Pages

Thursday, August 31, 2006

Practical privacy assistance from Privacy Commissioner for Privacy Awareness Week

The Federal Privacy Commissioner has launched Privacy Awareness week by the release of a Guide for Privacy Impact Assessments, and a model for layered privacy notices. The Federal Guide is similar to an earlier publication by the Victorian Privacy Commissioner ( Privacy Impact Assessments - a guide,) and provides a useful set of steps for any privacy assessment project.

The layered notice initiative has been a work in progress for some years and was a recommendation from the Conference of Privacy Commissioners in Sydney in 2003 (Resolution).

The Centre for Information Policy Leadership has done a lot of work in this area.

It's a commendable approach designed to provide a short statement ( PDF ) of important privacy matters likely to be of interest, linked with and supported by a more detailed policy (PDF) for those who want to read the fine print.

Some Federal Government agencies have already adopted this practice. The Federal Privacy Commissioner is urging Federal and private sector bodies covered by the Privacy Act to go down this path.

Wednesday, August 30, 2006

Tasmanian Freedom of Information expert cracks cabinet code

Rick Snell, one of Australia's leading authorities on Freedom of Information and a law academic at University of Tasmania has had a significant victory in convincing the Tasmanian Ombudsman to require the release of Tasmanian Cabinet agendas for the period 1993-1995.

The full details are online in the Tasmanian Times.

Rick has tested the provision in the Tasmanian FOI Act that provides that a document that comes within the exemption provision regarding cabinet documents loses its status as an exempt document for that reason 10 years after its creation. It would be open to a determining officer to decide that such a document could be exempt because of other provisions, but not to claim exemption on "cabinet document" grounds.

There are similar provisions in NSW, Victorian and Western Australian FOI Acts. They do not apply to documents created before the FOI Acts became law but the 10 year period has just kicked in in Tasmania and is well past in the other states.

Nothing has come into the public domain to suggest that anyone has tested these provisions, or the response of the Premier's Department.

Rick Snell obviously doesn't intend to stop at cabinet agendas - I expect he will follow up on the cabinet submissions themselves.

His proposal for pro active disclosure of 10 year old Tasmanian cabinet documents from here on would be a great step forward in transparency. Perhaps other states will give this consideration or explain why its not a favoured option.

Congratulations on the win Rick and thanks for the lead to the story.

ABC's 7.30 Report highlights FOI High Court challenge

I’m out of town today but will write something when I return about the implications of the High Court FOI challenge that was focused on the 7.30 Report program that went to air last night.

In the meantime here is a link to the transcript of that program and a link to our earlier blog on this subject.

Tuesday, August 29, 2006

This time it's the Tax Office named in privacy breach

Another Federal Government agency named for unlawfully accessing client records – this time the Australian Tax Office. The ATO is taking action against 27 workers for serious breaches of privacy.

Last week it was revealed that Centrelink had detected 790 instances of inappropriate staff access to customer records since 2004.

No doubt Professor Allan Fels as Chairman of the Consumer and Privacy Task Force Advisory Committee watching the development of the access card, will also be watching these developments with interest.

Monday, August 28, 2006

Hacker invades privacy of Tasmanian blogger

A popular young Tasmanian woman was forced to quit her video blog because of grave personal safety concerns after her computer was hacked.

Up to 300,000 regularly viewed the video blog of Emmalina an 18 year old ‘star’ of YouTube.

Although she operated under a pseudonym, another determined follower had uncovered her personal details and circulated them online. She received death threats, rape threats and had all her personal details stolen.

Journalist Kathleen Parker writes about the dangers of instant cyber, while Max Markson, managing director of celebrity agency, Markson Sparks, warned that the openness of the internet represented a double edged sword for those seeking notoriety.
"If you put yourself out there on YouTube or MySpace you are moving into open area and giving your privacy away. If all of a sudden fame comes upon you, all the negatives as well as the positives come with it," he said.

Sunday, August 27, 2006

Update on US monitoring of SWIFT system

A "humdinger" of a problem is how a UK privacy expert describes the row between the US and the EU over American access to data held by the SWIFT Interbank Exchange in Belgium concerning international bank transfers. An EU committee is seeking to coordinate responses of 33 European countries to complaints received since the story broke a couple of months ago.
Thanks to PogoWasRight for the link.

Meanwhile German papers are demanding US authorities' access to SWIFT must be stopped.


Telstra accountability as a "private" entity?

Glenn Milne writing in News Limited papers in “T3 really just a Clayton’s privatisation” says that a 30% holding of Telstra shares in the Government’s Future Fund will mean that the Government remains the single largest shareholder. He also wonders whether the new Telstra (already exempt in relation to its commercial activities) will continue to be subject to the Federal FOI Act, and who will appear to answer questions from the Senate Estimates Committee – Telstra or the Future Fund?

FOI in the news

Media reports based on FOI applications this week include:

The Australian 21 August: “Gallery's masterwork may be Nazi loot” - The National Gallery of Victoria has been accused of buying looted art and is locked in a struggle over a million-dollar portrait with the heirs of a famous Jewish collector who claim it was stolen by the Nazis.

Daily Telegraph 21 August: “No control, no class” – Documents reveal that NSW school teachers are experiencing several attacks a week from violent students in NSW public schools.

Courier Mail 23 August: “Corporate guzzlers hide names” – Brisbane City Council has refused access to details of water use for most of the 100 top commercial users, on the grounds that it would have an adverse effect on their business affairs. The Lord Mayor’s spokesperson commented that the Council could be sued “under FOI privacy laws” if the information was disclosed.

(Peter’s comment: confusion seems to reign in Brisbane and Sydney Councils concerning the link between FOI and privacy laws. But as Queensland doesn’t have a privacy act, (just an administrative order) who knows what this means?)

The Age 23 August: “BHP claims 'clean hands' over Iraq” - BHP Billiton has told the Government its "hands are clean" in Iraq because it left all liaison with Saddam Hussein's regime to Tigris Petroleum, its controversial joint-venture partner.

Daily Telegraph 23 August: “$12,000 a week for ferry crew cabfares” – Sydney Ferries have spent almost $2million on cabfares for staff called in to work or required to work extended hours.

Daily Telegraph 24 August: “Public servants charge it - Bureaucrats in credit card fraud” - At least five cases of public servant corporate credit card fraud or misuse, including inventing fictitious work expenses and using them for personal cash advances have been discovered by a NSW Treasury audit.

The Australian 25 August: “Asylum centre's deadly asbestos" - Hundreds of detainees and workers who have been through Sydney's Villawood Immigration Detention Centre may have been exposed to asbestos fibres after a federal government department wrongly declared the site to be safe four years ago.

Daily Telegraph 26 August: “Stop spin doctoring and hire more police” – documents released to the NSW Opposition disclose that the number of gun seizures has dropped from 290 to 31 to June this year.

Sydney Morning Herald 23 & 24 August: Several articles about efforts to obtain information about restaurants fined over food safety standards. See our earlier blog.

Sydney Morning Herald 26 August: In his weekly “What they wont tell you” column FOI Editor Matthew Moore in “Tribunal gets clause into public information” reports on an Administrative Decisions Tribunal decision to uphold a confidentiality agreement between the Vice Chancellor of the University of Western Sydney and her employer to exempt the employment contract.
For our comment see earlier blog.

Friday, August 25, 2006

FOI ADT decisions: round 15, both still standing

Two Appeal Panel decisions and another Tribunal decision refusing leave to appeal against a decision to not issue a summons for evidence requested by the FOI applicant, bring to 15 the number of reported ADT decisions in 2005-2006 involving McGuirk and the University of New South Wales - and it's only August.

In University of New South Wales v McGuirk (2006) NSWADTAP 38 the Appeal Panel overturned a decision by the Tribunal to grant the FOI applicant access to a document containing legal advice.

The original decision was that while the document contained legal advice, privilege had been waived as there was evidence that a member of the University Council had given a copy of the document to a member of the council of another university. The Tribunal said that in these circumstances the onus shifted to the University to show that privilege had not been waived, and that the University had failed to satisfy this obligation.

The Appeal Panel said this constituted an error of law and went on to review the merits of the decision.

It held that although there was some evidence that the Chancellor of the University may have authorised the disclosure, the Chancellor did not have authority to waive privilege on behalf of the University. Privilege could only be waived by a resolution of the University Council, or a decision by an officer of the University authorised to make such a decision. There was no evidence of either action.

In McGuirk v University of New South Wales (2006) NSWADTAP 39 the Appeal Panel upheld the FOI applicant’s appeal against a Tribunal order to pay $1000 towards the costs of the University in respect of a matter withdrawnon the day of the hearing. The Tribunal had ordered the payment “as a sanction” in light of the fact that it had been made clear to the applicant that the Tribunal had no jurisdiction given that there had not been a valid application for internal review.

The Appeal Panel said that the ADT’s powers to award costs were limited to “special circumstances” and that this power was analogous to that of the courts when deciding whether to award costs against a solicitor. This meant that even where “special circumstances” were evident, cost powers could not be used as a penalty or a deterrent – cost orders were a means of compensating a party who suffers, not punishing the party who causes the problem.

ADT privacy decision: no evidence of who spilled the beans on VA

In VA v Premier’s Department (2006) NSWADT249 the ADT dismissed an application for review of a privacy complaint on the basis that there was no evidence of the allegations made by the applicant.

VA had complained that a member of the staff of the Department or someone in a minister’s office had provided information about him to a journalist. While someone clearly gave the journalist some information, and a shadow minister was of the view that it came from within government, VA was unable to provide evidence that confirmed information was held or disclosed by anyone in the Department.

One issue that isn't referred to in the decision, and hasn't had a run in other ADT cases to date, concerns the application of the Privacy and Personal Information Protection Act to the handling of personal information by ministers and ministerial staff. Unlike Federal and Victorian privacy legislation, the NSW Act does not include ministers in the definition of those covered by privacy obligations, but ministerial staff, all of whom are employed by the Premier's Department are public sector officials for the purposes of the Act.

ADT privacy decision highlights technical obstacles

The minefield that has to be negotiated when some seek to exercise rights of complaint and review concerning alleged breaches of privacy in NSW are illustrated in this NSW ADT decision TA v Department of Education and Training (2006) NSWADT 246.

The applicant a school teacher alleged various breaches of privacy following disclosure in 2000 of information to a sub contracted investigator appointed by the agency’s workers compensation insurer.

The upshot? The ADT found that the Department was exempt from most of the principles in the Privacy and Personal Information Protection Act in 2000 because of a Direction issued by the Privacy Commissioner that applied to its operations at that time; principles not covered by this exemption didn’t apply because the sub contractor to the insurer was not subject to the Act; and to boot, the relevant information was information about the teacher’s suitability for employment – information excluded from the definition of ‘personal information’.

The ADT had no jurisdiction to consider the application for review.

Yet another illustration of the gaps in the legislation for the NSW Law Reform Commission to consider.

Ongoing FOI saga of Sydney's dodgy restaurants

These two articles on 23 and 24 August and an editorial (second story) in the Sydney Morning Herald detail unsuccessful attempts to obtain under FOI documents concerning fines issued to restaurants by the City of Sydney Council for failure to observe food hygiene standards.

These articles follow earlier publicity about the paper’s FOI application and attracted comment from readers overseas who said that this type of information is routinely available in cities in the UK, the US, Canada and elsewhere.

The article on 24 August correctly quoted me to the effect that any claim that documents couldn’t be released because of privacy legislation is incorrect. Anna Johnston of the Australian Privacy Foundation agreed: the NSW Privacy and Personal Information Protection Act specifically provides that nothing in the Act impacts in any way on an agency’s obligations under the FOI Act.

The FOI Act contains its own mechanism to balance privacy and the public right to know with an exemption designed to protect information concerning personal affairs where disclosure would be unreasonable.

I haven’t seen the disputed documents but it would be surprising if the names of individuals fined would be information concerning personal affairs – the names would simply reveal who had been issued with a fine for failure to observe food hygiene standards. This isn’t likely to be information about matters of private concern.

Apparently the refusal was also based on the exemption that covers information concerning business and commercial affairs where disclosure would have an unreasonable adverse effect on those affairs. Without seeing the documents its difficult to make a judgement about this claim but a couple of points: is the fact that a fine was issued to the proprietor of a business information about “business and commercial affairs” or is it simply a record that the organisation was found to have failed to comply with legal requirements in handling food for public consumption? In other words is it about business affairs or regulatory compliance?

Despite this, even if it did constitute business affairs information, weighing the unreasonable adverse effect of disclosure requires consideration of any public interest to be advanced by release of the information. There is a strong public interest in maintenance of public health and the public right to know where restaurants have failed to comply with standards.

In an earlier comment on this issue we suggested that food authorities and all councils involved in conducting inspections should get together to promote food hygiene standards through pro active disclosure of information along the lines of the many “Scores on doors” projects adopted elsewhere.

Thursday, August 24, 2006

Victorian police stung over privacy breaches

A report by former Victorian Privacy Commissioner, Paul Chadwick, tabled in Parliament this week highlights "years of recurring, systematic" breaches of privacy in the management of the Police data base used for the conduct of policing functions.

The report concludes an investigation commenced last year following the mistaken release to officials in the Department of Justice and the Department of Corrections of 7000 pages of information on police files of 290 Victorians.

The Commissioner has issued orders requiring recification of systems. This Herald Sun report summarises issues or see the full report - "Mr. C's Case" 23 August 2006

Wednesday, August 23, 2006

Staff sackings for privacy breaches

According to to-day's Sydney Morning Herald, Centrelink, the Federal Government's welfare payments agency has uncovered almost 600 cases of staff wrongfully accessing client records during the last 2 years. Nineteen staff were sacked, 92 resigned, 300 faced salary deductions or fines and 46 were reprimanded. Five cases involving staff making changes to records have been referred to the Police.

Centrelink says this illustrates its zero tolerance of privacy breaches. Others might draw additional conclusions.

I wonder if Centrelink intends to contact those whose data has been improperly accessed, or just leave its clients wondering whether they should be concerned?

Update on international developments

A brief update on a couple of the overseas issues previously noted here.

In India people power has won out - the Government has withdrawn proposed amendments to the Right to Information Act in the light of strong public protests. The scale of the protests and mobilisation of forces was quite something - involving signature drives in major US cities, and over 70 international participants in solidarity fasts supporting those on hunger strike in India. Will the Indian message - "Don't mess with our FOI Act" - roll on elsewhere?
Our earlier blog - Indian FOI activists on hunger strike.

AOL – after the release (and subsequent withdrawal) on the web of internet searches undertaken by 650,000 subscribers – reports that the Chief Technology Officer and two others have been fired. Our original blog is here.

Here’s some ammunition for those of you who are trying to ensure privacy issues get proper consideration in your organisation. AOL Chief Executive, in a memo to staff said:
“This incident took place because some employees did not exercise judgement or review their proposal with our privacy team”.
President Bush says that he is confident the decision that found warrantless phone tapping by the National Security Agency will be overturned on appeal. See our original blog.

Canada’s Privacy Commissioner has formally commenced an investigation about whether US monitoring of the SWIFT interbank transfer system based in Belgium involves a breach of the privacy of Canadian citizens. Our earlier SWIFT blogs.

The US Air Force Research Laboratory (see item 9 Aug. "Air Force Lab will not fund Controverial FOIA study) has distanced itself from involvement in the project funded by a $1million allocation in its budget to undertake research on how to develop model FOI amendments to deny terrorists access to government information. Meanwhile a former student at the University that has received the funds has started a campaign to get it to return the money. See our earlier blog.

Thanks to David Fraser's Canadian Privacy Law blog for some of these leads

Don't keep privacy week a secret

A constant theme in reports about public attitudes to privacy issues is that more needs to be done to improve awareness and understanding.

It’s commendable that the Federal, NSW, Victorian and Northern Territory privacy regulators are jointly promoting Privacy Awareness Week from 27 August – 2 September. The aim is to encourage organisations and agencies to promote privacy awareness to staff, customers and the wider community. Just what this will involve remains to be seen – probably not street parades – but there’s a promotional poster available on the theme “Don’t leave privacy to chance”.
privacy awareness week poster

Monday, August 21, 2006

FOI in the news

Media reports based on FOI applications over the last week include:

Daily Telegraph 15 August: "RailCorp is taken to the cleaners" - RailCorp has revealed it has paid out 189 claims last year for damage caused by filthy seats, protruding screws, train doors that closed too quickly and jagged edges on escalators.

Herald Sun 15 August: "470 pit bulls registered, 5500 not listed - Owners hide vicious dogs" - 470 registered American pit bull terriers are living in back yards in Victoria. And most of them are in the western suburbs, the latest head count on the dangerous breed shows. The vicious dogs have been officially declared to councils and are kept under strict conditions, including desexing, to ensure public safety.

The Australian 16 August: "Dr Death's long shadow" - examines the fall out from the Queensland health care fiasco and the culture of secrecy and abuse of the FOI Act in the health system, exposed in the report of retired Supreme Court judge Geoff Davies.

The Age 17 August: "Consultant showbags top $10m - Showground project fees revealed" - More than $10 million has been spent on consultants for the Victorian Government's Royal Melbourne Showgrounds redevelopment. Documents obtained by the Opposition under Freedom of Information laws show that the Government has forked out about $100.5 million over four years for the project, which is almost $8 million over budget and a year late.

Herald Sun 17 August: "VicRoads cashes in - Learners failing the test"- one in three teens failed the learner permit test last year, netting VicRoads millions in reapplication fees. Young Victorians spent more than $13.4 million sitting their learner permit and probationary licence tests last year. They spent about $3 million failing their tests.Documents obtained under freedom of information show almost 30,000 teenagers failed their learner permit in 2005, while just over 50,000 passed on their first attempt.

Sydney Morning Herald 17 August: "A whiff of tobacco about Bush's new man" - In this opinion piece Richard Ackland comments about the new American Ambassador in Canberra and FOI applications in the US seeking information about his role in settling a controversial tobacco compensation case.

Canberra Times 18 August: "Controversial stun guns approved for permanent use in the ACT" -
Taser stun guns have been adopted for permanent use by police in the ACT, after a 12-month trial of the controversial weapon was deemed a success. ACT Policing approved recently the use of X26 Tasers which have been used on nine occasions since the trial began in December 2004.

Sydney Morning Herald 19 August: In his weekly "What they won't tell you" column FOI Editor Mathew Moore in "State declares water an underground secret" reports on a decision by the Department of Natural Resources to refuse access to parts of water licenses issued to a gold mine on the Murray River. The Department deleted large parts of the document (including the company's address) on the grounds that disclosure would have an unreasonable adverse effect on business effect or had been obtained in confidence!

Friday, August 18, 2006

Federal FOI case finds complaints about ABC programs off limits

The Australian Centre for Independent Journalism, a centre within the University of Technology Sydney, has failed to convice the Federal Court that an exemption in the Federal FOI Act concerning documents held by Australian Broadcasting Corporation (ABC) should be interpreted narrowly.

In Australian Broadcasting Corporation v University of Technology Sydney (2006) FCA964, Justice Bennett decided that the exemption in Schedule 2 for documents "in relation to" ABC's "program materials" meant any documents that had a direct or indirect relationship to program materials. Justice Bennett rejected arguments that the provision should only apply to tapes and other recording materials, and that the provision was intended to protect intellectual property rights in ABC programs.

The Centre is seeking access to documents about complaints made to the ABC about its coverage of the middle east in 2000-2002. Justice Bennett's decision suggests that the ABC may be able to rely on the Schedule 2 exemption to refuse access to these documents. Further submissions from the parties have been invited prior to a decision on the status of each of the documents (listed in the decision).

The theory of statutory interpretation is that Parliament ponders and considers carefully words in bills and that courts then need to discern what Parliament meant. Some might suggest that what they were seeking to protect in the case of the ABC (and SBS) was program materials that could be utilised by commercial competitors and others in an unfair manner.

I doubt if anyone at the time thought that including the words "in relation to" meant that complaints made about ABC coverage, and the investigation of those complaints would come to be regarded as especially sensitive information covered by a special exemption in the FOI Act.

No protection from cashed up pollies

Australian taxpayers are unlikely to be dancing in the streets following the announcement that Federal members of parliament are to get an increase in "printing allowance" from $125,000 to $150,000 annually and an increase in "postage allowance" from $24,000 to $40,000 - total cost to the taxpayer $60 million. What they don't spend in one year can be rolled over to the next.

According to today's Sydney Morning Herald, if the next Federal election is held in October next year, an
"MP could organise the allowances so as to have up to $300,000 to spend on printed material in just the four months from early June to election day and $93,000 to spend posting it".
When you take into account that candidates running for office and political parties are not covered by the Federal Privacy Act, can collect and use data about us without regard to privacy principles and bombard us with "electoral" material without giving us the opportunity to opt out - we may all have to just settle for a larger post box.

There will be no avoiding unsolicited phone calls either. Our political leaders have also managed, "in the public interest", to ensure that their activities won't be covered by the Do Not Call Register Act, due to commence in 2007.

It's official: rule of law still prevails in US

A US Federal judge has found that the National Security Agency’s wiretapping program, undertaken without the issue of warrants, is unconstitutional and has ordered an immediate halt on grounds it violated rights to free speech and privacy as well as the separation of powers enshrined in the Constitution.

This is a major setback to the Bush Administration and its claims for extraordinary powers in the pursuit of the ‘war on terror’. The Judge made it pretty clear that the rule of law is still in place in the US:
"There are no hereditary kings in America and no powers not created by the Constitution."

Thursday, August 17, 2006

Victorian workplace privacy bill

The Victorian Attorney General has introduced the Surveillance Devices (Workplace Privacy) Bill which prohibits surveillance in workplace toilets, washrooms, change rooms and lactation rooms.

The Bill acts on one of the recommendations contained in a 2005 Victorian Law Reform Commission report on workplace privacy - Workplace Privacy Final Report: October 2005. Other recommendations have not yet been acted upon.

NSW has since October 2005 a comprehensive Workplace Surveillance Act.

The Federal Government yesterday indicated support for national consistency in this and related privacy laws and a Working Party will report to the Standing Committee of Attorneys General.

Wednesday, August 16, 2006

Another commitment to nationally consistent privacy laws

The Federal Treasurer yesterday released the Government's responseto a January 2006 report of the Task Force on Reducing Regulatory Burdens on Business. (full response here).

Two privacy related recommendations in the report and the Government's responses are below. Everyone's in favour of uniform nationally consistent privacy laws. The only question is what they should contain. Let's hope the various Law Reform Commissions, committees and task forces don't fall over each other in an effort to sort all this out.
"Privacy and Surveillance
Recommendation 4.47: Endorse national consistency in privacy-related regulations
Committee of Attorneys-General to endorse national consistency in all privacy related legislation based on the concept of minimum effective regulation.

Response-
The Australian Government agrees to the recommendation and supports the goal of national consistency in privacy-related legislation. At the April 2006 meeting of the Standing Committee of Attorneys-General, Attorneys-General agreed to establish a working group to advise Ministers on options for improving consistency in privacy
regulation, including workplace privacy. The working group will liaise with (and not duplicate the work of) the Australian Law Reform Commission (see recommendation4.48) in this area.
Recommendation 4.48: Undertake a comprehensive public review of privacy laws.
The Australian Government should commission a comprehensive, independent public review of privacy laws in Australia. The review should consider:
• the impact of privacy requirements on business compliance costs;

• all options for achieving effective nationally consistent privacy protection, including self-regulation and voluntary codes;

• whether there is a need to amend section 3 of the Privacy Act to remove any ambiguity about the regulatory intent of the private sector provisions;

• whether workplace privacy requirements unduly restrict business from meeting its obligations in other areas, including OH&S and fraud detection;

• the interaction of the Privacy Act with other Australian Government legislation including the Telecommunications Act and the Spam Act;

• the merits of developing a single set of privacy principles that could apply to both Australian Government agencies and private sector organisations; and

• the impact of privacy requirements on Government agencies sharing data.

Response-
The Australian Government agrees to the recommendation that a review of privacy laws is appropriate. A reference has been given to the Australian Law Reform Commission (ALRC) to conduct such a review. The NSW Law Reform Commission has been given a reference to work jointly with the ALRC on this matter. The Victorian Law Reform Commission has recently completed a report on workplace privacy".

Indian FOI activists on hunger strike

A lot of people get hot under the collar about FOI in Australia (see for example the comments that have been posted on the Sydney Morning Herald FOI blog), but this is nothing compared to what's going on in India.

Several FOI activists are on a hunger strike and there is a call for Indians worldwide to support a campaign to prevent a Government attempt to substantially amend the FOI Act within 12 months of its commencement. The issue revolves around a decision to exclude "file notings" (internal working documents in our context) except those relating to social and development issues, and other amendments to exempt the names of civil servants involved in decision making.

This blog gives some background from the perspective of an experienced civil servant.

You may, or may not wish to sign up for the fast, but you should be aware of the strength of commitment of some in other parts of the world to transparency and accountability in government.

Tuesday, August 15, 2006

Privacy Foundation call for transparency from access card Task Force

The Australian Privacy Foundation's Submission on the proposed national access card expresses strong concerns about the privacy implications and calls for all submissions received by the Task Force to be made publicly available.

NSW review processes give Bleak House a shake

Three recent ADT decisions illustrate that resolution of FOI and privacy matters by the Tribunal can involve long drawn out processes. At the end of the day despite many conferences and hearings neither of the two applicants in these cases have anything to show for a couple of years of endeavour.

The two FOI decisions involve the same parties, similar issues, and (unhelpfully) have been given the same citation by the Tribunal – Hutchison v Roads and Traffic Authority (No.2) (2006) NSWADT232 and Hutchinson v Roads and Traffic Authority (No.2) (2006) NSWADT 233.

Both originated with FOI applications in 2004, involved refusal on the grounds of substantial and unreasonable diversion of resources, and end up finally with decisions by the Tribunal to refuse to remit the matter for further consideration by the agency. The Tribunal in each instance acknowledged that this probably meant that the only avenue available to the applicant was to start the process all over again by making a fresh FOI application – almost 2 years after ADT review had been first sought.

In GR v Department of Housing (No.2) (2006) NSWADTAP 34 the Appeal Panel rejected an application to overturn a Tribunal finding that there had been no contravention of privacy principles and no basis for the award of damages. This matter started with an application for review of conduct in October 2002. The Tribunal originally found that a departmental officer’s comment to a radio program producer that GR was a “known troublemaker” was a breach of the disclosure principle in Section 18 of the Privacy and Personal Protection Act. It refused an application for damages. The Appeal Panel set aside the decision to refuse damages on the basis that the applicant had not been given sufficient opportunity to present evidence about the basis on which damages were sought.

Another Tribunal hearing followed but the day after the NSW Court of Appeal made a decision that only information recorded in some form in agency records was covered by the Act. Up to that time the Tribunal view was that the disclosure principles applied even to iinformation known to an agency employee but not recorded in any way. The Tribunal in December 2005 decided, in the light of the Court of Appeal ruling, that there had been no contravention in this case, and that there was no basis for an award of damages. It commented that if the information had been recorded, it would have awarded $15,000.

The applicant appealed this finding. The Appeal Panel after satisfying itself that the words “known troublemaker” or words to similar effect were not recorded in departmental records rejected the appeal.

The interesting legal issue in the decision involves consideration of the power of a tribunal to reopen a matter already determined in the light of a change in interpretation of the law by a binding higher court ruling.

Those of you who have been watching Bleak House on ABC TV recently will know about the slow grinding processes of the law in Dickensian times.

The more things change, the more they stay the same.

Monday, August 14, 2006

Call to raise the bar on accountability standards

In a paper released last week by the Australasian Study of Parliament Group, two former speakers of state houses of parliament and a group of academics have highlighted the low standards of accountability in all Australian jurisdictions.

“Why Accountability Must be Renewed” (expected to be available soon on their website) calls for reforms in parliamentary processes, and changes in FOI laws to ensure that government is accountable for its conduct of public functions.

This Sydney Morning Herald editorial and this opinion piece by Michelle Grattan in The Age support the proposals but neither are optimistic about the possible take up by governments that have redefined accountability obligations to suit their purposes.

Given their low credibility, would we believe either of our major political parties if they promised greater accountability anyway?

FOI in the news

Media reports based on FOI applications over the last 10 days include:

Sunday Age 6 August: “Simple as ABC Minister you help us, we’ll help you” – ABC Learning offered to work with the Federal Government to show that the coalition government had been proactive in addressing childcare issues.

Daily Telegraph 7 August:
Criminals off scot-free” – The NSW Government wrote off about $9million over the last 2 years owed by 1300 convicted criminals in compensation to victims of crime.

Little school in big crisis” – more than 1100 families are on waiting lists to get children into pre schools attached to public primary and infant schools across the state.

Herald Sun 7 August:
Brack’s $1million keen green spin machine” – the Victorian Department of Sustainability and Environment spent over $1million on 18 communications managers and advisors in the last 12 months.

Police reject 1 in 3” – almost a third of those who seek to join Victorian Police are rejected because of criminal histories, excessive driving offences, problems with physical fitness or a failure to pass personality tests.

The Australian 8 August: “PM’s department blocks release of papers behind IR reforms” – the Department of Prime Minister and Cabinet has issued a certificate to block access to papers concerning the development of the Government’s industrial relations reform.
Sydney Morning Herald FOI Editor Matthew Moore in his “What they won’t tell you” column on 12 August "Now don't you talk about that" commented that the public interest grounds given for the certificate suggest that public discussion should be limited to the law we now have – discussion about the options that might have improved the law are claimed not to be in the public interest

The Daily Telegraph 8 August: “Commissioner’s sins of omission” – Kelvin Bissett the Investigations Editor reflects on developments in the NSW Police Training College exposure and the attempts to block access to information.

The Herald Sun 9 August:
$1.7m fee to fill job vacancies” – the Victorian Government spent $1.7m on one head hunter to hand pick recruits for 98 public servant positions in 21 months.

Big spender resigns – Boss encouraged to jump” – the Melbourne Market Authority boss has resigned after the paper revealed details of $210,000 in expenses claimed over the last 5 years.

The Age 10 August: “ Government under fire over hidden documents” – the Victorian Opposition has claimed that the Director of Multicultural Affairs failed to advise the Department’s FOI Officer of documents held relevant to an FOI application in order to “avoid any embarrassment” for the Government in the lead up to the election.

Sydney Morning Herald 12 August: “Taronga needs a thick hide as price of bringing in elephants soars” – costs of bringing Asian elephants to the Taronga Zoo have climbed by $6million.

Sunday Herald Sun 13 August: “He looked Gracie in the eye, then he killed her” – documents about Victoria’s horrific 2004 murder of a pregnant woman and her daughter reveal details of police evidence.

Canberra Times 13 August: “Greenhouse water pollution report not so transparent” – Comcare has refused to release details of a report into heavy metal contamination (lead levels of 10 to 16 times the recommended level) of the Greenhouse Office’s water supply, and suggested the paper make an FOI application to the Office.

Herald Sun 14 August: “Wild over fat cat outing - $15,000 zoo trip but many still clueless” – the Victorian Office of Multicultural Affairs spent almost $15,000 on a 2 day management conference at Melbourne Zoo.

The Australian 14 August: “Serviced apartments stand ground – property operators of serviced apartments in NSW have hit back at allegations they offer shoddy services by pointing to data that there are only 284 complaints relating to holiday rentals in 2005.

Some links to free content are not available.

Thursday, August 10, 2006

NSW State Owned Corporations privacy puzzle

In a recent comment about the NSW Police and the loopholes in our privacy laws, we alluded to the fact that there is uncertainty in some quarters about what laws apply and to whom.

A classic example of confusion surrounds NSW State Owned Corporations (SOC). These statutory authorities are given special status by virtue of the State Owned Corporations Act. They are listed in Schedule 3 of the Act. They are not “incorporated” companies but legal entities created by the Act, and owned by “shareholding ministers on behalf of the NSW Government.

SOCs are specifically excluded from the definition of public sector agency by the NSW Privacy and Personal Information Protection Act. The Act does not apply to them in the handling of personal information. To the extent they hold any health information they are private sector bodies covered by HRIP Act.

The Federal Privacy Act has two regimes – one that relates to Federal public sector bodies; the other to private sector organisations that have a turnover in excess of $3million (and some others not relevant here).

State authorities are not covered by the provisions that apply to public sector organisations.

They are also not covered by the Act’s provisions that apply to private sector bodies, except where the Federal Government, acting at the request of the state concerned regulates to prescribe then as organisations.

Three NSW SOC’s – Country Energy, Energy Australia and Integral Energy Australia – have been prescribed as authorities for the purposes of the private sector provisions.

Other SOCs are not covered by any privacy law as the NSW Privacy Commissioner acknowledged in a submission to the Attorney General in June 2004. As he put it (page 127) “State Owned Corporations have fallen through a gap in privacy regulation”.

There is nothing to prevent SOCs from adopting a privacy policy reflecting legislative requirements. But as the Federal and state laws differ there is a question about what law they use as the basis for privacy policy.

Some SOCs are understandably confused.

NSW Lotteries for example, says that it is covered by the private sector provisions of the Federal Privacy Act. In its policy statement, after outlining its policy, it directs interested parties to the Federal Privacy Commissioner for more information.

When we inquired, and brought these issues to attention, NSW Lotteries told us its privacy statement was based on legal advice obtained in 2001 when the Federal private sector privacy law came into operation, and nothing had changed since.

When we asked the Federal Privacy Commissioner’s Office we were told it had no power to investigate a matter concerning any NSW State Authority other than those listed in the regulation referred to above. That is if it came to a complaint about NSW Lotteries it wouldn’t consider the matter. It might refer it to the NSW Privacy Commissioner (even though the NSW law does not apply to a SOC) and the Commissioner may have power to look into the complaint.

Another SOC Landcom, says in its Annual Report tht it's voluntarily committed to comply with both the NSW Act and the private sector provisions of the Federal Act (to the extent applicable). That’s clearly a bet each way.

Rail Corporation’s privacy statement on its website relates only to personal information collected from website users. It refers specifically to its obligations under NSW law.

Sydney Water says it voluntarily complies with the NSW Act. Perhaps recognising the “no man’s land” in which SOCs operate, its Annual Report last year said it had made a submission on this to the Attorney General's statutory review of the NSW Act. (The review has never been published despite the fact that the law required it to be tabled in Parliament almost 2 years ago).

I’m sure the SOCs referred to above and the others not mentioned in this comment (we haven’t researched the lot) have in place policies and procedures designed to protect personal and health information to ensure it is handled in a fair and reasonable manner. Hopefully all those millionaires created by NSW Lotteries, land purchasers from Landcom, and customers of Sydney Water and the Rail Corporation have nothing to be concerned about.

It’s just that if anyone did have a complaint about privacy arising from their dealings with these bodies, they shouldn’t expect to be able to insist on any statutory rights, or to be able to pursue review opportunities available to those dealing with organisations covered by legislated privacy obligations.

They won’t get past first base with the Federal Privacy Commissioner.

And the NSW Administrative Decisions Tribunal (which has authority to award up to $40,000 in the event of a breach of privacy that results in loss or damage) will tell them it has no jurisdiction to consider the privacy complaint against an NSW SOC.

Another fine NSW privacy mess, but all that is required to fix it is for the NSW Act to be amended to include SOCs, and for someone to then tell them what law applies and what it means.

Tuesday, August 08, 2006

Federal Commissioner to recommend compulsory notification of data security breaches

The Federal Privacy Commissioner plans to recommend to the Australian Law Reform Commission that a compulsory notification requirement be imposed where disclosure of personal information results from a security breach.

At present none of Australia's privacy laws impose a specific notification requirement although the Victorian Privacy Commissioner in a report (Report 01.06 Jenny's case) about Victoria's Police Integrity Commission concluded that such a notification was contemplated by that State's law given its object of protecting the privacy of individuals.

Privacy policy: "nothing is more important to us than your privacy"

The media including The Age "AOL apologises for privacy screw up" reports that AOL (Primus in Australia) released details of the internet activitity of 650,000 users to "assist research" but found that deleting the individual user details didn't protect privacy as all of the search/page details included doctors names, social security numbers and a wide range of other information that could be used to track down individuals.

The file has now been withdrawn by AOL but not before many had accessed and downloaded it.

Commission examining privacy regulation impact on medical research

The Federal Privacy Commissioner has released its submission to the Productivity Commission's Research Study into Public Support for Science and Innovation, in response to a request for advice on the interaction between privacy regulation and medical research.

The submission gives a good summary of the complex laws that apply in this field that led many researchers to bring these issues to the attention of the Privacy Commissioner and a Federal Parliamentary Committee when they looked at privacy in the private sector earlier this year.

Between the Productivity Commission and the Australian Law Reform Commission (already undertaking a review of privacy laws) they might come up with some answers to smooth the way for research that advances health objectives without adverse effect on privacy interests.

Monday, August 07, 2006

NSW Police dart and weave about privacy

In its report “Police bury years of sex abuse shame” on Saturday the Sydney Morning Herald quoted a spokeswoman for the NSW Police Commissioner that details of officers the subject of sexual misconduct complaints could not be released because of the Privacy and Personal Information Protection Act.

In a letter ("Policy hypocrisy and secrecy- not privacy") to the SMH today (link no longer available), Anna Johnston, Chairwoman of the Australian Privacy Foundation said she “nearly choked” when she read that the NSW Police suddenly cared about privacy. She said the Police routinely release information about people suspected of crimes, but point to privacy obligations when it comes to protecting their own.

This is part of a broader problem in NSW about who and what is covered by NSW privacy laws.

The legislation is full of exemptions that constitute loopholes in the coverage of public sector agency conduct in dealing with personal information. The Police for example can when it suits, reject privacy complaints from members of the public on the grounds that the information relates to core policing functions that are not covered by the Act. On other occassions they have argued that review of a complaint by the NSW Administrative Decisions Tribunal should not be heard because it relates to an individual arising from a complaint against an officer under the Police Act.

As Anna Johnston points out, the privacy legislation also does not apply to information about an officer’s suitability for employment.

However on this occassion the Police take refuge in BOTPA - "Because of the Privacy Act".

This crazy patchwork application of the law has been well known to the NSW Government for years but has now been palmed off to the NSW Law Reform Commission.

They'll see that the same loopholes aren't available to the Australian Federal Police and the Victorian Police under Federal and Victorian privacy laws.

Crackdown on motor vehicle registration details

We reported last week on the illegal sale of the names of motor vehicle license holders in Florida. Apparently its not the only place where this type of information has been publicly available. New Zealand is looking at changing its law that has permitted public inspection for a small fee, of the register of motor vehicles and some information has been available on the web.

The Transport Safety Minister says there has been widespread abuse of access with over 5.5 million requests last year – NZ’s entire population is just a shade over 4 million. Thanks to pogogwasright for this lead.

In Australia this type of information isn’t available as a matter of routine as the Hobart City Council recently lamented – its having trouble getting access to ownership details of interstate vehicles that cop a parking fine while their owners are holidaying in the apple isle.

Federal access card attracts plenty of interest

The Federal Government's Access Card Consumer and Task Force has recieved 70 submissions and completed two months of meetings with 50 consumer and privacy organisations on issues raised in its first discussion paper.

Submissions haven't yet been released by the Task Force but Victorian Privacy Commissioner Paul Chadwick on his last day before leaving office put these observations (submission dated 28 July) on the public record and gave the Task Force plenty to think about.

Meanwhile in the UK the House of Commons Science and Technology Committee is concerned about the way the UK Government is planning the proposed implementation of ID cards, citing an overemphasis on biometrics and limited input on other technology issues.

Sunday, August 06, 2006

FOI in the news

Media reports based on FOI applications over the last week included:

Sunday Age 30 July: “Games windfall bogus - money was due anyway” – The Victorian Government has been accused of exaggerating the financial benefit of the Commonwealth Games after it was revealed two-thirds of the money spent on the event would have come to Victoria anyway.

Herald Sun 31 July: “Haermeyer in European grand tour” – Victorian Minister Andre Haermeyer spent around $35,000 on a 16-day taxpayer-funded trip to Europe, including $10,000 on a motor vehicle kept on standby for up to 12 hours every day.

The Australian 4 August: “Pinder's war of independence” - The legal foundation for the Queensland Law Society is so flawed that the society's new president says it can be legally required to help promote government policies and is subject to a range of state laws, including theFOI Act.

Sydney Morning Herald 5 August: In his weekly “What they won’t tell you” column, FOI Editor Matthew Moore in “What price a new Police Force” recounts an unsuccessful attempt to obtain documents concerning the change of name (or reversion to a previous name) of the NSW Police – the Police claim to hold no documents, while the only document held by the Ministry for Police is said to be exempt as a Cabinet document.

News reports in the Daily Telegraph in the previous week about sexual misconduct at the NSW Police Training College based on documents obtained under FOI by Kelvin Bissett after a 12 month battle, have been followed by a range of other stories, and to the tabling of a report on "Misconduct at the NSW Police College" by the NSW Ombudsman. The Ombudsman says the FOI "application was refused, on the basis that any disclosure may be prejudicial to the proper working of NSW Police. It was only after the Ombudsman review this decision tha documents were recently provided to the journalist".

Sun Herald 6 August: “$7m spent to defend state MPs and staff "- The NSW Government has paid lawyers $6.9 million to defend ministers and staff who have appeared before official inquiries in the past three years. The payments include legal representation before the Independent Commission Against Corruption (ICAC), the Police Integrity Commission and the Ombudsman. This was just the tip of the iceberg, suggest figures obtained under freedom of information last week by the Opposition's Wastewatch Committee.

As usual some links to free content were not available.

Friday, August 04, 2006

ADT FOI decision: participation in Aboriginal Land Council meeting not personal affairs

In Parkinson v Worimi Local Aboriginal Land Council (2006) NSWADT 216 the NSW Administrative Decisions Tribunal decided that names of members of the Council, and those who attended a meeting to determine whether a parcel of land was or was not of cultural significance to Aborigines, was not exempt under the FOI Act.

It agreed that other information including date of birth and home address was information concerning personal affairs and that disclosure would be unreasonable (Clause 6 Schedule 1).

Some interesting arguments for and against disclosure were put by the applicant and the respondent, but in the end the Tribunal went back to basics – context determines whether a person’s name in the absence of other details is information concerning personal affairs. In this case names of members of the Council participating in a meeting required by the Aboriginal Land Rights Act would reveal nothing about personal affairs.

The Tribunal also found that information about a price that the Council would accept for sale of the land was exempt under Clause 7(1)(b) – information of a commercial value that would be destroyed or diminished by disclosure – but added that it wouldn’t have reached this conclusion if the land had already been sold.

Local work for transparency rewarded

The Ramon Magsaysay awards recognise outstanding achievement and leadership throughout Asia commemorating the courage and integrity of one of the great leaders of the Philippines .

It might just make some news here that one of Australia's late Fred Hollows’ trainees Sanduk Ruit was the winner of the 2006 award for Peace and International Understanding for his work in placing Nepal at the forefront of developing safe, effective and economical procedures for cataract surgery.

It probably won’t make any news that Arvind Kejriwal of India won the award for Emergent Leadership for his work in pursuing the “right to information movement at the grass roots, empowering New Delhi’s poorest citizens to fight corruption by holding government accountable to the people”.

Kejriwal, an officer with the Indian Revenue Service, founded Parivartan (Change) in 2000 and began a campaign for transparency in the tax department where the payment of bribes was expected as a matter of course.

He subsequently pursued rights under India’s Right to Information Act to obtain reports on public works projects which exposed misappropriations and embezzlement, and forced the government to take action to address high levels of theft in the provision of subsidised rations of wheat and rice for the poor.

Good to see an FOI activist like this get recognition.

It just so happens that the Indian Government is moving to tighten the law to reduce access to internal working documents, including the names of those who make government decisions.

Thursday, August 03, 2006

$US50 million settles confusion about privacy laws

Australia’s privacy laws are complex and confusing with doubt reigning in some quarters about scope and coverage and aspects of Federal and state law.

But this snafu in Florida takes the cake: a state authority sold a database of the names of 565,600 motor vehicle drivers (for a cent a name) to a bank that used them for direct mail advertising of an automobile loan offer. However a Federal law in the US at the time prohibited state authorities from selling driver license details.

The end result? A class action against the bank on behalf of the drivers affected was settled for $US50 million including $US10 million in lawyers’ fees.

There were some suggestions that the total compensation in this and some related cases could have run as high as $US40 billion.

The gap in Federal state laws was fixed in 2004.

One can only wonder about what happened to those involved in the Florida Department of Highway Safety and Motor Vehicles!

Privacy for pregnancy counselling at risk

The Australian Medical Association has expressed concern that the privacy of those who utilise the Federal Government funded pregnancy counselling service will be impacted as a result of the decision to assign a unique Medicare number to the services.

ADT FOI decision: caning for Corrective Services

In Ferns v Department of Corrective Services (2006) NSWADT 217 the NSW Administrative Decisions Tribunal considered whether a reasonable search for documents had been undertaken, and other issues concerning a claim for exemption, and a refusal to amend records. Judicial Member Montgomery was unimpressed by the Department’s record keeping and evidence or lack of it, regarding sufficiency of search for a document that clearly existed at one point but could not be located. He ordered a new, systematic, and thorough search be undertaken by an officer not previously involved in the matter.

The Tribunal also partially agreed with the applicant’s request for amendment of records. There is no discussion in the decision about whether the records in question contained matter concerning the personal affairs of the applicant, a prerequisite for exercise of rights to amendment under the FOI Act. The records in question clearly relate to work related matters that are not necessarily matters concerning a person’s “personal affairs”.

ADT FOI decision on 'whistleblower' exemption

In this fairly straightforward decision (McGuirk v University of NSW (2006) NSWADT 223) the NSW Administrative Decisions Tribunal found that a submission by the University in response to an invitation from the Ombudsman in the course of an investigation of a protected disclosure within the meaning of the Protected Disclosures Act, was an exempt document under Clause 20(1)(d) of the FOI Act. The Tribunal said that the exemption – for “matter relating to a protected disclosure” - should be given its widest possible meaning.

Rare sighting: new Federal privacy self regulation code approved

The Federal Government’s “light touch” approach to the regulation of information privacy issues for the private sector as enshrined in the Privacy Act provides for a degree of self regulation for industries or organisations that adopt an approved code of practice consistent with obligations under the law.

The take up rate on the offer suggests it hasn’t been an attractive option. Four codes have now been approved since 2001, and one, for the insurance industry was withdrawn after insurance companies showed no interest.

The Privacy Commissioner this week approved the latest code for the biometrics industry – its been working on this since 2003.

Wednesday, August 02, 2006

US funding FOI research to foil terrorists

FOI advocates in the US have been alarmed to learn that buried away in the Government’s budget documents is an allocation of $US1million to St. Mary’s University School of Law in Texas to undertake research on model FOI provisions that would prevent terrorists from accessing information about public infrastructure.

Their research will no doubt lead them to the unique exemption in the NSW FOI Act introduced in 2004 (Clause 4A Schedule 1) that protects information from disclosure if there is a reasonable expectation it could facilitate the commission of a terrorist act or prejudice the prevention of, preparedness against, response to or recovery from the commission of a terrorist act.

The one case that has come to light about the application of the exemption was a decision by the Administrative Decisions Tribunal that documents that would add to the currently available stock of photographs of the Sydney Harbour Bridge come within the exemption.

No one has really explained why NSW felt the need to pass special legislation to create this exemption (existing exemptions included one to cover security of a building or structure) but no other Australian jurisdiction has felt compelled to act.

Access to Police information: top brass should sort this out

“The police force admits it has a problem complying with FOI legislation with response taking 6 months. It claims its problems are the volume of applications, not a culture of secrecy.

NSW Police Commissioner Ken Moroney says his agency get more than 7000 requests a year to process. Most are personal applications for files.

“I regard the NSW Police as the most FOIed public sector organisation in this state,” he says. He says a further 12 staff will join the FOI unit increasing staff numbers to 21. A further $1million has been set aside to cover the costs”
One year to prise open secret files - Kelvin Bissett, Daily Telegraph 29 July.
“Bureaucratic delays have left NSW Police officers suspended on full pay for up to two years, costing taxpayers millions. The Sunday Telegraph has been told more than 150 officers are now suspended for alleged misconduct……
However the Police Force has refused to confirm how many officers are on suspension – and how many are on full pay.
Assistant Commissioner John Carroll said through a spokeswoman the numbers were not to be made public.
No reason was given for the secrecy.
The spokeswoman told the Sunday Telegraph to seek details through Freedom of Information”
Scores of police left in limbo – Neil Mercer Sunday Telegraph 30 July.

Commissioner Moroney says there are thousands out there who want information about themselves and its causing a resource problem – perhaps the answer is speedy administrative access rather than FOI for those who seek this information. Assistant Commissioner Carroll says the only way to get information about the Force is to make an FOI application when proactive disclosure of this information would avoid the perception there is a culture of secrecy.

Time for a chat?