The Senate Finance and Public Administration Legislation Committee (Senate Committee) has now released its report on the Exposure Draft of the new Australian Privacy Principles (APPs). The new APPs will form part of a new Privacy Act. This is the first of four parts to be released by the Senate Committee on the Australian Government's reforms to the Privacy Act 1988. The second part containing new credit reporting provisions and enhanced protections for the handling of credit reporting information is due to be released by the Senate Committee on 6 October 2011. Further parts to be released relate to health information and the functions and powers of the Australian Information Commissioner.
Some of the Key Recommendations of the Senate Committee in its Report are as follows:
(a) The Department should develop explanatory material to clarify the term "disclosure"; and
(b) The OAIC should develop guidance on the types of contractual arrangements required to comply with APP 8. (See further below).
Current National Privacy Principle 9 prohibits cross-border "transfers" of personal information unless an organisation falls under one of the listed exceptions. Corresponding new APP 8 allows for "disclosures" of personal information to an overseas recipient but renders the disclosing entity accountable for the overseas recipient's acts and practices unless the disclosing entity falls under a listed exception. The Government envisages that most Australian entities will have contractual arrangements to manage any increased liability and therefore the Senate Committee has called for guidance from the OAIC on these contractual arrangements as a matter of priority.
APP 8 is arguably wider than current NPP 9 as it is no longer limited to a "transfer" or cross border movement of personal information but now covers a mere "disclosure" of personal information. Such a disclosure could occur when an overseas recipient accesses personal information regardless of whether it is stored in Australia or elsewhere. The Government however, has stated that disclosure should not be taken to have occurred in situations where information is securely routed through servers outside of Australia. It will therefore be important for entities to ensure the security of their information systems.
The Senate Committee has recommended that the structure of the APPs be simplified to improve clarity but it is not expected that there will be significant redrafting of the APPs. However, it is likely that changes to entities' practices and policies will be required given the new requirements for privacy policies which will enable individuals to access additional information. The Senate Committee acknowledges that in some instances the compliance burden on entities may increase, however it is of the view that the benefits outweigh the compliance costs. Also, many principles include a "reasonableness" test for the matters or steps to be undertaken and therefore the Senate Committee is of the view that entities will have sufficient flexibility in complying with the APPs.
The Senate Committee will report on all four parts of the Australian Government's reforms to the Privacy Act 1988. It is likely that some consequential changes will need to be made to the APPs in order to make it clear how each part interacts. Once the Senate Committee has reported on all four parts and any recommendations are taken into account, all parts will be consolidated to comprise a new Privacy Act.
Be the first to receive the latest articles, news and publications.