Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Speech at the Privacy Connections Breakfast, launch of Inaugural Australian Privacy Awards.

Download PDFDownload PDF


Special Minister of State


Speech by Senator The Hon John Faulkner Special Minister of State

9 April 2008

Privacy Commissioner, ladies and gentlemen, distinguished guests.

It’s been my experience in government that the most complex and difficult issues are the ones that, to the uninitiated, seem the simplest. And what could be simpler than privacy? Most Australians think they know what privacy means - and probably have views as to how their privacy ought to be protected and preserved.

Unfortunately privacy isn’t that simple. Today, privacy can be compromised not only by the ways in which governments and corporations store and manage information, but also by a casual Facebook posting by a friend-of-a-friend, or by the record keeping practices of an international online retailer or auction site with servers located in several jurisdictions - and that’s just for starters.

This morning I’d like to talk about three aspects of privacy: regional efforts to resolve cross-border privacy issues; modernising our privacy framework as a result of the ALRC review; and the new Privacy Awards & the Australian Privacy Medal.

Approaches to Cross border Data flows - APEC

In the time since the formulation of the 1980 OECD privacy guidelines and the 1988 Privacy Act here in Australia much has changed - such as the ease with which personal information can flow across international borders. The increasing use of computers has coincided with a communications boom resulting in a massive increase in international telecommunications traffic. Information and communication technologies operate around the clock, unrestricted by geographical barriers. Such data flows are now considered the ‘life blood of modern business’.

Businesses will, as they should, take advantage of the opportunities presented by a virtual and borderless world. Information may cross borders to provide better customer service or to ensure customer orders are fulfilled. Information may be processed overseas and returned to Australia for use. A company may, for business continuity or other reasons, store or back-up information on servers located overseas. Cross-border flows of information are now an essential part of modern business. But none of this should undermine the privacy rights of Australians.

Because of these concerns, National Privacy Principle 9 was developed. It requires organisations to provide certain protections to personal information sent off-shore. However, since then, the use of the Internet has become ubiquitous. Not only is the Internet widely used to enhance business opportunities and to facilitate consumer choice, but there has been an explosive growth in the use of social networking sites. Cross border data flows are now a fact of life.

It is also a fact of life that national legislation faces jurisdictional limitations when it comes to dealing with cross border data flows. This is a challenge government and business have to meet - especially when many of our regional trading partners do not have the same high levels of privacy protections as Australia. For this reason the Government is strongly committed to leading the work of the APEC Data Privacy Sub-Group.

Privacy Connections Breakfast Launch of Inaugural Australian Privacy Awards

Page 1 of 4


I want to talk this morning about the Data Privacy Sub-group, whose work is very important, but perhaps not as widely known as it should be. When Australia hosted APEC last year, we took on the position of chair of the Data Privacy Sub-Group to deal with cross border data flows of personal

information across the region. In September 2007 APEC Ministers endorsed the APEC Data Privacy Pathfinder. The Pathfinder is an APEC mechanism to develop and ‘road-test’ elements of a cross border privacy rules system across APEC member economies.

The aim of a cross border privacy rules system is to encourage businesses to develop internal business rules on cross border privacy procedures which will be recognised throughout the APEC region. Businesses would then be held accountable by an appropriate authority, or regulator, to ensure that they comply with the rules. The Privacy Commissioner will be the authority in Australia.

Pathfinder processes are used to progress various issues within APEC. They involve bringing together representatives of member countries, to work together to develop new rules and processes. In privacy, the aim is to establish a multi-lateral co-operative framework and rules, whereby a person in one country, such as Australia, can make a complaint to the privacy regulator in their own country about an alleged breach of their privacy, even though the breach affecting them may have occurred outside Australia. The framework and rules developed and road-tested through the Pathfinder process should enable the smooth transition and effective handling of such a complaint across regulators in different countries.

Australia is one of many APEC economies participating in the Data Privacy Pathfinder, working together with the USA, Canada, Mexico, Japan, Korea, and Hong Kong China, amongst others.

Privacy trustmark bodies, which are commonly used in a number of economies, can also have a role in the resolution of minor privacy complaints, although a consumer will always be able to take their complaint to an appropriate authority with legal responsibility for privacy protection.

The Data Privacy Pathfinder involves eight specific projects covering issues ranging from the development of self-assessment tools for businesses to the role of regulators in ensuring businesses are held accountable for the handling of personal information. The Pathfinder also

includes a pilot project in which Australia and other member economies will be able to undertake practical testing of the various components of the cross border privacy rules system as they are developed.

In this way, the APEC Pathfinder will develop user-friendly solutions for both businesses and consumers for dealing with cross-border data transfers. Most of us would not want to sacrifice the efficiencies which come from sending information overseas, but we expect, and, in fact, are entitled to demand, that our information will be protected. The Community Attitudes to Privacy survey, conducted by the Office of the Privacy Commissioner last year, found that 63% of Australians continue to be very concerned about their personal information being sent overseas. The Pathfinder will develop practical complaint mechanisms which should lead to greater consumer confidence in overseas transfers of data.

Australia is participating in all of the Pathfinder projects, three of which are being led by Australia, through the Office of the Privacy Commissioner. The projects will produce a privacy contact officers directory, templates to assist in making cooperative arrangements between privacy enforcement

authorities, and a common complaint handling form to promote the timely handling and referral of cross-border privacy complaints.

By working together privacy regulators ar e developing appropriate co-operative arrangements and a network between regulators in the region to provide consumers with a one stop shop for privacy issues arising anywhere in our region.

A responsible and accountable system for cross border privacy protection must not create unnecessary barriers to cross border information flows. It must not create administrative and bureaucratic burdens for businesses and consumers. Given the high standards that Australian businesses must comply with, the cross border privacy rules system must not be merely another costly compliance hurdle with no clear benefit to businesses or consumers. Equally, it must not downgrade the existing privacy protections in our Privacy Act.

Ladies and gentlemen, Australia’s domestic privacy principles will not be compromised by our work

Page 2 of 4

in developing an APEC-wide cross border privacy rules system. The system will build upon Australian privacy requirements so that it can be of maximum benefit to Australian businesses and consumers. Australia has long been seen as a leader in privacy in the APEC region, and that must continue.

Consistent with our broad engagement in multilateral approaches, the Government supports Australia’s continued involvement in developing the Data Privacy Pathfinder. Our active leadership of the APEC data privacy work is a clear example of how Australia can be meaningfully involved in a multilateral forum. This work will increase the effectiveness of privacy protection in the APEC region for business and consumers. As a country with a solid history of privacy protection, we are able to share our experiences with our regional partners, while at the same time enhancing the effectiveness of Australia’s privacy regime for businesses and consumers.

While the work in APEC continues, Australia is also actively involved in the OECD Working Party on Information Security and Privacy and has a productive relationship with the European Union. Australia has been very supportive of facilitating dialogue between the OECD and APEC on cross-border privacy issues. We are pleased that this has led to the OECD participating, as a guest member, in the meetings of the APEC Data Privacy Sub-Group.

The active engagement of the OECD in APEC meetings provides a unique opportunity to progress privacy protection globally. It breaks down barriers in the international community. Cross border information flows are, by their very nature, an issue that cannot be addressed by just one State or even just one international organisation. Encouraging common work by the OECD and APEC on this issue allows both greater cooperation as well as greater consistency between the work of these different organisations.

The Data Privacy Pathfinder is not just a matter for Government. To ensure that the cross border privacy rules are relevant to Australian requirements, Australian business and consumer stakeholders must be engaged in the Pathfinder projects. As Chair of the Data Privacy Sub-Group at the recent meeting in Lima, Peru, Australia argued strongly for privacy consumer stakeholder groups to be given guest status at Sub-Group meetings. While a final decision on this matter has

been deferred, we will continue our strong advocacy for the involvement of consumer groups.

The Department of Prime Minister and Cabinet held a workshop in Sydney in February prior to the APEC meetings in Peru with Australian stakeholders. This was an extremely useful process for the Australian delegation and another workshop will be held before the next APEC meeting in August.

The Department will be looking at ways that it can more effectively engage interested Australian stakeholders in the APEC work on the Pathfinder projects and we strongly encourage business and consumer groups to become involved in this process.

ALRC Review - Can Australia’s privacy framework be improved?

Ladies and gentlemen, let me turn briefly to the ALRC’s review of Australia’s privacy laws.

In this 20th anniversary year of the Privacy Act the ALRC will finalise its comprehensive inquiry into the Act’s effectiveness.

I know that the ALRC have considered at length issues such as creating consistent and uniform privacy regulation along with reducing compliance burdens on business. Consistency is essential if people are to be fully aware of their privacy protections and for government and business to readily comply with their obligations under the Act. The Government looks forward to receiving the

Commission’s recommendations on these issues.

It is also timely that the ALRC is considering the rapid advances in information, communication, storage, surveillance and other technologies when looking at whether the Privacy Act continues to provide an effective framework for the protection of privacy in Australia.

The ALRC is also looking at how the concept of privacy in Australia has evolved and how community perceptions of privacy have changed. Given the evolution of sophisticated technologies, such as Closed Circuit TV surveillance and biometrics, it is important to examine whether privacy regulation should extend beyond the protection of personal data alone.

Page 3 of 4

The release of the ALRC’s final report at the end of May will provide an opportunity for the Government to tackle the challenge of privacy reform and build a privacy regime to serve modern Australia.

Privacy awards

Ladies and gentlemen, we have moved beyond a view of privacy protection as a series of requirements imposed by Government. The most effective protection of Australian’s privacy is in the positive steps taken through day-to-day decisions and actions of both public and private institutions and organisations, and the individuals who work within them.

It is therefore appropriate that the efforts of those who have gone ‘above and beyond’ will be recognised in the inaugural Australian Privacy Awards program and the Australian Privacy Medal. I commend the Office of the Privacy Commissioner for initiating these awards. It demonstrates the Office’s strong commitment to educating the community about the benefits of privacy compliance.

Over the past 20 years of the Privacy Act there have been many individuals, businesses and community groups who have made substantial contributions to the role of privacy in Australia. These awards will provide the chance to recognise these achievements.

Ladies and gentlemen, privacy is everybody’s business. I hope that the Privacy Awards and the Australian Privacy Medal will promote that message. I am pleased to formally launch the Australian Privacy Awards and the Australian Privacy Medal.

Media Contacts: Website:

Media Adviser - Colin Campbell - 0407 787 181

Page 4 of 4