Caslon Analytics elephant logo title for Aust Privacy profile
home | about | site use | resources | publications | timeline   spacer graphic   Ketupa
overview

framework

principles

coherence

1988 Act

other law

2000 Act

states

codes

money

media

health

genetic

adoption

policing

justice

crimes

homes

workplace

retail

venues

politics

cases 1

cases 2

landmarks











related pages icon
related
Guides:

Privacy

Secrecy




related pages icon
related
Profiles:

Human
Rights

Australian
Constitution
& Cyberspace

Credit
Reporting

Australia
Card

Registers

100 Points
Scheme

Intelligence
agencies

section heading icon     the 1988 Commonwealth Act

This page considers the national Privacy Act 1988, which (with substantial exceptions) deals with the operation of Commonwealth government agencies.

It covers -

As noted in the Privacy guide on this site, the Act essentially does not extend to state/local government agencies. They are instead covered by state/territory legislation, highlighted later in this profile.

subsection heading icon     introduction

The national Privacy Act 1988 (here), Commonwealth Act 119 of 1988, was a decade in gestation after proposals by the Whitlam government and developments overseas.

It was intended to cover the privacy practices of the federal bureaucracy - essentially how Canberra handles the data it collects about citizens, particularly citizens who are paying taxes (or not, as the case may be) or receiving financial benefits.

It has been sporadically augmented; most recently through extension - criticised by many as half-hearted - to the private sector.

The 1988 Act lays down privacy safeguards that Commonwealth and ACT government agencies must observe when collecting, storing, using and disclosing personal information.

The Act also gives individuals access and correction rights in relation to their own personal information that is held by government agencies, albeit with some exceptions that are highlighted below.

The 2000 extension to the private sector is discussed in more detail later in this profile. It involves a 'light touch' regulation of data collection and handling activity by many parts of the private sector, including online activity. As noted in the Privacy guide, expect episodic amendment of the Act until Australia meets international standards and consumer expectations.

subsection heading icon     structure

As passed (an archival copy is here) the Act had 101 sections.

Section 3 'saved' existing state/territory privacy legislation (highlighted later in this profile), indicating that

It is the intention of the Parliament that this Act is not to affect the operation of a law of a State or of a Territory that makes provision with respect to interferences with the privacy of persons and is capable of operating concurrently with this Act.

Section 4 bound the Crown in right of the Commonwealth, the States, the Northern Territory and Norfolk Island. Subsequent sections went on to identify data collection and data handling and to exclude some entities from coverage by the Act.

Section 13 identified 'Interferences with privacy of an individual' as an act or practice by an agency or a tax file number recipient that breaches an Information Privacy Principle in relation to personal information regarding that individual or that involves an unauthorised requirement or request for disclosure of the individual's tax file number. Those Information Privacy Principles (IIP) - featured in the preceding page of this profile - were identified in s 14, with sections 15 and 16 outlining their application. Section 17 provided guidelines regarding tax file number information.

Sections 19 through 69 established the statutory position of national Privacy Commissioner, dealing with that individual's appointment, responsibilities, powers and reporting.

Section 82 established a Privacy Advisory Committee, convened by the Privacy Commissioner and with up to six members appointed by the Governor-General (ie selected by the government of the day). The role of the Committee was to advise the Commissioner, recommend material for inclusion in guidelines issued by the Commissioner and (subject to any direction by the Commissioner) to engage in and promote community education/consultation regarding the protection of individual privacy.

Section 95 specified that the National Health & Medical Research Council may, with the approval of the Commissioner, issue guidelines for the protection of privacy in the conduct of medical research.

The Commissioner is required to publish an Annual Report.

subsection heading icon     coverage

The legislation broadly excludes records of the courts, of royal commissions, of government Ministers and of a range of national security and law enforcement agencies, including the -

  • Defence Signals Directorate
  • Joint Intelligence Organisation
  • National Crime Authority (as of 1988)
  • Australian Secret Intelligence Service
  • Australian Security Intelligence Organisation
  • Inspector-General of Intelligence & Security
  • Office of National Assessments
  • Defence Imagery & Geospatial Organisation
  • Australian Government Solicitor

Section 70 of the 1988 Act specifies that disclosure of certain documents and information is not required.

Exemption may occur through provison by the Attorney-General to the Commissioner of a certificate certifying that disclosure of information concerning a specified matter would be contrary to the public interest because it would -

  • prejudice the security, defence or international relations of
    Australia;
  • involve disclosure of communications between a Commonwealth and State Minister that would prejudice relations between the Commonwealth and State Governments;
  • involve disclosure of deliberations or decisions of Cabinet or
    of a Cabinet Committee;
  • involve disclosure of deliberations or advice of the Executive
    Council;
  • prejudice conduct of an investigation into crime or prejudice any individual's fair trial
  • disclose, or enable a person to ascertain, the existence or identity of a confidential information source regarding criminal law enforcement;
  • prejudice the effectiveness of the operational methods or
    investigative practices of criminal law enforcement agencies; or
  • endanger the life or physical safety of any person

subsection heading icon     evolution

Until the amendments of December 2000 it applied to the wider community (including the private sector and state/local government agencies) only in relation to specific categories of information: tax file number information and consumer credit information.

Since commencement of the Privacy Act the Privacy Commissioner's jurisdiction has been extended. 

In 1989, the Commissioner was given functions in relation to spent convictions information. In 1990 two major additions were made in the areas of credit reporting and data matching -  the first major extension to private sector activity. In 1991 amendments to the National Health Act embraced guidelines for the operation of the eligibility checking system between pharmacists and the Health Insurance Commission. The Telecommunications Act 1997 added oversight of self-regulation by telecommunications carriers and service providers.

The Commissioner has issued Tax File Number Guidelines (pdf) to restrict the use of data based on tax file numbers (TFNs), the unique identifiers issued by the Australian Taxation Office (ATO) to identify individuals, companies and others who lodge income tax returns with the office. 

Unauthorised use or disclosure of the numbers is an offence under the Taxation Administration Act 1953 (TAA) and aspects of the Income Tax Assessment Act 1936 (ITA). 

The Data-matching Program (Assistance & Tax) Act 1990 regulates the matching of records between the Australian Taxation Office and social service agencies using the tax file number. The Commonwealth Electoral & Referendum Amendment Act (No. 1) 1999 restricts commercial use of electoral roll data.

subsection marker icon     Credit Reporting

The Privacy Act provides safeguards for individuals in relation to consumer credit reporting (discussed in more detail here), in particular the handling of credit reports by credit reporting agencies and credit providers. 

It is meant to ensure that use of the data is restricted to assessing applications for credit and other legitimate activities relating to personal finance. It does not directly affect commercial credit information.

The Commissioner issues a legally binding Code of Conduct (PDF) for credit reporting, along with determinations that deal with such matters as identification of credit providers and the particulars permitted to be included in a credit information file.

subsection marker icon     Government Data-matching

Data-matching poses a particular threat to personal privacy because it involves analysing information about large numbers of people without prior cause for suspicion and because all applicants for government assistance must disclose their TFN. 

The Data-matching Program (Assistance & Tax) Act 1990 (DPAT) regulates use of tax file numbers in comparing personal information held by the ATO and by agencies such as Centrelink and the Department of Veterans' Affairs. Data-matching guidelines (pdf) were first issued in September 1991; revised guidelines came into effect in February 1995.

The Act and guidelines contain a number of technical controls and fairness provisions that are overseen by the Privacy Commissioner. The Commissioner has also issued advisory Guidelines For The Use of Data-Matching In Commonwealth Administration, intended for voluntary adoption by agencies conducting matching other than the programs specifically regulated by the 1990 Act. These guidelines therefore apply when the TFN is not used in the matching process.

Under the National Health Act the Privacy Commissioner issues separate Medicare & Pharmaceutical Benefits Programs Privacy Guidelines (PDF) cover management of data collected as part of the national health benefits schemes and primarily apply to the Health Insurance Commission and the federal Health Department. They identify data storage and data matching regimes.

The guidelines were first issued in 1993, with effect from April 1994, and were amended in October 1996.

section marker     registers

Federal, state/territory and local government agencies have compiled a wide range of registers of varying detail and comprehensiveness. Provision of information for those registers is often mandatory: it is required by law as a condition of gaining a licence from government or receiving services from government and may be accompanied by penalties for knowingly supplying false/misleading information.

It is thus different to provision of much information in the private sector, where for example individuals have a choice of trading information for some benefit or merely volunteering that information.

An indication of those registers is provided in a supplementary multi-page note here.





icon for link to next page   next page (other Commonwealth privacy law)



this site
the web

Google

version of August 2005
© Bruce Arnold
caslon.com.au | caslon analytics