Privacy Legislation
The Privacy Act 1988 is the principal piece of legislation providing protection of personal information in the federal public sector and in the private sector (other statutory provisions also affect privacy). There are also separate privacy regimes applying to state and territory public sectors.
The Privacy Act provides 11 Information Privacy Principles for the federal public sector and 10 National Privacy Principles for private sector organisations. These Privacy Principles deal with all stages of the processing of personal information, setting out standards for the collection, use, disclosure, quality and security of personal information. They also create rights of access to, and correction of, an individual’s own personal information.
The Privacy Act also establishes the Office of the Privacy Commissioner which is responsible for, among other things, investigating breaches of the Information Privacy Principles and National Privacy Principles.
ALRC review of the Privacy Act
On 31 January 2006, the Australian Law Reform Commission (ALRC) received a reference from the then Attorney-General to review the extent to which the Privacy Act and related laws continue to provide an effective framework for the protection of privacy in Australia. The ALRC released two issues papers over the course of its review and in September 2007 released a discussion paper seeking community feedback on 301 proposals for reform. The ALRC’s final report was delivered to the Attorney-General on 30 May 2008 and will be tabled in Parliament and publicly released by 28 August 2008. Further information about the review can be found on the ALRC’s website.
Government responses to previous Privacy Act reports
Privacy Commissioner’s Report
In August 2004, the then Attorney-General requested the Privacy Commissioner to undertake a review of the private sector provisions of the Privacy Act. On 31 March 2005, the Privacy Commissioner published her report entitled Getting in on the Act: The Review of the Private Sector Provisions of the Privacy Act 1988.
The Government released its response to the report on 30 November 2006.
Senate Legal and Constitutional Committee’s Report
On 9 December 2004, the Senate agreed to undertake an inquiry into the overall effectiveness and appropriateness of the Privacy Act. The inquiry was referred to the Senate Legal and Constitutional Committee and on 23 June 2005, the Committee published its report entitled The real Big Brother: Inquiry into the Privacy Act 1988.
The Government tabled its response to the report in Parliament on 30 November 2006.
- Government Response to the Senate Legal and Constitutional References Committee Report - RTF 68KB | PDF 23KB
The main recommendation in both reports was that Australia’s privacy laws require wider review. This resulted in the reference to the ALRC to conduct a broad review of the Privacy Act.
Extension of the Privacy Act to cover all small business Residential Tenancy Database operators
In the March 2005 review of the Privacy Act, Privacy Commissioner Karen Curtis recommended the Government make it clear that tenancy database operators are covered by the Privacy Act. This recommendation was endorsed by the joint Ministerial Working party Report on Residential Tenancy Databases. The report recommended that the Commonwealth make regulations under s 6E of the Privacy Act to provide that the Act would apply to all RTD operators who are small businesses.
Following consultations with stakeholders, the Privacy (Private Sector) Amendment Regulations 2007 (No 3) were made on 9 August 2007. These Regulations amend the Privacy (Private Sector) Regulations 2001 to provide that under s 6E(2) of the Privacy Act, a small business which operates a residential tenancy database and undertakes certain acts and practices is prescribed as an organisation.