Page 1575 - Week 05 - Thursday, 15 May 2014
Next page . . . . Previous page . . . . Speeches . . . . Contents . . . . Debates(HTML) . . . . PDF . . . . Video
it is now some 25 years since the first Australian privacy act; so public sector agencies are very used to working within a privacy framework. Most critically, members of the public expect, and should be entitled to expect, that their personal information will be treated with due care and respect.
As I noted when I introduced the bill, the TPPs can be broadly characterised into principles that require public sector agencies to consider the privacy of personal information, principles that deal with the collection of personal information, principles that cover how agencies use and disclose that information, principles that set out rules for the quality and security of personal information and principles that deal with requests by the public to access and correct personal information held by public sector agencies.
Notice is required for collection. The collection, use and disclosure of information must be for a purpose related to the agency’s functions, and individuals must be given the opportunity to access and correct their personal information.
Public sector agencies must build the TPPs into their privacy policies, procedures and practices. Developing standardised systems for the management of information will promote efficiency and will reduce the risk of data breaches.
Proper management of information builds trust in public sector agencies, contributes to open and transparent governance. Under section 20 there is a general obligation that a public sector agency must not do an act or engage in a practice that breaches a TPP.
Section 25 provides limited exemptions for certain public sector agencies from the requirements of the TPPs in relation to specific acts and practices. These exemptions are continued from the current privacy legislation and reflect traditional separation of powers and privilege concerns. For example, acts or practices relating to the judicial affairs of ACT courts are not considered to be acts or practices regulated by the legislation, nor are acts or practices of the Office of the Legislative Assembly or ministers when they do not relate to the exercise of its administrative functions.
Section 12 sets out that an act or practice is a breach of a TPP if the act or practice is contrary to or inconsistent with the TPP. Section 11 provides that where an agency breaches a TPP in relation to personal information about that individual, this will amount to an interference with the privacy of an individual.
If an individual believes their privacy has been the subject of interference, the bill provides for a comprehensive mechanism for handling those complaints. As part of that mechanism, agencies are required to develop internal complaints-handling procedures with a view to early resolution of the complaint. An individual who believes that their privacy has been interfered with may make a privacy complaint to the Information Privacy Commissioner. The bill also provides for such a commissioner, appointed by the executive under section 26, to receive and investigate privacy complaints.
If a person is not appointed, the bill allows me, as the administering minister, to enter into arrangements with the commissioner of another jurisdiction to perform one or
Next page . . . . Previous page . . . . Speeches . . . . Contents . . . . Debates(HTML) . . . . PDF . . . . Video