Privacy issues when the police come calling

The report by Queensland Privacy Commissioner Linda Mathews following an own-motion investigation into police access to go-card data in the electronic ticketing system used in South East Queensland by Translink discovered no evidence of wrongdoing. Under the Information Privacy Act Translink had a discretion to respond by disclosing personal information to a law enforcement authority.  However when a request was made Translink had simply taken the police at their word. Although the Commissioner found all police requests were for legitimate purposes, Translink failed to satisfy itself on reasonable grounds as required by the act, that the disclosure was necessary:
• for the prevention, detection, investigation, prosecution or punishment of criminal offences or other breaches of the law, or
• to lessen or prevent a serious threat to the life, health, safety or welfare of an individual or to public health, safety or welfare.

Translink and Queensland Police have already made changes to procedures. The Commissioner makes a number of recommendations (Chapter 10) for further improving Police and Translink privacy practices.

I have a sneaking suspicion Translink is not unique in Queensland or elsewhere where similar laws apply for that matter. There may be a tendency in some agencies to be overly responsive to requests for information by the police that don't involve the use of their coercive powers, without adequate internal processes overseen by someone familiar with privacy law requirements.