Ursula Stephens (NSW, Australian Labor Party) Share this | Link to this | Hansard source

I seek leave to revisit for one moment the Finance and Public Administration Legislation Committee.

Leave granted.

Following the notice that I gave about presenting the final report on 30 September 2011, I now seek leave to move a motion in relation to this first report.

Leave granted.

I move:

That the Senate take note of the report.

As I say, today I present on behalf of the Finance and Public Administration Legislation Committee the first report of its inquiry into the Australian privacy amend­ment legislation. This report examines the exposure draft of the Australian Privacy Principles, which are the first stage of the government's planned reforms to enhance the protection of personal privacy in Australia. The government has recognised that the current Privacy Act may not be adequate to protect personal information that is gathered, stored and shared in today's world. Vast quantities of personal information are now transmitted electronically, and many Australians are concerned about the security of that information. As a first step in the reform process, the government requested the Australian Law Reform Commission to undertake a comprehensive review of the Privacy Act. The ALRC took 28 months to complete its review and addressed a multitude of issues in its three-volume report. The government accepted the maj­ority of the ALRC's recommendations in relation to the Privacy Principles. The Privacy Principles exposure draft provides for a single set of 13 principles applying to all entities to replace the Information Privacy Principles which currently apply to agencies and the National Privacy Principles which currently apply to organisations.

While most submitters support the reforms, the committee received a range of views on whether or not the APPs meet the objectives underpinning the need for reform and provide greater privacy protection. The committee acknowledges that drafting a single set of principles was a particularly complex task. However, the committee was concerned that many submitters argued that the new principles are complex, dense and difficult to understand. The committee considers that this is a significant issue. Without clarity, agencies and organisations may find it difficult to comply with their privacy obligations and individuals may not understand how their privacy is protected. As a consequence, the committee has made recommendations to simplify the structure of the APPs and to improve their clarity. Some submitters were also concerned that the reforms may lead to a diminution of privacy protection in some instances. While the committee has made recommendations to reconsider some aspects of the principles, on balance the committee considers that privacy protections have not been weakened.

The committee welcomes the enhance­ment of the privacy regime through the new principles for open and transparent manage­ment of personal information and cross-border disclosure, specific regulation of the use of personal information for direct marketing activities, and restrictions on the use of government-issued identifiers. Evidence provided to the committee addressed the compliance burden on entities arising from the new principles, particularly in relation to complaint handling and obligations arising when personal informa­tion is transferred to overseas recipients. The committee acknowledges that the reforms may result in an increased compliance burden for some entities. However, the committee is of the view that the benefits of the additional requirements outweigh the compliance costs. In addition, the committee notes that many principles include a reasonableness test for the matters or steps to be undertaken, and in some principles the test also provides that no steps need to be taken if it is reasonable in the circumstances. The committee considers that these pro­visions provide entities with sufficient flexibility in complying with the privacy regime.

In conclusion, the committee considers that the Privacy Principles contained in the exposure draft reflect the intent of the ALRC's recommendations. They also will ensure that the standards are in place to address the risk of harm from the inappropriate collection, use and disclosure of personal information and to meet the expectations of individuals that personal information will be handled appropriately. The committee is currently examining the credit reporting exposure draft. The committee will then examine the final two parts of this stage of privacy reform, the health privacy and the powers and functions of the Australian Information Commissioner, when these exposure drafts are available. I commend the report to the Senate.

Question agreed to.