|Wikimedia Commons Niklas Bildhauer|
Itnews focuses on the committee recommendation to remove the small business exemption from the Privacy Act, as recommended by the Australian Law Reform Commission in 2008. In fact Chapter 5 contains nine recommendations mostly supporting those made in April by the Senate Environment and Communications Reference Committee. Apart from removal of the small business exemption, the committee calls for action to ensure more clarity about consent in the online context, regulation by Australian law of any collection of personal information from Australia, tighter rules for transfer of personal information overseas, and for a "Do not track"model.
Some recommendations are relevant to consideration by a senate committee of the government's exposure draft of the Australian Privacy Principles.That process has been underway since June 2010 and the committee is due to report in September.(Correction-the Committee reported on 15 June with 29 recommendations for consideration. As a result the rest of what follows, written before I became aware of this, might appear to have been unduly pessimistic about the timetable. However given the committee's view that some fundamental redrafting is required, I'd be surprised if this is smooth and straight sailing from here. See this later post for details.) After that, if you allow time for a government response, then for parliament to act on a bill, finalisation in 2011-mid year was the original aim- is starting to look unlikely. As for phase 2 and such knotty issues as ALRC recommendations for change to media self regulation rules, removal of the political party exemption, mandatory breach notification, and a statutory cause of action for a serious and unwarranted breach of privacy-all in the government's in-tray for years- finalisation in 2012 will be a stretch.
The government ambition of 2009 to work with the states and territories to harmonise privacy law across the nation is looking a little forlorn as well.
At that time the minister responsible Senator Ludwig said the first stage response would create a platform from which the Government could pursue national harmonisation through discussion with the states and territories. Ultimately, the aim he said, was to be a consistent set of privacy standards for the Commonwealth, state and territory public sectors, as well as the private sector. The Federal Government would look to the states and territories to repeal privacy laws including health privacy laws that apply to the private sector. Additional national consistency issues would be considered in the second stage response.
At the state level, Western Australia continues on with no public sector privacy law, and South Australia makes do with an administrative direction while in NSW legislation with more holes than swiss cheese has been the subject of a fifth and final report by the NSW Law Reform Commission that has recently surfaced. The Commission signed off on the report to the then attorney general in May 2010, who kept it in under wraps and has now left the scene. This completes the Commission's privacy reference that commenced in April 2006.
Many of the recommendations regarding privacy principles are put in the alternative, dependent on whether NSW signs up to national principles now under consideration by the Senate committee. So further delay in much needed reform at the state level is a certain flow on effect from the slow Canberra process. Perhaps someone soon will promise national privacy law harmony "by the year 2020....."
Some recommendations in the NSWLRC report address weaknesses in the scope and application of the law, including bringing state owned corporations some of whom have wrongly claimed for 10 years that they are subject to the Commonwealth act, and NSW ministers, under the law, and cutting back on the level of exemption for the NSW Police where the law only applies currently in respect of administrative and educative functions. Recommendations 10.14-10.16 are for new offence provisions. The Commission also recommends mandatory notification to individuals where personal information is held by an unauthorised person, posing a real risk of serious harm.
I'm all for national harmony but given the record so far a lot of this, and some unacted upon recommendations from earlier NSWLRC reports should go forward without waiting for Canberra's lead.