Galexia
             home
       about us
        services
        projects
       research
          contact
» home » research » assets » online consumer protection 2008  

Subscribe to Galexia news and announcements.
More information »

Electronic Authentication: Advice, Analysis and Strategy. Galexia provides electronic authentication advice with a focus on whole-of-sector/enterprise strategies and solutions. Find out more »

[2016 Global Cloud Computing Readiness Scorecard]

2016 Global Cloud Computing Readiness Scorecard
Find out more »

Australian and regional regulatory responses to the key challenges of consumer protection in electronic commerce (March 2008)

[« previous] [next »] [up] [title page] [full contents]

3.3. Privacy and data protection


[ Galexia Dots ]

3.3.1. Current privacy protection

Australia has the following general privacy legislation (or guidelines) in place:

 

Jurisdiction

Legislation / Standard

Regulator

Cth

Privacy Act 1988 (Cth)

Federal Privacy Commissioner

ACT

Privacy Act 1988 (Cth)

Federal Privacy Commissioner

NSW

Privacy and Personal Information Protection Act 1998 (NSW)

NSW Privacy Commissioner

NT

Information Act 2002 (NT)

NT Information Commissioner

Qld

Information Standard 42

Queensland Ombudsman

SA

Cabinet Administrative Instruction 1/89

Privacy Committee of South Australia

Tas

Personal Information Protection Act 2004 (Tas)

Department of Justice

Vic

Information Privacy Act 2000 (Vic)

Victorian Privacy Commissioner

WA

Not yet enacted[31]

 

The State and Territory legislation in this list generally applies to the activities of State and Territory public sector agencies.

The key legislation for privacy in e-commerce is the current Commonwealth privacy legislation – the Privacy Act.[32] The Act sets out the Information Privacy Principles (IPPs), which regulate the collection, use and disclosure of personal information by Australian government agencies. The Act also includes a complaints, audit and enforcement regime.

The Commonwealth legislation applies to both the Australian Government public sector, and significant parts of the private sector. However two different standards of privacy protection exist in the Commonwealth legislation:

  • Information Privacy Principles (IPPs)
    Eleven IPPs that apply to Commonwealth and ACT government agencies.
  • National Privacy Principles (NPPs)
    The Privacy Act was amended in 2001 to include ten NPPs that apply to parts of the private sector (those that earn more than $3 million annually and all health service providers).[33]

The NPPs cover:

  • Principle 1 – Fair Collection
    Collection of personal information is only allowed if it is necessary for the function or activity of the organisation. Organisations must explain their information practices to individuals at the time when they collect their personal information.
  • Principle 2 – Use and disclosure
    Personal information should generally not be used or disclosed for the purpose other than for which it is collected without the consent of the individual concerned.
  • Principle 3 – Data quality
    Organisations must take reasonable steps to ensure that personal information collected, used or disclosed by them is accurate, complete and up to date.
  • Principle 4 – Data security
    Organisations must take reasonable steps to protect personal information they hold from unauthorised access, and must not hold data longer than needed.
  • Principle 5 – Openness
    Organisations must clearly express and make available their policies about how they collect, hold, use and disclose personal information.
  • Principle 6 – Access and correction
    Organisations must provide individuals with access to information they hold about them on request and must correct that information if it is not accurate, complete and up to date.
  • Principle 7 – Identifiers
    An organisation must not adopt as its own identifier of an individual an identifier of the individual that has been assigned by an agency or Commonwealth provider.
  • Principle 8 – Anonymity
    Where lawful and practical, individuals must be given the option of remaining anonymous when entering into a transaction with an organisation.
  • Principle 9 – Transborder data flows
    An organisation in Australia may transfer personal information about an individual to someone who is in a foreign country only if they believe the organisation upholds similar principles of fair data handling or it is for the benefit of the individual.
  • Principle 10 – Sensitive information
    An organisation must not collect sensitive information about individuals unless the individual consents, or if the organisation is required to do so by law.

3.3.2. Potential Privacy Law Reform

Commonwealth privacy legislation is currently the subject of a review by the Australian Law Reform Commission (ALRC). The ALRC review builds on earlier work by a Senate Committee and by the Office of the Privacy Commissioner. It is likely that significant changes to the IPPs and NPPs may result from this review.

  • Office of the Privacy Commissioner (OPC) Review (2005)[34]
    The OPC Review focused on the private sector provisions of the Privacy Act. A final report was published in May 2005 and included several important recommendations for achieving greater consistency in Australian privacy legislation. The Government has not responded to these recommendations.
  • Australian Law Reform Commission (ALRC) Review (2006-2008)[35]
    The ALRC has been given broad terms of reference to review all aspects of Australian privacy law, including the matters raised in the earlier OPC review. This review will also cover the public sector provisions of the Privacy Act.

The ALRC is now due to report at the end of May 2008, and the Government’s response to the report may take several months after this to prepare. The implementation of any recommendations will take longer.

[31] Information Privacy Bill 2007 (WA), <http://www.parliament.wa.gov.au/parliament/bills.nsf/B76E4F86BE5ACCADC82572AB002D2C7F/$File/Bill+193-1.pdf>.

[32] Privacy Act 1988 (Cth), <http://www.comlaw.gov.au/>.

[33] Privacy Amendment (Private Sector) Act 2000 (Cth), <http://www.comlaw.gov.au>.

[34] Office of the Privacy Commissioner, The Review of the Private Sector Provisions of the Privacy Act 1988, March 2005, <http://www.privacy.gov.au/act/review/review2005.htm>.

[35] Australian Law Reform Commission, Review of Privacy, <http://www.alrc.gov.au/inquiries/current/privacy/index.htm>.

[« previous] [next »] [up] [title page] [full contents]

[view all] [download PDF version]

[up to research]

 

Search for:

HERE

PrintVersionprint this page

Sitemapsitemap

Subcribe to RSS newsrss news feed

Manage email subscriptionsmanage email subscriptions

Latest News

September 2019
Register of Public Galexia PIAs. Read more »

September 2019
Updates to Galexia Website. Read more »

September 2019
PM&C / Office of the National Data Commissioner (ONDC) releases Discussion Paper and accepts recommendations from Galexia’s PIA on the proposed Data Sharing and Release legislative framework. Read more »

August 2019
Galexia providing privacy advice and an independent public Privacy Impact Assessment (PIA) on 2021 Census for ABS. Read more »

June 2019
Galexia completes privacy advice and an independent Privacy Impact Assessment (PIA) on the Naval Shipbuilding College Workforce Register. Read more »

view all news items »

[Home] [Sitemap] [Print this page] [Privacy statement]

© Galexia Pty Ltd
Telephone: +61 (02) 9660 1111
Email: [email protected]