Senator PAYNE (6:10 PM) —I rise to participate in this debate and to move slightly away from the mutual admiration society that developed on the other side of the chamber towards the end of the remarks of the previous speaker. I would like to place on record the importance of the Attorney-General's contribution to this process—his persistence in consulting broadly across Australia and in ensuring that input to the development of this legislation has been as broad as possible. Rather than engaging in a significant traversing, again, of the lengthy years up until the election of the Howard government, I wish to move from about December of 1998, when both the Attorney and the minister for communications announced that the government would legislate to support and strengthen self-regulatory privacy protection in the private sector.

This bill has been developed with what I would describe and what many of the participants in the process would describe as a consultative approach. The government decided that the privacy standards in the bill would be based on the national principles for the fair handling of personal information which were developed by the Privacy Commissioner in 1997 and 1998. Those principles themselves evolved from a broad consultation process which involved business, industry, consumer and privacy interests. The government convened a core consultative group in 1998 which consisted again of industry and consumer groups, of privacy advocates and the Privacy Commissioner. It was discussions with that group which prompted the government to determine the approach of embodying a coregulatory system in this bill. At the Attorney's request the Privacy Commissioner continued with the consultative approach in 1989 in relation to the application of the national privacy principles to health information. The end result of that consultation was an information paper released late in 1999. Further in 1999, the government released the key provisions of the bill.

Both the previous speakers in this part of the debate have referred, to some degree, to some of the parliamentary committees which have considered the bill since its introduction. I would have to concur that those considerations have been extensive. They have included the House of Representatives Standing Committee on Legal and Constitutional Affairs, the Senate Legal and Constitutional Legislation Committee and, as Senator Stott Despoja mentioned, the Senate Select Committee on Information Technologies. In some of the public debate that has surrounded this bill in recent times there has been some criticism, depending on from whom it is emanating, that the bill is being rushed or alternatively that the bill is being delayed. Those disparate criticisms are brought together with the facts, which is always inconvenient for people who wish to criticise without any foundation.

This was a decision to legislate which was announced two years ago. Since that time, all interested parties have had many opportunities to make their views known to the government and many have done exactly that. Many of those that criticise are those whose views have not prevailed, and that is of course often the case in public debate. There are some who continue to make a constructive contribution. But there does come a point when decisions have to be made, and it is the view of the government that these are the appropriate decisions to make. What we are about in bringing forward this bill is trying to strike an appropriate balance between the competing interests that other speakers have referred to, and to enshrine in legislation the protection for personal information held by the private sector. The bill is effectively described as reflecting a `light touch approach'. After the principles have been set out, much of the detail is left to guidelines which will be developed by the Privacy Commissioner. So it is not a heavy-handed scheme. It is a complaints based system which will lead to remedies available to the individual whose privacy has been breached. This reflects the current approach in the public sector application of the Privacy Act that we have been told has worked so well since 1989. In pursuing that same line, this is a consistent approach from the government.

In terms of the commencement of the legislation, it is important to note that it will come into effect 12 months after it is passed by both houses and receives royal assent. That time frame will enable organisations to have time to adjust their practices in order to comply with the new obligations.

I have referred already to the national privacy principles which will provide the standards for handling of personal information, and I have noted the coregulatory approach that the bill takes. I think it is also important to notice—and it has not been acknowledged so far in this discussion—the very important and effective role that we believe the Office of the Privacy Commissioner fulfils in this process. There has been no credit given to that office and those who fill the roles in that office, no credit given to the breadth of consultation they have undertaken or the efforts they have made to work with particular industries that use certain types of information or particular organisations to develop codes that are tailored to those areas. It is very important to acknowledge that.

This will bring about a uniform national scheme that provides for the appropriate collection, holding, use, correction, disclosure and transfer of personal information by organisations in the private sector. This is absolutely vital for the effective operation of business in this country and for the most effective and efficient compliance levels and activity for business to observe. It is almost impossible to imagine what an inconceivable mess there would be if we had ended up going down the road of having separate jurisdictions implementing their own privacy requirements and legislation.

As I have mentioned in this place before, I was involved, both personally and professionally, in the discussion and development of this new legislation before I even came into this place. The horror that was struck into the hearts and minds of businesses in Australia at the thought of having to comply across eight jurisdictions if they operated on a national basis was enough to send most businesses into terror. Having put this together into a single national system, it is a very effective response to those concerns.

I want to comment briefly—and I am only intending to speak briefly this evening—on some of the concerns that have been raised about exemptions. I particularly want to go to one of the remarks of Senator Stott Despoja in relation to small business. Whilst Senator Stott Despoja indicated that the Department of Employment, Workplace Relations and Small Business gave certain evidence to the Senate Legal and Constitutional Legislation Committee—which indeed they did, and I believe that was an accurate representation—they also noted, and this is recorded in the committee's report:

I think it is very important to place that on the record. The other exemptions which have been raised as matters of concern and which I know were addressed in amendments which have been circulated in the chamber and will be discussed at the committee stage particularly concern employee records. The Senate committee recommended that there be a sunset clause inserted in the bill which would allow the exemption to operate for two years while analysis was undertaken by relevant agencies to ascertain whether existing workplace relations and state and territory legislation is adequate to protect the privacy of employee records.

The government has not, as I understand it, accepted that recommendation in whole but has made what I regard as a very important response to it. It has undertaken, I understand from a statement from the Attorney-General today, to review existing Commonwealth, state and territory laws to consider the extent of privacy protection for employee records and whether there is a need for further measures. This review will commence after the bill is enacted but before it comes into effect. It is a review which will be carried out by officers of the Attorney-General's Department and the Department of Employment, Workplace Relations and Small Business, and again it will involve consultation with state and territory governments, the Privacy Commissioner and other key stake-holders. This is, I think, an important response to issues of concern which were raised by the Senate committee and which have been raised in other committee reports on this issue.

What the government does not consider necessary is the imposition of additional administrative and financial burdens on Australian employers without giving proper consideration to the need for such controls. What we are about in all of this legislation is an approach that balances the interests and concerns of individuals in relation to the protection of their personal information and the needs of Australian business to operate in an effective manner, at the same time observing, most importantly, the protections which are required under this legislation. I think that covers some of the most important aspects of the legislation from the government's perspective.