Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Privacy Forum launch, Privacy Commissioner's e-mail and web browsing guidelines, 9.30 am, 30 March 2000, Sheraton on the Park, Sydney.



Download PDFDownload PDF

 

March 2000

Privacy Forum Launch Privacy Commissioner's E-mail and Web Browsing Guidelines  9.30am, 30 March 2000 Sheraton on the Park, Sydney

Introduction  The Privacy Commissioner has just outlined for us the Strategic Plan for his Office.  It is clear that you and your Office have thought carefully about your critical role in the information era, and I congratulate you on your efforts. 

1.

The Privacy Commissioner's Strategic Plan is a clear and realistic statement about the importance of privacy in the modern world.  It makes clear the approach the Office proposes to take to promote privacy protection in Australia.  I fully support the principles underpinning the plan.  I am also pleased to note the emphasis it places on developing solutions to problems that may arise in the handling of personal information.   

Privacy concerns 

2.

In a series of recent surveys, Australians have expressed serious concerns about the security of their personal information when doing business online.  3.

Left unaddressed, those concerns have the potential to significantly influence consumer choices about whether or not to participate in electronic commerce. 

The survey results should ring warning bells for business involved in e-commerce.  Those that take note and establish good privacy practices will reap the competitive advantages. 

4.

Some businesses are leading the way by putting in place codes of practice which commit them to handling personal information in a fair and responsible way.  5.

But these good business practices are not consistent.  What is needed is a clear set of rules that strikes a balance between individual privacy, freedom of information and the needs of business. 

6.

To be effective, those rules must be accepted and understood by both business and the community.   

The Privacy Amendment (Private Sector) Bill 

7.

The Government has been working hard over the last 12 months on a major initiative in privacy law.  8.

The Privacy Amendment (Private Sector) Bill, which I intend to introduce into Parliament in the next two weeks of sittings, is the most significant development in the area of privacy law in Australia since the passage of the Privacy Act in 1988. 

9.

A key feature of the Bill is that businesses are permitted to develop their own codes to regulate the collection, storage, and disclosure of personal information.  The codes must provide at least as much protection as the National Principles for the Fair Handling of Personal Information and must be approved by the Privacy Commissioner.  Where businesses choose not to develop their own codes the National Principles will apply as a default code. 

10.

For the first time, Australians will have confidence that they will be able to know who has their personal information and what is done with it.  They will also be able to access their records and correct them if they are wrong. 

11.

The legislation will give Australians confidence in their dealings with the private sector and in doing business on-line.  It will also maximise the capacity of business to take advantage of e-commerce within Australia and overseas. 

12.

Increasingly, important trading partners are asking for assurances that the information they provide us will be given appropriate protection.  The new privacy legislation ensures that Australia can meet its international obligations and concerns.  It also ensures Australia will not be disadvantaged in the global information market. 

13.

The legislation represents a very good model of Australian policy development and law making.  It establishes a privacy protection framework which is responsive to both business and consumer needs.  This is largely due to the cooperation and input we received from stakeholders and the community during the extensive consultation process. 

14.

I would like to take this opportunity to express my thanks to those who have contributed to the development of this legislation.  In particular, I would like to thank the members of the Core Consultative Group and those of you who provided submissions on the Information Paper and the draft key provisions. 

15.

I would also like to thank the Privacy Commissioner and his staff for their work on the Bill, particularly in the important and sensitive area of protecting health information.   

Guidelines on Workplace E-mail, Web Browsing and Privacy 

16.

One of the other valuable services the Office of the Privacy Commissioner offers is the provision of advice on dealing with specific problems posed by new information technologies. 

17.

Today, I have the pleasure of launching the Commissioner's latest guidelines on the use of e-mail and web browsing in the workplace.  18. E-mail has transformed the way in which organisations communicate to their 19.

employees and their customers.  With the thousands of electronic messages which are sent internally and externally each year, it is easy to forget that e-mail is almost as insecure as a postcard.  It can be read by anyone who receives it.  The guidelines recognise that many employees often believe that their e-mails and web browsing activities are private, despite the fact they are using their employers' equipment.  They also recognise that many employers monitor and scrutinise these activities and that system administrators are usually able to access everything on the network. 

20.

The Commissioner's guidelines aim to ensure that organisations devise clear e-mail and web browsing policies which are widely known and understood by their staff.  21. The Commissioner recommends that organisations make their e-mail and web

browsing policy visible, ideally with a warning when the user logs on to the computer system.  The guidelines suggest that the policy explain explicitly what activities are permitted and what are not.  It should set out what information is logged, who has access to the logs and who has access to the content of e-mail and web browsing activities. 

22.

The policy should also refer to the organisation's computer security system.  E-mail misuse may pose a threat to the security of the system, the privacy of staff and others and give rise to legal liability for an organisation. 

23.

The guidelines state that the policy should be reviewed, updated and re-issued regularly.   

Timeliness 

24.

The Guidelines are very timely given recent press coverage of the issue and the results of a survey by the law firm Freehills.  The survey showed that 76 per cent of respondent organisations periodically monitored e-mail.  But only 35 per cent of those organisations informed their customers or staff about this. 

25.

Not only are surveys telling us that people have concerns about the monitoring of e-mail, the issue has come before the courts.  I note that the Federal Court is currently considering whether to award compensation to an employee who lost her job because she had sent union news through the company's e-mail system.   

Conclusion 

26.

The new Guidelines emphasise the importance of good privacy practice to the morale and productivity of an organisation.  They provide practical, balanced advice on how to ensure that staff understand and accept company policy on these issues. 

27.

The guidelines also provide a sound basis for the development of policies in both the public and private sector.  They are a valuable contribution to the search for balanced solutions to the challenges posed by new information technologies. 

28.

I commend them to you.  29.