Resources

2015 Submission to the Parliamentary Joint Committee on Intelligence and Security Inquiry on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014

Excerpt: There are 31 serious, unanswered questions about the mandatory data retention scheme proposed in the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 (the Bill). Given the uncertainty about fundamental aspects of the scheme, the LIV agrees with the Law Council of Australia's (LCA) policy position of opposing the currently proposed mandatory data retention scheme in the Bill. As the then LCA President, Mr Michael Colbran QC, has stated, there must be a proper analysis of the proposed provisions and:

  • any mandatory data retention scheme must be shown by the Government to be reasonable, necessary and proportionate to a legitimate purpose.

Preventing and enforcing serious crime is a legitimate purpose, however that does not of itself justify mass data retention. Even if the need for mass data retention could be demonstrated to be in the public interest, this Bill is profoundly flawed, as outlined in this submission. This Bill is not limited to the stated objectives connected with making Australians safer from serious crime and threats to national security. Data retained under this Bill can be accessed for purposes far beyond serious crime.

The LIV is very concerned about the impact of the Bill on the fundamental human rights of all Australians, such as the rights to privacy, freedom of expression and freedom of association. Preserving these rights is essential to the functioning of a democratic society. The Bill fails to address these concerns.

Read the submission (PDF)

2016 Submission to the Productivity Commission on Data Availability and Use

Excerpt: The Law Institute of Victoria (LIV) appreciates the opportunity to contribute to the Productivity Commission's Inquiry into Data Availability and Use (Inquiry) and to make a submission on the Data Availability and Use Issues Paper (Issues Paper). The LIV has considered the questions posed in the Issues Paper and offers comments on issues of general application.

1. An integrated approach to privacy

The LIV understands that the Productivity Commission seeks to balance the benefits of greater disclosure and use of data with protecting the privacy of the individual. The LIV is concerned that the Issues Paper maintains the notion that privacy and economic value are trade-offs, and that enhancing one necessarily means sacrificing the other.

The LIV considers this approach to be too limiting, and recommends that the Productivity Commission explore how privacy and economic value can be integrated, rather than be seen as opposing interests.

The LIV recommends a "privacy by design" approach be adopted as the starting point for any consideration of increasing data availability, where privacy is "built in" to the design of data collection, retention and sharing processes, to ensure that privacy is considered before and during the development and implementation of initiatives that involve the collection and handling of personal information.

Read the submission (PDF)

Privacy Bodies

Office of the Australian Information Commissioner (OAIC)

The OAIC is an independent statutory agency within the Attorney General's portfolio. The OAIC's primary functions are in relation to privacy, freedom of information, and government information policy. The OAIC's responsibilities include conducting investigations, reviewing decisions made under the FOI Act, handling complaints, monitoring agency administration, and providing advice to the public, government agencies and businesses.

Commissioner for Privacy and Data Protection (CPDP)

The Office for the Commissioner for Privacy and Data Protection (CPDP) administers the Privacy and Data Protection Act 2014 (PDPA).

The key functions of the Commissioner with regard to information privacy are:

  • to promote awareness and understanding of the Information Privacy Principles (IPPs)
  • to receive complaints about possible breaches of the IPPs by public sector organisations and local government
  • to conduct audits to assess compliance with the IPPs
  • to undertake research, issue reports, guidelines and other materials with regard to information privacy.

The key functions of the Commissioner with regard to protective data security and law enforcement data security are:

  • to develop the Victorian Protective Data Security Framework
  • to issue protective data security standards and law enforcement data security standards
  • to conduct monitoring and assurance activities to assess compliance with those standards
  • to undertake research, issue reports, guidelines and other materials with regard to protective data security.

Health Complaints Commissioner

The Health Complaints Commissioner resolves complaints about health services and the handling of health information in Victoria under the Health Complaints Act 2016 (Vic) and the Health Records Act 2001 (Vic). The HCC is independent and impartial.

Privacy Specific Legislation

Privacy Act 1988 (Cth)  

The Privacy Act regulates how personal information is handled, and also includes thirteen Australian Privacy Principles (APPs).

Privacy and Data Protection Act 2014 (Vic)

The Privacy and Data Protection Act governs the collection and handling of personal information (excluding health information) in the Victorian public sector and, uniquely, provides for the establishment of a protective data security regime for the Victorian public sector. The Act also contains provisions to ensure the security of law enforcement data.

Freedom of Information Act 1982 (Cth)

The FOI Act confers a right of access to documents in the possession of Australian Government ministers and most agencies.

Freedom of Information Act 1982 (Vic)

Victoria's Freedom of Information Act 1982 gives members of the public the right to apply for access to information held by ministers, state government departments, local councils, public hospitals, most semi-government agencies and statutory authorities.

My Health Records Act 2012 (Cth)

The My Health Record system is the Australian government's digital health record system, which provides data regarding an individual's health information. The system allows a person's hospitals, doctors, and other healthcare providers to view the person's health information. The My Health Records Act 2012 creates the legislative structure for the My Health Record system.

Health Records Act 2001 (Vic)

The Health Records Act covers various standards, referred to as "Health Privacy Principles", for how your health information is handled by private and public health service providers (such as doctors and other health services) and many other organisations (such as schools and employers). The Act also covers your rights to access your health records in the private sector.

Surveillance Devices Act 1999 (Vic)

The Surveillance Devices Act regulates the installation, use, and maintenance of surveillance devices.

Charter of Human Rights and Responsibilities Act 2006 (Vic)

Section 13 of the Charter concerns privacy and reputation.

Data-Matching Program (Assistance and Tax) Act 1990 (Cth)

This Act sets out requirements in relation to the practice of "data-matching" between certain agencies to detect erroneous payments. In particular, this Act regulates how the Australian Taxation Office and agencies that assist it (such as the Department of Human Affairs and the Department of Veteran's Affairs), utilise tax file numbers to compare personal information in order to detect incorrect payments.

Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 (Cth)

The Telecommunications (Interception and Access) Amendment (Data Retention) Act amends the Telecommunications (Interception and Access) Act 1979 (TIA Act) and the Telecommunications Act 1997 (The Telecommunications Act) to introduce a statutory obligation for Australian telecommunication service providers to retain, for a period of two years, particular types of telecommunications data (metadata) and introduces certain reforms to the regimes applying to the access of stored communications and telecommunications data under the TIA Act.

Australian Information Commissioner Act 2010 (Cth)

The Australian Information Commissioner Act 2010 (AIC Act) establishes the Office of the Australian Information Commissioner (OAIC). The AIC Act commenced on 1 November 2010. It provides for the appointment of the Australian Information Commissioner (Information Commissioner), the Privacy Commissioner and the Freedom of Information Commissioner (FOI Commissioner).

Privacy Relevant Legislation

Personal Property Securities Act 2009 (Cth)

The PPSA created a single, nationwide, virtual Personal Properties Securities Register, which allows businesses and lenders to register their security interests over personal property. The Register includes personal information of the grantor, such as their name and date of birth (in cases where the grantor is an individual). The PPSA provides numerous methods to help protect individual grantors and members of the community from misuse of the Register.

National Health Act 1953 (Cth)

The Australian Government collects information through the Medicare and Pharmaceutical Benefits schemes. The National Health Act issues legally binding guidelines in relation to the handling of this information, in conjunction to regulation under the Privacy Act and other associated guidelines.

Crimes Act 1914 (Cth)

Criminal record information is considered a subset of "personal information" under the Privacy Act. The Crimes Act establishes the Commonwealth Spent Convictions Scheme, which permits an individual to not divulge certain criminal convictions after a particular period of good behaviour. There is also a prohibition against unsanctioned use and disclosure of this information.

Telecommunications Act 1997 (Cth)

The Telecommunications Act contains numerous provisions concerning personal information in the possession of carriers, carriage service providers, and others.

Telecommunications (Interception and Access) Act 1979 (Cth)

Under the TIA Act, ASIO and certain Australian law enforcement agencies may provide authorisation for the divulgement of telecommunications data by a carrier or carriage service provider, including telecommunications data collected and retained under the new data retention scheme.

Information Privacy Act 2014 (ACT)

The Information Privacy Act provides a regulatory framework for the handling of personal information by ACT public sector agencies. The Act includes a suite of Territory Privacy Principles, which concern the collection, use, storage, and disclosure of personal information, and a person's access to and correction of that information.  

Anti-Money Laundering and Counter-Terrorism Financing Act 2006

The Anti-Money Laundering Act seeks to eliminate money laundering and terrorism financing through the imposition of various obligations on the financial sector, gambling sector, money transfer services, bullion dealers, and other professionals or businesses that provide "designated services". The Act includes obligations concerning collecting and verifying certain "know your customer" information about a customer's identity when providing those services.

Civic Groups

The Australian Privacy Foundation

The Australian Privacy Foundation is the primary association dedicated to protecting the privacy rights of Australians. The Foundation aims to focus public attention on emerging issues which pose a threat to the freedom and privacy of Australians. The Foundation has led the fight to defend the right of individuals to control their personal information and to be free of excessive intrusions.

The Privacy Foundation plays a unique role as a non-government organisation active on a wide range of privacy issues. It works with consumer organisations, civil liberties councils, professional associations and other community groups on specific privacy issues. The Privacy Foundation is also a participant in Privacy International, the world-wide privacy protection network. Where possible, it cooperates with and supports official agencies, but it is entirely independent – and often critical – of the performance of agencies set up to protect our privacy.

Digital Rights Watch

Digital Rights Watch (DRW) is a charity organisation founded in 2016 whose mission is to ensure that Australian citizens are equipped, empowered and enabled to uphold their digital rights. DRW educates, campaigns, lobbies and advocates for a digital environment where individuals have the power to maintain their human rights.

Institute of Public Affairs

The IPA is an independent, non-profit, public policy think-tank, dedicated to preserving and strengthening the foundations of economic and political freedom.

Resources on Common Law Protections Relevant to Privacy

Legal Professional Privilege

Privilege against self-incrimination

Data Protection Laws of the World

Law firm, DLA Piper, provides a comparison of data protection laws around the world.

Resources on Technology that is Affecting Privacy

Drones

The Internet of Things

Guidelines