Page 621 - Week 02 - Thursday, 20 March 2014
Next page . . . . Previous page . . . . Speeches . . . . Contents . . . . Debates(HTML) . . . . PDF . . . . Video
These principles can be broadly categorised into principles that require public sector agencies to consider the privacy of personal information, principles that deal with the collection of personal information, principles that cover how agencies use and disclose that information, principles that set out rules for the quality and security of personal information, and principles that deal with requests by the public to access and correct personal information held by public sector agencies.
Consistent with the definition recommended by the ALRC, personal information is defined in the bill as meaning information or an opinion about an identified individual or an individual who is reasonably identifiable, whether or not the information or opinion is true and whether or not the information is recorded in a material form. This definition is sufficiently broad to cover the whole gamut of information which can be collected by the public sector, whether solicited or not. It does not, however, include personal health information. This will continue to be regulated under the Health Records (Privacy and Access) Act 2011.
The bill also provides additional protections for sensitive information, which is personal information about a person’s racial or ethnic origin, political opinion, membership of a profession or association, political organisation or trade union, religious or philosophical belief; sexual orientation and practice, or criminal record.
The bill introduces new language to describe key privacy concepts, but I want to stress that the key concepts that have been the backbone of privacy law in the ACT for the last decade do not change substantially as a result. The territory privacy principles, or TPPs, embody a number of themes previously contained in but not consolidated in the information privacy principles and the national privacy principles. They take into account how we must manage the vastly increasing amount of information being generated in a rapidly changing technological landscape. Indeed, one of the core propositions of these reforms is that agencies must protect personal information by managing that information in a responsible and transparent way.
I will briefly speak about the main TPPs and how they contribute to effective protection of personal information throughout the information lifecycle. TPP 1 requires that agencies take reasonable steps to implement practices, procedures and systems that will ensure that the agency is able to manage personal information in an open and transparent way. Transparency is also a key concern for their customers, who expect that their personal information will be respected but also that it not be subjected to blunt controls that prevent government areas from dealing efficiently and effectively with each other.
One of the main purposes of the bill is to recognise that the protection of the privacy of individuals is balanced with the interests of public sector agencies in carrying out their functions or activities. The government is committed to a one-service approach to government, where barriers to sharing information as necessary are minimised while any sharing of information is done in a way that respects an individual’s right to privacy. The challenge is to embed control and consent principles in the management of personal information to create a beneficial dialogue between public sector agencies and their customers in the general public.
Next page . . . . Previous page . . . . Speeches . . . . Contents . . . . Debates(HTML) . . . . PDF . . . . Video