The process of reviewing and reforming the main law protecting privacy in Australia, the Privacy Act 1988, had all but stalled by 30 June this year.
Now the process has been revived by the Minister for Privacy, Brendan O'Connor. On 21 July he announced he would release a discussion paper on whether to introduce a statutory cause of action for serious invasions of privacy. The debate rapidly expanded to other aspects of reform of the Act, starting with "Labor urged to comply with Privacy Act reform" which appeared almost immediately.
The reform process has been a long time coming.
In fact, it was initiated in 2000! The history since has been long.
That's right. In his Second Reading Speech when introducing the Privacy Amendment (Private Sector) Bill 2000, the then Attorney-General accepted my previous recommendation to him by giving the following undertaking:
"This bill establishes a new approach to the protection and handling of personal information in the private sector. Because our approach is unique, I believe it would be extremely useful to have a report on the operation of the legislation in due course to ensure that it is achieving all our goals. I will ask the Privacy Commissioner to conduct a formal review of the operation of the legislation, and of all the exemptions, in consultation with key stakeholders after it has been in operation for two years."
The Attorney-General's successor fulfilled the undertaking in August 2004 when he announced the terms of reference for the review.
The Commissioner, my successor Karen Curtis, in turn reported in March 2005 with her comprehensive report "Getting in on the Act".
The first and main recommendation of the review was that:
"The Australian Government should consider undertaking a wider review of privacy laws in Australia to ensure that in the 21st century the legislation best serves the needs of Australia".
And in January 2006, the then Attorney-General announced the referral to the Australian Law Reform Commission.
The resulting report by the ALRC Report 108, "For Your Information: Australian Privacy Law and Practice" was released in August 2008 and was a monster.
In fact, its size has proved to be part of the problem - in all, 295 Recommendations. The Special Minister of State of the day announced that the government response would be issued in two stages.
On 14 October 2009, the then Cabinet Secretary, Senator the Hon Joe Ludwig publicly released the Australian Government’s First Stage Response to the ALRC report.
Unfortunately, some very important recommendations were left to the second stage, including the recommendations calling for:
- a statutory cause of action for serious invasions of privacy
- reduction or elimination of various exemptions from the law, including for journalism and the media, political parties and process, small business and employee records
- data breach notification
And from there, the process got slower. The First Stage response was further subdivided into 4 parts which were to be referred to the Senate Finance and Public Administration Committee for report by 30 June 2011. However by 30 June, the Committee had received only two of the four and had reported on only one: Report Part 1 – Australian Privacy Principles.
Now that the process has been revived, it will be essential that the discussion is fact based and balanced. In particular, the media exemption, the political process exemption and the statutory cause of action all need to be considered objectively but run the risk of not being accorded that objectivity.
Objectivity in these discussions is something I strived to achieve in my time as Privacy Commissioner between 1999 and 2004 and since, applying the same perspective equally to all political parties, the whole political process and the media.
I have not and do not single out any political party for particular attention on these matters. It is a totally apolitical perspective, taken in the best interests of Australians as private citizens and as voters in a true democracy.
I have been on the record since 2000 with the clear view that the exemptions to the Privacy Act need reconsideration. See for example my submission to the House of Representatives Standing Committee on Legal and Constitutional Affairs Inquiry Into the Privacy Amendment (Private Sector) Bill 2000, in May 2000 and later my submission to the Senate Legal and Constitutional Legislation Committee Inquiry into the Provisions of the Privacy Amendment (Private Sector) Bill 2000 in September 2000.
I made these submissions as Privacy Commissioner when the Government of the day was the Liberal-National Party Coalition. I continue to urge the current Government of the day to reconsider the exemptions in similar terms.
The Australian Law Reform Commission held a similar view in 2008 with Recommendation 41 in “For Your Information”.
Part of the debate has got off to a good start, especially the Opinion piece on 23 July by Peter van Onselen in The Australian, titled "Political parties violate our rights to privacy".
It is a pity that some of the other reporting over the last few days has not been as similarly objective.
Let's ensure that the revival addresses all the issues and is balanced.
Malcolm Crompton is Managing Director of Information Integrity Solutions (IIS), a globally connected company that works with public sector and private sector organisations to help them build customer trust through respect for the customer and their personal information. He was also foundation President of the International Association of Privacy Professionals, Australia New Zealand, www.iappANZ.org.