Save Search

Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
 Download Current HansardDownload Current Hansard    View Or Save XMLView/Save XML

Previous Fragment    Next Fragment
Tuesday, 9 March 2004
Page: 21111


Senator COONAN (Minister for Revenue and Assistant Treasurer) (4:40 PM) —I table a revised explanatory memorandum relating to the bill and move:

That this bill be now read a second time.

I seek leave to have the second reading speech incorporated in Hansard.

Leave granted.

The speech read as follows—

The Privacy Amendment Bill 2003 addresses five matters to ensure that the protections of the Privacy Act are available to all irrespective of nationality, to provide the private sector with greater flexibility in relation to privacy codes, to correct an unintended limitation on the provision of superannuation services to Commonwealth employees, and to enable the Privacy Commissioner to audit acts and practices of Commonwealth agencies in relation to personal information specified in the Regulations.

National Privacy Principle 9 provides that a private sector organisation may transfer personal information about an individual to a foreign country only if one or more conditions are met.

However, the extra-territorial provisions of the Privacy Act state that the Act applies to offshore acts and practices only if they affect the personal information of Australian citizens and residents.

It is possible that these provisions may be seen as limiting the protections of National Privacy Principle 9 to Australians only.

That is not the Government's intention and the bill removes any doubt on this issue.

On a similar matter, the Act presently bars the Privacy Commissioner from investigating complaints about possible breaches of access and correction rights under the Act if complainants are not Australian citizens or residents.

There is no reason in principle to retain this limitation and it is to be removed.

The Government is concerned to ensure that the regulatory burden on business be reduced wherever possible.

In support of this, the Privacy Act allows the private sector to create privacy codes in replacement of the National Privacy Principles that would otherwise apply.

Although privacy codes must offer equivalent levels of protection as the National Privacy Principles, and must be approved by the Privacy Commissioner before they can take effect, codes offer flexibility to private sector organisations to tailor the privacy regime to their specific circumstances.

At present, business is limited in the matters which may be covered by a privacy code, specifically the matters nominated by the Act as exempt acts and practices which cannot be covered.

To give business and industry maximum flexibility, this limitation is to be removed.

This measure neither obliges code creators to deal with otherwise exempt acts and practices in their privacy codes nor does it lessen the levels of privacy protection for individuals.

The fourth amendment deals with an unforeseen consequence of National Privacy Principle 7.

This Principle restricts the use and disclosure of Government identifiers by the private sector.

It addresses public concerns raised in the context of the Australia Card debate of the 1980s and is designed to prevent the creation of a de facto universal identity number system.

Exceptions to National Privacy Principle 7 may be made through Regulation but the Act requires extensive consultation procedures before they can be made.

The present wording of the Act does not allow for Regulations to be made to apply to a class of organisation, identifier or circumstance.

This has become a problem in relation to the provision of superannuation services to Commonwealth employees.

Superannuation funds typically use and disclose Commonwealth payroll numbers to ensure that salary deductions are correctly attributed to their members' accounts.

This situation applies to all Commonwealth agencies and it would be sensible to be able to deal with it on a Commonwealth wide basis. The bill streamlines the consultation procedures for the making of Regulations but only in relation to the provision of superannuation services to Commonwealth employees.

The consultation procedures for Regulations in all other situations remain unchanged.

It is essentially an internal housekeeping matter.

The final matter is to expand the Privacy Commissioner's ability to audit the acts and practices of Commonwealth agencies in relation to personal information.

At present, the Privacy Commissioner's audit power it is limited to matters addressed by the Information Privacy Principles.

This amendment would enable the Commissioner to audit acts and practices that take place outside the scope of the Information Privacy Principles but which relate to personal information.

These matters would be specified in Regulations.

The stimulus for these amendments has come from recent discussions with the European Commission on access by the Australian Customs Service to passenger name record data, or PNR data, held by European air carriers.

Access to this information by Customs will improve our border security by assisting in identifying high-risk individuals travelling to Australia.

The European Commission sought assurances that Customs would not retain PNR data longer than is operationally necessary.

In our discussions with the Commission, it was agreed that a way to address this issue would be for the Privacy Commissioner to be able to audit Customs's non-retention of PNR data.

The Government remains committed to an effective privacy regime that meets the needs of Australians.

This bill improves that regime.

Debate (on motion by Senator Crossin) adjourned.