Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
National privacy legislation good for consumers, good for business.

Download PDFDownload PDF

12 April 2000




Australians will have a comprehensive privacy regime that will cover the private sector for the first time, under legislation that I introduced to Parliament today.

The Privacy Amendment (Private Sector) Bill 2000 is the most significant development in the area of privacy law since the passage of the Privacy Act in 1988, which covers the Commonwealth public sector. Labor did virtually nothing in their last 10 years of Government to protect the privacy of peopleís information when dealing with private sector organisations.

The light touch regime will protect consumers by ensuring that personal information is collected, stored and handled fairly by private sector organisations. Good privacy is good for business. The legislation provides a framework within which organisations that demonstrate they are committed to protecting the privacy of their customers will gain a competitive advantage. Privacy issues can impact greatly on the bottom line. Recent reports of privacy concerns adversely affecting share price of some large Internet companies demonstrate this.

Light touch does not mean soft touch. The Bill will ensure that privately-developed databases of personal information need to be up-to-date with correct information, held securely and that they are open to scrutiny. It will also allow people to access records about themselves and to correct those records if they are wrong.

Organisations that collect personal information will not generally be able to sell or transfer that information to a third party without consent. This means that companies will not be able to sell lists of their customers or subscribers without their consent. Organisations that use an existing database of personal information for direct marketing will be required to allow customers to opt out of future direct marketing.

The Bill implements the National Principles for the Fair Handling of Personal Information, which were developed by the Privacy Commissioner following extensive consultation over more than a year with business, consumers and other interested groups.

Some modifications have been made to the National Privacy Principles as they apply to organisations holding health and other sensitive information. The modifications recognise the sensitivities surrounding personal health information and are based on the Privacy Commissioner's recommendations to the Government, after consultation with health consumers and professionals. The Bill recognises that people expect that sensitive information, such as health information, will have greater protection.

A key feature of the Bill is that private sector organisations can develop their own codes to regulate the collection, storage, use and disclosure of personal information. These codes must offer as much protection as the National Principles and must be approved by the Privacy Commissioner. If a private sector organisation chooses not to develop its own code, the National Principles will operate as the privacy rules.

Under the Bill, people will be able to complain to the Privacy Commissioner or approved code complaint body if a private sector organisation breaches the privacy rules. Resolving complaints will focus on conciliation, rather than litigation. However, there is provision for financial and non-financial remedies, such as compensation or an apology.

The Government recognises that there are important social interests that compete with privacy, such as the free flow of information to the public via the media. An act or practice of a media organisation that is done in the course of journalism will be exempt from the legislation to allow the media to continue doing its job.

While protecting privacy is an important goal, it must be balanced against the need to avoid unnecessary red tape or costs for small businesses that pose a low privacy risk. All small businesses will be exempt from the legislation for the first year of its operation. After this time, only small businesses that provide a health service and hold health information or businesses that trade personal information will be required to comply with the legislation. Of course, voluntary compliance with the legislation will be encouraged..

The legislation will take effect on 1 July 2001 or 12 months after the Bill has been passed, whichever is the later date. I will also ask the Privacy Commissioner to conduct a formal review of the operation of the legislation and all of the exemptions after it has been in operation for two years.

 Return to Index