecommunications Act 1997 (Cth) should be amended to provide that ‘consent' means ‘express or implied consent.'

20. The Office agrees with proposal 63-5.

21. The proposal reflects the meaning of consent in section 6(1) Privacy Act and it will align the meaning of that term in the Privacy Act with the Telecommunications Act.

22. The Office accepts the ALRC's suggestion in chapter 63 (paragraph 63.77) that the Office should provide further guidance on the meaning of consent in consultation with other stakeholders in the telecommunications industry including Australian Communications and Media Authority, Communications Alliance and the Telecommunications Industry Ombudsman (see Proposal 64-7).

Question 63-3 How does s 290 of the Telecommunications Act 1997 (Cth) operate in practice? Is the exception resulting in the inappropriate use or disclosure of personal information? If so, how should the exception be confined?

23. The Office supports confining the exception in section 290 of the Telecommunications Act 1997. This is consistent with the Office's position in its submission to IP 31, questions 10-1 and 10-2[611] where it noted that a number of exceptions in Part 13 of the Telecommunications Act permit uses and discloses of personal information for a broader range of circumstances than the NPPs. The submission observed that this can result in diminished protections for privacy in the telecommunications sector.

24. The Office agrees with the suggestion in paragraphs 63.79 and 63.80.[612]

Question 63-4 Is the exception that permits the use or disclosure of information or a document for certain business needs of other carriers or service providers (s 291 and s 302 of the Telecommunications Act 1997 (Cth)) resulting in the inappropriate use or disclosure of personal information? If so, how should the exception be confined? Should the exception be amended to provide that silent and other blocked calling numbers can only be used or disclosed with a person's consent?

25. The Office supports confining the exception in sections 291 and 302 of the Telecommunications Act 1997. This is consistent with the Office's position in its submission to IP 31, question 10-1 (paragraph 8) and question 10-2 (paragraph 58) where it was noted that a number of exceptions in Part 13 of the Telecommunications Act permit uses and disclosures of personal information for a broader range of purposes than the NPPs. The submission observed that this can result in diminished protections for privacy in the telecommunications sector.

26. Confining the exceptions in section 291 and section 302 would be desirable.

Proposal 63-6 Part 13 of the Telecommunications Act 1997 (Cth) should be amended to provide that use or disclosure by a person [undertaking] credit reporting information is to be handled in accordance with the Privacy Act.

27. The Office agrees with proposal 63-6.

28. The proposal accords with the Office's position in its submission to IP 31, question 10 (paragraphs 7-14). In that submission the Office observed that the Australian Communication and Media Authority's (ACMA) interpretation of sections 289 and 290 of the Telecommunications Actpublished on its website appear to permit credit providers in the telecommunications sector to use and disclose personal information of debtors in ways that Part IIIA of the Privacy Act does not permit. The Office also noted that ACMA's view of these provisions creates more permissive conditions for the use and disclosure of personal information by credit providers in the telecommunications sector than by those credit providers that operate in other industries.

Proposal 63-7 The Australian Government should amend the Telecommunications (Integrated Public Number Database-Permitted Research Purposes) Instrument 2007 (No. 1) to provide that the test of research in the public interest is met when the public interest in the relevant research outweighs the public interest in maintaining the level of protection provided by the Telecommunications Act to the information in the Integrated Public Number Database.

29. The Office suggests consideration being given to amending the public interest test as one that substantially outweighs the public interest in maintaining the level of protection in the Telecommunications Actto information in the Integrated Public Number Database rather than simply ‘outweighs the public interest'. Given that individuals have no choice as to whether their personal information is included in the IPND, the Office submits it is important that any research proposal that seeks to lessen privacy should be able to demonstrate that the public interest in the research proposal substantially outweighs the public interest in maintaining the level of protection afforded in the IPND.

30. Subject to these concerns, the proposal largely meets the Office's concerns expressed in the submission to IP 31, question 10-1 (paragraphs 39-42) that the exception allowing access to the IPND for research purposes is too broad.

Proposal 63-8 The Telecommunications (Integrated Public Number Database Scheme-Conditions for Authorisations) Determination 2007 (No 1) should be amended to provide that an authorisation under the integrated public number database scheme is subject to a condition requiring the holder of the authorisation to notify the Office of the Privacy Commissioner, as soon as practicable after becoming aware:

(a) of a substantive or systemic breach of security that could reasonably be regarded as having an adverse impact on the integrity and confidentiality of the protected information; and

(b) that a person to whom the holder has disclosed protected information has contravened any legal restrictions governing the person's ability to use or disclose protected information.

31. The Office agrees with proposal 63-8.

32. The proposal is generally consistent with the Office's position in its submissions to IP 31, question 11-3, and IP 32, question 5-6. In those submissions, the Office suggested that the Privacy Act be amended to add provisions requiring agencies, organisations, credit reporting agencies and credit providers to advise affected individuals of a breach to their personal information in certain circumstances.

33. The issue of data breach notification is discussed in greater detail in responding to question 47-1.

Question 63-5 Should directory products that are produced from data sources other than the Integrated Public Number Database be subject to the same rules under Part 13 of the Telecommunications Act 1997 (Cth) as directory products which are produced from data sourced from the Integrated Public Number Database?

34. The Office supports directory products, produced from data sources other than the Integrated Public Number Database, being subject to the same rules under Part 13 of the Telecommunications Actas directory products which are produced from data sourced from the Integrated Public Number Database.

35. The proposal is generally consistent with the Office's position in responding to question 10-1 of IP 31.

Proposal 63-9 The Telecommunications Act 1997 (Cth) should be amended to prohibit the charging of a fee for an unlisted (silent) number on a public number directory.

36. The Office agrees with proposal 63-9.

37. The proposal is generally consistent with the Office's position in its submission to the Australian Communications and Media Authority in 2005 when it commented on the draft Telecommunications (Use of Integrated Public Number Database) Industry Standard 2005.[613]

38. The Office receives a number of enquiries and some complaints from members of the public who object to the payment of a fee to exercise their choice of being unlisted in the public telephone directory. The Office takes the view that charging a fee for a silent number may affect individuals' ability to make such choices freely, and thereby hamper their ability to control their own personal information. This may be particularly the case in regard to individuals on low or fixed incomes.

Proposal 63-10 Before the proposed removal of the small business exemption from the Privacy Act comes into effect (Proposal 35-1), the Australian Government should make regulations under s 6E of the Privacy Act to ensure that the Act applies to all small businesses in the telecommunications industry, including internet service providers and public number directory producers.

39. The Office agrees with proposal 63-10.

40. The proposal is consistent with the Office's position in its submission to IP 31, question 10. In that submission the Office observed that there may be inadequate protection of personal information that is handled by small business operators in the telecommunications sector. The small business exemption is further discussed in the answer to proposal 35-1.

Question 63-6 Should a breach of Divisions 2, 4 and 5 of Part 13 of the Telecommunications Act 1997 (Cth) attract a civil penalty rather than a criminal penalty?

41. The Office submits that a breach of Divisions 2, 4 and 5 of Part 13 of the Telecommunications Actshould attract a civil penalty.

42. This is consistent with the Office's position in response to IP 31 which suggested that the prohibitions against improper use or disclosure of personal information in Part 13 of the Telecommunications Act should continue to be underpinned by offences and penalties.

43. DP 72 noted at paragraph 63.152 that the existing criminal penalties in Part 13 in relation to the protection of information or documents have not been enforced since that Act was enacted. A civil penalty system appears likely to be more effective for the reasons canvassed in the discussion paper as compared with the existing criminal provisions which are difficult to prosecute because of the higher standard of proof required and, to that extent, could be said to be less effective as a deterrent. Moreover, law enforcement agencies such as the AFP prioritise its activities in line with its resources which may impact on whether or not a prosecution occurs.

Proposal 63-11 The Australian Communications and Media Authority, in consultation with the Office of the Privacy Commissioner, Communications Alliance and the Telecommunications Industry Ombudsman, should develop and publish guidance that addresses issues raised by new technologies such as location-based services, voice over internet protocol and electronic number mapping.

44. The Office accepts proposal 63-11. Such guidance may promote community education in regard to new technologies, including their benefits and risks, thus leading to more informed decision making about technology.

Proposal 63-12 Section 117(1)(k) of the Telecommunications Act 1997 (Cth) should be amended to provide that the Australian Communications and Media Authority can only register a code that deals directly or indirectly with a matter dealt with by the Privacy Act, or an approved privacy code under the Privacy Act, if it has consulted with the Privacy Commissioner, and has been advised in writing by the Privacy Commissioner that he or she is satisfied with the code.

45. The Office agrees with proposal 63-12.

46. The proposal is consistent with the Office's position in its submission to IP 31, question 10-1 (paragraph 31) concerning section 117(1)(k) of the Telecommunications Act, specifically, that the consultative provisions in that Act affecting the Privacy Commissioner should be strengthened. The Office submits that amending this provision will help ensure that community confidence in the code approval and registration process is maintained.

Proposal 63-13 Section 134 of the Telecommunications Act 1997 (Cth) should be amended to provide that the Australian Communications and Media Authority can only determine, vary or revoke an industry standard that deals directly or indirectly with a matter dealt with by the Privacy Act, or an approved privacy code under the Privacy Act, if it has consulted with the Privacy Commissioner, and has been advised in writing by the Privacy Commissioner that he or she is satisfied with the standard.

47. The Office agrees with proposal 63-13.

48. The proposal is consistent with the Office's position in its submission to IP 31, question 10-1 (paragraphs 28-33). Specifically, that the consultative provisions in the Telecommunications Act 1997 concerning the Privacy Commissioner should be strengthened to help ensure that community confidence in the industry standard approval and registration process is maintained.

Proposal 63-14 Section 306 of the Telecommunications Act 1997 (Cth) should be amended to provide that each exception upon which a decision to disclose information or a document is based is to be recorded when that decision is based on more than one of the exceptions in Divisions 3 or 4 of Part 13 of the Act.

49. The Office agrees with proposal 63-14.

50. The proposal is similar to the Office's position in its submission to IP 31, question 10-1. Specifically, that where there is more than one reason for a disclosure of information or a document under the exceptions in Part 13 of the Telecommunications Act that each reason is recorded. The Office submits that recording all reasons for disclosures helps ensure transparency and will assist the Office to monitor compliance with the record keeping obligations of telecommunications businesses under section 309 of that Act.

Proposal 63-15 Part 13 of the Telecommunications Act 1997 (Cth) should be redrafted to achieve greater logical consistency, simplicity and clarity.

51. The Office accepts proposal 63-15. As DP 72 points out in paragraphs 63.180 - 63.181, the provisions in Part 13 of the Telecommunications Act should be redrafted to overcome existing deficiencies particularly fragmentation and the unclear scope of the exceptions, among other reasons.

CHAPTER 64

OTHER TELECOMMUNICATIONS PRIVACY ISSUES

Question 64-1 Should ss 63B(1) and 135(3) of the Telecommunications (Interception and Access) Act 1979 (Cth) be amended to clarify when an employee of a carrier may communicate or make use of lawfully intercepted or accessed information in the performance of his or her duties?

1. The Office submits that sections 63B(1) and 135(3) of the Telecommunications (Interception and Access) Act 1979 (Cth) (TIA Act) relating to the use or disclosure of intercepted and accessed material in the performance of the duties of an employee are too broadly defined and the scope of the sections should be confined.

2. The Office supports amendments to both sections to clarify when an employee of a carrier may communicate or make use of lawfully intercepted or accessed information in the performance of his or her duties. It notes that sections 63B(1) and 135(3) of the TIA Act are similar to exceptions in sections 279 and 296 in the Telecommunications Act 1997 discussed in the Office's response to Question 63-1 in Chapter 63.

3. In the Office's response to Question 63-1 it argued that the exception should be aligned with the proposed ‘Use and Disclosure' Principle (currently National Privacy Principle (NPP) 2) so that the use or disclosure of personal information for a purpose (the secondary purpose) other than the primary purpose of collection would be permitted if both of the following apply:

• The secondary purpose is related to the primary purpose of collection and, if the personal information is sensitive information, directly related to the primary purpose of collection; and
• The individual would reasonably expect the agency or organisation to use or disclose the information for a secondary purpose.

4. This approach would ensure that a nexus remains between theprimary purpose for which personal information is collected, and how it is used or disclosed, rather than being linked to how the employee or contractor's duties are defined (including matters that may not be related to the purpose of collection).

Question 64-2 How should the provisions that permit an employee of a carrier to communicate to another carrier intercepted or accessed information (ss 63B(2) and 135(4) of the Telecommunications (Interception and Access) Act) be clarified?

5. The Office submits that sections 63B(2) and 135(4) of the TIA Act in relation to the business needs of other carriers are too broadly defined and the scope of the sections should be confined.

6. The Office supports amendments to both sections to clarify when an employee of a carrier may communicate or make use of lawfully intercepted or accessed information for the business needs of other carriers.

7. The Office supports both sections being aligned with the proposed ‘Use and Disclosure' Principle (currently NPP 2) so that the use or disclosure of personal information for a purpose (the secondary purpose) other than the primary purpose of collection would be permitted if both of the following apply:

• The secondary purpose is related to the primary purpose of collection and, if the personal information is sensitive information, directly related to the primary purpose of collection; and
• The individual would reasonably expect the agency or organisation to use or disclose the information for that secondary purpose.

8. This approach would ensure that a nexus remains between theprimary purpose for which personal information is collected, and how it is used or disclosed, rather than being linked to how the employee or contractor's duties are defined (including matters that may not be related to the purpose of collection.

Question 64-3 Should further restrictions apply in relation to the use and disclosure of information obtained by a B-party interception warrant under the Telecommunications (Interception and Access) Act 1979 (Cth)?

9. B-party interception warrants are directed at innocent third parties (a B-Party) who are likely to communicate with individuals under investigation for serious offences.[614]The Office submits that further restrictions should apply to the use and disclosure of information obtained by a B-party interception warrant under the TIA Act.

10. This is consistent with the Office's submission to the Senate Legal and Constitutional Affairs Committee Inquiry into the provisions of the Telecommunications (Interception) Amendment Bill 2006[615](Senate Inquiry into the TIA Amendment Bill).

11. The Office observed that the significant potential for the collection of personal information not related to the particular investigation under B-Party warrants, justified consideration being given to amending the Bill. The Office submitted that amendments could include stricter parameters around the use or disclosure of material collected via B-party interception warrants, as compared to traditional interception warrants. Except in one circumstance proposed below, such parameters may include enforceable prohibitions on the use or disclosure of intercepted material for any purpose other than the purpose stated in the warrant, as well as enforceable, audited requirements that any intercepted material outside the scope of the purpose stated in the warrant should be immediately destroyed.

12. The Office submits that prohibitions on the use or disclosure of intercepted material should be subject to an exception in relation to the investigation of serious criminal offences such as an offence carrying a penalty in excess of two years imprisonment.

Proposal 64-1 Section 79 of the Telecommunications (Interception and Access) Act 1979 (Cth) should be amended to provide that the chief officer of an agency must cause a record, including any copy of a record, made by means of an interception to be destroyed when it is no longer needed for a permitted purpose.

13. The Office agrees with proposal 64-1.

14. The proposal accords with the Office's position in its submission to IP 31.[616]The Office submits that it is good privacy practice to destroy material which is no longer needed for a purpose permitted by the legislation.

Proposal 64-2 The Attorney-General's Department should provide guidance on when the chief officer of an agency must cause information or a record to be destroyed when it is no longer required for a permitted purpose under s 79 and s 150 of the Telecommunications (Interception and Access) Act 1979 (Cth). This guidance should include time limits within which agencies must review holdings of information and destroy information as required by the legislation.

15. The Office supports proposal 64-2.

16. The proposal follows logically from the Office's position in its submission to IP 31.[617]

17. The Office noted that in the absence of a requirement for a record, (including a copy of the record), to be destroyed when it is no longer needed for a permitted purpose, a law enforcement agency may be able to retain the intercepted material indefinitely.

Proposal 64-3 Section 79 of the Telecommunications (Interception and Access) Act 1979 (Cth) should be amended to expressly require the destruction of non-material content intercepted under a B-party warrant.

18. The Office supports proposal 64-3.

19. The proposal generally accords with the Office's submission to the Senate Inquiry into the TIA Amendment Bill.[618]The Office submitted that the significant potential for the collection of personal information not related to the particular investigation under B-Party warrants justified consideration being given to amending the Bill. It was suggested that those amendments include stricter parameters around the handling of material collected via B-party interception warrants, as compared to traditional interception warrants. Except in one circumstance proposed below, such parameters should include audited requirements that any intercepted material outside the scope of the purpose stated in the warrant should be immediately destroyed.

20. The requirement to destroy intercepted material should be subject to an exception in relation to the investigation of serious criminal offences such as an offence carrying a penalty in excess of two years imprisonment.

Question 64-4 Should the regime relating to access to stored communications under the Telecommunications (Interception and Access) Act 1979 (Cth) be amended to provide further reporting requirements in relation to the use and effectiveness of stored communications warrants?

21. The Office submits that the TIA Act should be amended to provide further obligations relating to the record keeping and reporting requirements for stored communications warrants to bring them into alignment with the requirements for other kinds of warrants.

22. This is broadly consistent with the Office's submission to the Senate Inquiry into the TIA Amendment Bill which suggested that careful consideration be given to ensuring that the provisions of Schedule 3 in the Bill (that were subsequently enacted in law) do not give rise to an unintended reduction of the privacy protections in the Interception Act.

Question 64-5 Should the Telecommunications (Interception and Access) Act 1979 (Cth) be amended to provide for the role of a public interest monitor? If so, what should be the role of the monitor? Should its role include, for example, to:

(a) appear at any application made by an agency for interception and access warrants under the Telecommunications (Interception and Access) Act;

(b) test the validity of warrant applications;

(c) gather statistical information about the use and effectiveness of warrants;

(d) monitor the retention or destruction of information obtained under a warrant;

(e) provide to the Inspector General of Intelligence and Security, or other authority as appropriate, a report on non-compliance with the Telecommunications (Interception and Access) Act; or

(f) report to the Australian Parliament on the use of interception and access warrants?

23. The Office sees merit in further consideration being given to provide for the role of a public interest monitor with the listed functions as a safeguard on the exercise of powers which affect personal liberty and the handling of personal information of affected individuals. In this regard, the Office notes that the TIA Act already provides for the Queensland Public Interest Monitor to represent the interests of Queensland residents in proceedings under the legislation. This appears to be a useful oversight measure which should be extended to all individuals in Australia.

Proposal 64-4 The Office of the Privacy Commissioner should be made a member of the Australian Communications and Media Authority's Law Enforcement Advisory Committee.

24. The Office supports the proposal.

25. The Law Enforcement Advisory Committee (LEAC) assists the Australian Communications and Media Authority by providing advice and recommendations on law enforcement and national security issues relating to telecommunications. The Office agrees with the ALRC's view that it should have a more formal role in relation to law enforcement and telecommunications. Providing a formal role for OPC on LEAC would help to ensure that the privacy impacts of proposals are given appropriate weight.

Question 64-6 Should the Spam Act 2003 (Cth) be amended to:

(a) provide that the definition of ‘electronic message' under s 5 includes Bluetooth messages;

(b) provide that facsimile messages are regulated under the Act;

(c) provide that an electronic message is required to include an unsubscribe message if the electronic message:

(i) consists of no more than factual information; or

(ii) has been authorised by a government body, a registered political party, a religious organisation, or a charity or charitable institution, and relates to goods or services; or

(iii) has been authorised by an educational institution, and relates to goods or services;

(d) remove the exception for registered political parties?

Bluetooth messages

26. Given the likelihood of a significant increase in Bluetooth messages, the Office believes that there is merit in amending the definition of ‘electronic messages' in section 5 of the Spam Act 2003 (Cth) (Spam Act) to include Bluetooth messages in order to ensure there is consistency with most other forms of electronic messages that are regulated by this Act and the likely regulatory gap which could result.

Facsimile messages

27. The Office supports facsimile messages being regulated under the Spam Act. This proposal is consistent with the Office's recent submission to the Department of Communications, Information Technology and the Arts' Discussion Paper Unsolicited commercial faxes or ‘Fax spam'.[619]

Unsubscribe message

28. The provision of an unsubscribe message option assists privacy choices as it enables an individual to have a measure of control over how their personal information is being used or disclosed. The Office supports the notion of a requirement for an unscribe message facility to be included in an electronic message if the electronic messages consists of no more than factual information; or, if the electronic message is in relation to goods or services and has been authorised by a government body, a registered political party, a charity or an educational institution.

29. The provision of an unsubscribe message facility in relation to factual messages is also consistent with the Office's submission to DCITA in February 2006 in response to its review of the Spam Act.[620]The Office observed that excluding purely factual messages from the scope of the Spam Act has an impact on national consistency in the regulation of potentially intrusive marketing practices. The repeated sending of purely factual messages has the potential to cause irritation, or even greater harm among consumers, and it may also lead to confusion as to the distinction between communications which are, and are not, covered by spam legislation.

Exception for registered political parties

30. The Office's view is, in general, that exceptions should be minimised and should exist only if there is a clear and demonstrable public interest which reflects community attitudes and values in the exception being maintained. The Office's position in relation to the political exemption under the Privacy Act is discussed in proposal 37-1.

Question 64-7 Should the Do Not Call Register Act 2006 (Cth) be amended to remove the exception for registered political parties, independent members of parliament and candidates in an election?

31. The Office's view is that exceptions should be minimised and should exist only if there is a clear and demonstrable public interest which reflects community attitudes and values in the exception being maintained.

32. If it is necessary for an exception to be retained in the legislation, the Office suggests that rather than excepting particular bodies, that only particular types of telephone calls should be exempt. In that event careful consideration will need to be given in determining the categorisation of exempt telephone calls.[621]The Office's position in relation to the political exemption under the Privacy Act is discussed in proposal 37-1.

Proposal 64-5 The Office of the Privacy Commissioner, the Telecommunications Industry Ombudsman and the Australian Communications and Media Authority should develop memoranda of understanding, addressing:

(a) the roles and functions of each of the bodies under the Telecommunications Act 1997 (Cth), Spam Act 2003 (Cth), Do Not Call Register Act 2006 (Cth) and the Privacy Act;

(b) the exchange of relevant information and expertise between the bodies; and

(c) when a matter should be referred to, or received from, the bodies.

33. The Office supports the proposal. The proposal is in accord with the Office's view in its March 2005 report the Review of the Private Sector Provisions of the Privacy Act (Private Sector Review) in which it stated that the Office would liaise closely with other privacy regulators to ensure that privacy complaints are handled efficiently and to minimise confusion and costs for both individuals and organisations.[622]

Proposal 64-6 The document setting out the Office of the Privacy Commissioner's complaint-handling policies and procedures (see Proposal 45-8), and its enforcement guidelines (see Proposal 46-2) should address:

(a) the roles and functions of the Office of the Privacy Commissioner, Telecommunications Industry Ombudsman and the Australian Communications and Media Authority under the Telecommunications Act 1997 (Cth), Spam Act 2003 (Cth), Do Not Call Register Act 2006 (Cth) and the Privacy Act; and

(b) when a matter will be referred to, or received from, the Telecommunications Industry Ombudsman and the Australian Communications and Media Authority.

34. The Office supports the proposal.

Proposal 64-7 The Office of the Privacy Commissioner, in consultation with the Australian Communications and Media Authority, Australian Communications Alliance and the Telecommunications Industry Ombudsman, should develop and publish guidance relating to privacy in the telecommunications industry. The guidance should:

(a) outline the interaction between the Privacy Act, Telecommunications Act 1997 (Cth), Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth);

(b) provide advice on the exceptions under Part 13 of the Telecommunications Act, Spam Act and the Do Not Call Register Act; and

(c) outline what is required to obtain an individual's consent for the purposes of the Privacy Act, Telecommunications Act, Spam Act and the Do Not Call Register Act. This guidance should cover consent as it applies in various contexts, and include advice on when it is, and is not, appropriate to use the mechanism of ‘bundled consent'.

35. The Office supports the proposal.

36. The provision of guidance is broadly in accord with the Office's position in two respects. In its Private Sector Review, the Office observed that it would hold discussions with ACMA on the possibility of issuing joint guidance on the application of the Spam Act and the Privacy Act.[623] In its submission to IP 31, the Office foreshadowed that regular discussions with the TIO would be useful in interpreting and applying the NPPs.[624]

Proposal 64-8 The Office of the Privacy Commissioner, in consultation with the Attorney-General's Department, the Australian Communications and Media Authority, the Office of the Commonwealth Ombudsman, the Inspector General of Intelligence and Security and the Telecommunications Industry Ombudsman, should develop and publish educational material that addresses the:

(a) rules regulating privacy in the telecommunications industry;

(b) various bodies that are able to deal with a complaint in relation to privacy in the telecommunications industry, and how to make a complaint to those bodies.

37. The Office supports the proposal.

[609] Located on the Office's website at http://www.privacy.gov.au/publications/submissions/subcommtiabill190707.doc .

[610] The Office's submission to the Senate Legal and Constitutional Affairs Committee considering the Bill is located at http://www.privacy.gov.au/publications/submissions/subcommtiabill190707.doc.

[611] Paragraphs 8 and 58 respectively.

[612] Explanatory Memorandum, Telecommunications Bill 1996 (Cth), vol. 2.

[613] Located on the Office's website at http://www.privacy.gov.au/publications/ipndsub.doc.

[614] ALRC, DP 72, chapter 63, paragraph 64.5, p.1902.

[615] Located on the Office's website at http://www.privacy.gov.au/publications/200603_sub_to_senate_tia_amendments_stored_communications.doc.

[616] See the Office's submission to the ALRC's IP 31, question 10-1 (paragraphs 48-50) and question 10-1(ix) p. 53.

[617] See the Office's submission to the ALRC's IP 31, question 10-1 (paragraphs 48-50) and question 10-1(ix) on p.53, available at http://www.privacy.gov.au/publications/submissions/alrc/c10.html#L23572.

[618] Located on the Office's website at http://www.privacy.gov.au/publications/200603_sub_to_senate_tia_amendments_stored_communications.doc.

[619] Located on the Office's website at http://www.privacy.gov.au/publications/sub_lttr-to-dcita-re-fax-spam-dp_200709.doc.

[620] Located on the Office's website at http://www.privacy.gov.au/publications/spamreviewsub.doc .

[621] See the Office's submission of December 2005 to DCITA regarding the Introduction of a Do Not Call Register: Possible Australian Model Discussion Paper located on the Office's website at http://www.privacy.gov.au/publications/donotcallsub.pdf.

[622] Getting in on the Act: The Review of the Private Sector Provisions of the Privacy Act 1988 (2005) pp. 159-160 located on the Office's website at http://www.privacy.gov.au/act/review/review2005.htm#5_6.

[623] The Office's Private Sector Review, Recommendation 11, pp. 62-63.

[624] Located on the Office's website at http://www.privacy.gov.au/publications/submissions/alrc/all.pdf, paragraph 83, p.414.