Mr MELHAM (10:13 AM) —The Privacy Amendment Bill 1998 represents a breach of a core promise by this government. It also represents an embarrassment for the Attorney-General (Mr Williams). More importantly, it represents a failure by this government to protect the right to privacy of every single Australian. In his speech on 24 March 1997 which released the government's small business package More Time for Business, the Prime Minister (Mr Howard) stated:

A tangible demonstration of the Government's determination to avoid unnecessary increases in the regulatory burden on industry was our recent decision not to implement privacy legislation for the private sector at the Commonwealth level. I also raised this matter at last week's Premiers' Conference. I have asked the Premiers and Chief Ministers not to introduce such legislation at the State level. Queensland and the Northern Territory have already agreed to our request and the other States will consider the Commonwealth's request further. I will be writing to the States to set out our concerns.

That announcement was in direct breach of the government's pre-election commitment. As the Liberal and National parties' law and justice policy stated:

A Liberal and National Government will as a priority, and in consultation and development with the states and Territories, ensure the implementation of a privacy law regime in Australia comparable with best international practice.

As part of achieving this goal we will:

. work with industry and the states to provide a co-regulatory approach to privacy in the private sector;

. conduct a comprehensive Parliamentary inquiry into the state of Australia's privacy laws. Amongst other things, the inquiry will examine and review legislative and administrative regimes for the protection of privacy, examine public interest and statutory exemptions, the extent of data-matching practices, compliance with international transfer standards, and the need for legislative protection of the right to privacy for individuals in respect of the media;

. review and, where appropriate, implement the recommendations of the report of the House of Representatives Standing Committee on Legal and Constitutional Affairs In Confidence ;

The report In Confidence was tabled in this House in June 1995. It was a report of the House of Representatives Standing Committee on Legal and Constitutional Affairs. Importantly, membership on that committee, of which I was proud to be chair, included the deputy chair, Mr Alan Cadman MP; a former Attorney-General, the Hon. Michael Duffy; a former minister, the Hon. Wendy Fatin; the Hon. Clyde Holding, a former minister; Mark Latham MP; Christopher Pyne MP; the current Speaker, the Rt Hon. Ian Sinclair MP; Mr Peter Slipper MP; Mr Peter Staples MP, a former minister; Mr Lindsay Tanner MP; and Mr Daryl Williams QC, MP, the current Attorney-General. That was a substantial committee. The report In Confidence that was presented to this parliament was a unanimous report. The current Attorney-General was a member of that committee. The current Speaker was a member of that committee.

What were the conclusions at pages 172 and 173 of that committee report? I quote from page 172:

The Committee considers that the protections provided by the Information Privacy Principles should be extended to all confidential third party information by way of a national privacy code. The Committee notes that if such a code is affected by way of extension of the Privacy Act, consequent changes to the FOI Act would be necessary.

Recommendation 38:

The Committee recommends that the protections provided by the Information Privacy Principles should be extended to all confidential third party information by way of a national privacy code.

It goes on:

As this proposal would have wide coverage in the Australian community, including application in state and territory government operations, the Committee considers it is desirable to have the proposal considered in the forum of the Council of Australian Governments.

In recommendation 39 the committee:

. . . recommends that the proposal for a national privacy code be placed on the agenda for the earliest possible meeting of the Council of Australian Governments.

That is why that recommendation found itself in the Liberal and National parties' law and justice policy. This Attorney-General, with the concurrence of this Prime Minister, put it in there, and now they walk away from it.

On 12 September 1996, the Attorney-General began to implement this election commitment by releasing a discussion paper on privacy in the private sector. In his press release of that date, the Attorney-General said:

. . . [t]he Discussion Paper will form the basis of the development of a comprehensive policy regime comparable, if not better, than international best practice.

The Discussion Paper proposes a comprehensive co-regulatory approach to privacy protection which is designed to provide maximum flexibility for the private sector.

. . . . . . . . .

I intend to be in a position to develop legislation for introduction next year.

The Attorney-General quite rightly justified this announcement by saying:

Protecting privacy is no longer an issue for the public sector. With today's technology and data bases, there is unchecked potential for information to be used improperly.

As a result of that discussion paper, the government received a number of submissions. Those submissions were overwhelmingly supportive of the government's proposed policy and acknowledged that there would be only minimal costs to business arising out of the legislation.

As an indicator, Price Waterhouse conducted a corporate privacy survey, published in May 1997, that showed that more than 70 per cent of companies supported the introduction of privacy legislation. Mr Stephen Woolley, Price Waterhouse's privacy and information security partner, said:

Business supports the introduction of national privacy legislation by the federal Government because they are confused as to what their responsibilities are on the privacy front.

Mr Woolley went on:

They are not sure what they can and can't do and want the Government to tell them.

Price Waterhouse's report found that 75 per cent of companies would require only minor computer or administrative changes if the legislation was introduced. Yet, despite this, the first signs of a policy backflip occurred on 13 January 1997. Whilst still supporting the government's policy and still stating that any costs to business involved in implementing these laws would not be excessive, the Attorney-General conceded to the Australian Financial Review that he had no passion for this issue. He indicated that:

. . . there are a variety of pressures, some quite unrelated, that have forced—

I repeat `forced'—

the Government to move on privacy.

So much for the Attorney-General's commitment to this supposedly core commitment. Then, on 24 March 1997, the Prime Minister announced that this core commitment—a commitment that the government had already begun to act upon—would be broken. As the evidence demonstrates, this broken commitment has nothing to do with saving business from red tape. It is simply about denying Australians the protection they need of their fundamental human right to privacy.

Is this another instance where the Prime Minister has rolled the Attorney-General? Unfortunately, I suspect so. The government, despite repeated requests in the Senate estimates process, has failed to come up with any credible defence of the Prime Minister's assertion that privacy red tape will choke Australian businesses. The evidence of many of our trading partners, such as New Zealand, Hong Kong and Taiwan, all of whom have introduced privacy regimes covering the private sector, is that these controls have minimum compliance costs. As the Privacy Commissioner, Moira Scollay, said in her most recent annual report:

It remains my view that a legislatively based `co-regulatory' approach would best achieve privacy protection for individuals at minimal cost to business . . .

Indeed, there is much evidence that improved data management procedures resulting from the introduction of improved privacy regimes have led to greater efficiency and expanded business opportunities for business. Damage will also be caused to Australia's businesses in other ways.

In October 1998, the European Union will enact yet to be determined privacy standards covering the international transfer of personal information. It is expected that these standards will prevent European companies from engaging in data exchanges with overseas companies that are not subject to adequate privacy regimes. It is still unclear whether companies will be able to voluntarily comply with these standards—say, through the adoption of the privacy principles recently released by the Privacy Commissioner. May I digress for a moment and congratulate Ms Scollay on the excellent work she is doing in that area.

There is also a reasonable prospect that companies, regardless of how good their individual privacy standards are, will be able to comply only if the law of their nation of origin also complies with the proposed European standards. Assuming voluntary compliance is sufficient, Australian companies wishing to engage in data exchanges with European companies or which are competing for information services work in Europe will be placed at a significant commercial disadvantage by reason of having to establish their compliance with the standards required by the European authorities. If state based compliance is required, then Australian companies will simply be unable to compete for work and important sectors such as banking and finance could be locked out of important international markets. The ramifications of such a decision would clearly be significant.

But through all this we must not forget whom privacy laws are really there for—the Australian people. The Australian people will not forget this government's betrayal of them over this issue. As polling conducted by Roy Morgan Research on behalf of the Privacy Commissioner shows, nearly 75 per cent of Australians rank the confidentiality of personal information as very important, ranking it second only to education and ahead of even the economy and the environment.

The government ignores the will of the Australian people at its peril. The Labor Party on the other hand will not. Unlike the government, the Labor Party has a long history of commitment to protecting the privacy of ordinary Australians. Item 71 of the constitutional and legal section of the 1994 national platform stated:

Labor believes in the protection of the individual's right to privacy.

The 1998 platform restated that commitment and more particularly said that Labor will:

. . . legislate to extend the operation of privacy protection to cover both the public and the private sectors in accordance with international privacy principles and the best international standards.

Labor also committed itself to updating those laws to meet the needs arising from emerging technologies. When we were in government, the Labor Party had acted on this commitment. On 10 December 1995, the then Attorney-General, Michael Lavarch, and the then Minister for Justice, Duncan Kerr, announced that the previous Labor government would extend the operation of the Privacy Act 1988 to the private sector. In keeping with those announcements, I am pleased to inform the House that the shadow Attorney-General, Senator Bolkus, has announced that Labor will continue our commitment to the privacy of ordinary Australians by amending this bill to ensure that its scope is extended to the entirety of the operations of the private sector and not just to those private businesses that have been contracted out government work.

The exact form of those amendments will not be released today. Instead, we will further develop our proposals in light of the evidence to the Senate's expected inquiry into this legislation. I do, however, indicate that Labor will, as we proposed to do in 1995, draw upon the international experience of privacy protection as evidenced by the highly successful adoption of similar laws in New Zealand.

Although this bill is an improvement on the current regulatory environment, there is no doubt that it falls well short of what is required. Nor does the government have any genuine commitment to this legislation. Once again it has been forced to act on the issue of privacy through its own incompetence. It was only under increasing Labor Party and community concern about the government's outsourcing of its information technology functions and employment services that the government has produced this bill.

In May 1997, the Privacy Commissioner, Moira Scollay, submitted to the Senate inquiry into the contracting out of government services that the Privacy Act did not cover contracts for government services performed by private sector agencies, nor did the penalties that apply to the misuse of private information by public servants under the Crimes Act or the Privacy Act similarly apply to those contractors and their employees. Yet the government did not originally propose to adopt such legislation. Rather, when the Minister for Finance and Administration (Mr Fahey) announced the government's decision to outsource its information technology services in the middle of last year, he initially stated that only contractual protections would be put in place. However, after an embarrassing story in the Sydney Morning Herald, he said that cabinet had now decided to amend the Privacy Act 1988 to require independent contractors to comply with the privacy principles.

The government's initial failure to act in this regard is demonstrated by the fact that it has since come to light that the Minister for Finance and Administration ordered his department to enter into negotiations with IBM-ISSC to outsource the department's information technology services from July last year, well before he knew that any amendments to the Privacy Act were being considered. This bill is another example of this government making policy on the run and the bill shows many of the hallmarks of that approach.

Schedule 3 of the bill excludes 2½ pages of government funded services from the operation of this bill. These include a vast array of government services such as medical and health care services, services provided by a volunteer or community based organisation for the Department of Human Services and Health and the like. No reason has been provided by the government for many of these exclusions.

We are particularly concerned about the exclusion of medical records from this list. We currently have the anomalous situation where, in many cases, patients are either entitled or not entitled to access their medical reports depending upon whether the doctor in question is employed in a public or private sector medical clinic or hospital. This is clearly ludicrous and nationally consistent legislation should be introduced to protect the rights of patients in this regard.

Enforcement regimes under the bill also seem to be highly deficient. No consideration appears to have been given to the extension of criminal penalties for the misuse of personal information. Even the conciliation regime appears to breach the requirements of the Brandy decision by purporting to give the Privacy Commissioner the power to make binding determinations, including the power to award compensation against errant contractors.

As the government well knows, as a result of the Brandy decision, these sorts of orders are only enforceable when made by a court vested with power under chapter III of the constitution. What the government is seeking to introduce in this bill is an enforcement regime similar to that which currently applies to other human rights legislation but in relation to which there is universal agreement that changes need to be made as are currently proposed in the Human Rights Legislation Amendment Bill.

On the face of it, this is a very sloppy piece of legislation. The Labor Party looks forward to the opportunity that will be afforded by the Senate committee's consideration of both this bill and the wider issue of privacy protection and the private sector to examine this legislation in greater detail. Accordingly, I move:

That all words after "That" be omitted with a view to substituting the following words:

"whilst not refusing to give this Bill a second reading, the House:

(1) notes the Government's failure to keep its election promise to extend the Privacy Act 1988 to the private sector; and

(2) in particular, notes that this breach of a core commitment will:

(a) leave Australians open to continued violations of heir basic human right to privacy; and

(b) damage the trading prospects of many Australian information technology and information management companies, particularly in respect of trading opportunities with the European Union, resulting in the loss of Australian jobs in these vital emerging sectors of the economy".

I indicate that the Labor Party will be dividing on this second reading amendment.

Mr DEPUTY SPEAKER (Mr Jenkins) —Is the amendment seconded?

Mr Lee —I second the amendment and reserve my right to speak.