Mr PYNE (10:07 AM) —The bill presently before the House, the Privacy Amendment (Office of the Privacy Commissioner) Bill 1998 , separates the Privacy Commissioner from the Human Rights and Equal Opportunity Commission by creating a statutory Office of the Privacy Commissioner. This bill will not alter any of the Privacy Commissioner's functions and responsibilities and the commissioner will continue to be involved with both the public and the private sector. Creating a separate unattached office for this important position will lend itself to a higher public profile for the work of the commissioner. Raising the commissioner's profile is, in itself, a form of awareness campaign. If the public are regularly reminded about the existence and work of the Privacy Commissioner, it is more likely that people will think through the possible consequences of disclosing unnecessary information.

The creation of a separate Office of the Privacy Commissioner will formalise the practical arrangements previously in place. The position of Privacy Commissioner has always operated with its own dedicated Human Rights and Equal Opportunity Commission staff. Creating a separate Office of the Privacy Commissioner will foster greater efficiencies and opportunities to promote good information handling practices across agencies and organisations. It will also improve the office's educative function and allow the commissioner to focus on preventative measures.

Formalising the separation of the Office of the Privacy Commissioner from the Human Rights and Equal Opportunity Commission brings Australia into line with the practice of many other countries. However, that is not to say that Australia should always follow the privacy protection principles of other countries. In fact, I believe that with an inventive government policy Australia has the potential to be the world leader in innovative and effective privacy protection practice.

It is universally accepted that we are living in a more intrusive world. It is the voluntary price we pay as individuals when we avail ourselves of the technology that is now available to us. The convenience of using automatic teller machines, for one example, is to a certain extent tempered by the knowledge that the details of the transaction such as the time, date, location, amount and balance of the account become a matter of record. Some automatic teller machines are equipped with hidden cameras. Although they primarily are for security purposes, they do record other matters which are peripheral to security needs.

Similarly, with the convenience of the Internet comes the inevitable intrusion in our daily lives which the member for Curtin raised in her own speech. The passive sounding term `browsing the web' belies the privacy intrusions that a web browser is potentially exposed to. Establishing a web site for the educational benefit of others can also leave you exposed to privacy intrusions.

The tampering with the Liberal Party web site in 1998 by a staff member of the Leader of the Opposition is probably an event most of us would rather forget. However, this unfortunate circumstance does raise some very legitimate concerns. What protection is afforded to individuals from unauthorised appearances on web sites? What regulations or mechanisms are in place to prevent someone constructing a web site which contains personal information about an individual?

Ever since the 1950s when the United States government began entering individuals' data onto enormous mainframe computers there has been a public suspicion of the collection of personal information. There exists a substantial body of anecdotal evidence to suggest that these fears are not without foundation. In the United States a Maryland banker abused his position on the State Health Commission by accessing a database of cancer patients which was then cross-referenced with his bank's database of loan customers. Clearly, in the United States technology has outpaced the protection of privacy legislation.

In Australia, striking a sensible balance between the social benefits of technological advancement and an individual's right to privacy has been the challenge of successive governments. Today, the gravity of that challenge has never been greater.

The Australian electorate has been acutely aware of the issues surrounding individual privacy since the 1980s when the Hawke government attempted to introduce the insidious Australia card. The electorate overwhelmingly held the view that the search for our national identity did not extend to allocating each citizen his or her own very special number. In reaction to Labor's ill-fated attempt to introduce the Australia card, the Privacy Act was passed in 1998 to allay some of the fears people held about identity cards. But at the same time the act allowed increased scope for information gathering and sharing in order to reduce tax and welfare fraud.

However, the emergence of contemporary marketing techniques has added another dimension to the challenge of privacy protection. In today's competitive private sector marketplace, marketing gurus solicit qualified leads: people who have purchased goods or services or spent a sum of money that suggests they might be suitable targets as potential clients and customers. Where do they find such leads? There are thriving companies whose sole business is the buying and selling of names and contact details of people who have purchased goods or services, belong to a certain income tax bracket or read particular magazines. The more qualified the list, the greater its value.

Occasionally we invite these intrusions upon ourselves. How often have we been lured by a valuable lottery prize? Entering such lotteries is usually free; the only requirement being to fill out a card telling the company a little bit about ourselves. The footnote on the card usually inquires if we object to the information supplied being passed on to other organisations who might have products to interest us. With eyes firmly on the prize and away from the fine print we usually do not mind. But how often do we regret that decision when our mailbox spills over with unsolicited mail proclaiming `once in a lifetime unrefusable offers' from companies we never knew existed?

In November 1998 I drew the attention of the House to a report in the South Australian newspaper the Sunday Mail. According to the report, Australia Post has compiled detailed information on their clientele. Details include their client's name, address, telephone number, occupation, recreational leave habits, alcohol consumption, health and home insurance, monthly bill payments, annual income and motor vehicle use. This information was allegedly obtained by communicating with five million households through state government literature—for example, motor vehicle registration renewal forms.

Induced by prizes such as luxury cars and Internet access, people are completing these forms and returning them to Australia Post. Australia Post, through Custom Select, are allowing this information to be made avail able to organisations that compile market profile databases. According to the report, these databases are valued at approximately $1,200 each. Compounding this concerning development is the fact that a proportion of these databases have fallen into the hands of practitioners of sharp practice. Regrettably but predictably these unethical merchants target the elderly and the vulnerable.

Complicating the issue is the fact that the increasing prevalence and flourishing success of direct mail marketing and telephone canvassing indicate that many consumers respond favourably to and appreciate this form of marketing. Indeed, merchants who use direct mail and telephone canvassing are generally compliant with all consumer protection legislation and regulations. It is also true that merchants have a right to contact potential clients who may benefit from or be enriched by the service or product they provide. Some would argue that it is just a question of freedom of speech. But in these cases, if we do not volunteer information, we will not be harassed. It is a personal choice. Depending on the degree of privacy we wish to achieve, we also have the option of silent phone numbers and silent electoral enrolments, to name just two measures.

I do not believe that a specific public education program to create awareness of the compilation of mailing lists and profile databases and its consequences is the answer. Rather, we need to build the profile of the Privacy Commissioner through measures like this bill. But adopting proactive privacy protection measures is not a realistic option when we deal with government departments or utilities. We have even less control over a government department or its employees passing on information that we surrender, we are told, for the greater common good. Even the strictest civil libertarian would not argue against the need for governments to maintain detailed databases. It defies commonsense to issue Medicare cards, drivers licences and Commonwealth seniors health cards if no record is kept of their issue and they cannot communicate with each other. But there exists a very real possibility of invasion of privacy when this information is illegitimately passed on to a third party.

The ability to exchange information between departments has aided efficiency, eliminated unnecessary duplication and reduced fraud. It makes perfect sense that the Australian Taxation Office should match data with Centrelink, or Centrelink with the department of immigration. But, having acknowledged the need for such data procurement, we must also expect that the rules governing the use of such data will provide sufficient protection for all Australians. It is also important that the government provides the Office of the Privacy Commissioner with the necessary power, profile and resources to provide privacy protection. The Privacy Act of 1988 attempts to provide protection against abuse of personal information collected. But the evolving nature of privacy protection requires us, as legislators, to ensure that privacy laws evolve with the times and circumstances.

The coalition government has worked diligently to keep pace with this evolution by introducing a number of amendments to the Privacy Act and associated legislation over the last three years. But there are still many more challenges to be met—in fact, some challenges have yet to evolve. There are a number of ambiguities in the information privacy principles that form the basis of the Privacy Act. The interpretation of some of the terms of information privacy principles is the subject of some debate. For instance, the term `protection of the public revenue' is used as an exception in these principles. What is meant by that term? More importantly, how liberally is that term currently being construed? Other acts of the Commonwealth address disclosure and protection of information issues specifically relevant to a particular area, but it is the case that certain information and privacy principles in the Privacy Act may provide overriding grounds for disclosure. This is an anomaly that should be addressed.

There is also disturbing anecdotal evidence concerning some of the legitimate methods of information collection practised by the Australian Taxation Office. The collection of taxation revenue is an extremely important task. However, some of the alleged information collection practices of the Australian Taxation Office—which include information gathering from law abiding taxpayers—make very sobering reading. It has been suggested that the ATO is wired into electric and gas authorities, motor vehicle registries, land titles offices, the Securities Commission, and even the Yellow Pages—that is in addition to Centrelink and other federal departments it uses to aid its tax collection. I am not in a position to judge how essential such a wide network might be, but the Commissioner of Taxation should be acutely aware of the need and should be able to justify ongoing necessity for such a network.

We have already seen an egregious abuse of the system. A tax officer accessed the confidential taxation records of a prominent sporting identity on 156 separate occasions over a two-month period. She claimed she had no motive for doing so other than having a crush on the athlete. I am not sure what her explanation was for the other 309 individual files she accessed over the same period, unless she was particularly amorous.

Governments collect information on citizens, who are told that in surrendering such information it may be used by other government bodies. In reality, there is not much choice—receipt of benefits is usually conditional on giving up a tax file number and other personal identification details. In other words, people exchange freedoms for assistance. But in doing so they still retain the fundamental right to expect that the information will be kept in safe hands. The Independent Commission Against Corruption in New South Wales found that over 30 officers of the Commonwealth had been involved in the sale, supply or purchase of confidential information. These officers were employed across the spectrum of government service: in Customs, Defence, health insurance and the former Department of Social Security. In addition to those areas, the data supplied in the trade of information came from Immigration, Local Government and Ethnic Affairs and Australia Post. The commission had no reason to believe these were isolated incidents of the illegal and unauthorised trading of data. In another breach of trust, an Australian Federal Police officer was convicted in 1995 for disclosing confidential information to a credit management company. The penalty for this was judged to be a six-month good behaviour bond, though the $4,200 bill for witness costs probably had more of an impact as a deterrent.

These revelations raise serious concerns about access, security and penalties for those who are guilty of breaching established guidelines regulating the collection and use of personal information. The government has a moral obligation to ensure that the Office of the Privacy Commissioner has the resources to ensure that collected data is accessed by authorised persons and only on a need-to-know basis. As the nature of privacy breaches evolves and the potential for abuse of this information becomes more pronounced, so too must the punishments and penalties provided by legislation. The rewards through unjust enrichment by abusing privacy protection legislation are often too tempting when compared to the relatively economical penalties that can be administered by the courts.

Unlawful collection or disclosure of confidential information needs to be the subject of general offence provisions in the Crimes Act 1914. The Crimes Act should undergo partial consolidation, and penalties set out for conduct deemed an offence. With a partial consolidation, various departments could retain the responsibility for determining what information needs to be protected. There is little evidence to suggest that a modestly funded education program would dramatically address the lack of public awareness. A lateral approach to increasing public awareness is to elevate the role of the Office of the Privacy Commissioner to give it a higher profile in the community.

We must be ever alert in ensuring that checks and balances are placed on governments in data collection and disclosure. Corporations, particularly those which participate in public-private partnerships, must be held to the same stringent standard. In 1998 the coalition government passed legislation to ensure that private companies comply with these standards with government contracted services. As a Liberal, I believe in the primacy and the privacy of the individual. This bill not only demonstrates the government's commitment to protecting individual privacy but also acknowledges that privacy legislation must continue its evolutionary cycle if it is to keep pace with technology. I commend the bill to the House.