23.07.2010
8.4 A key term in defining the coverage of the Privacy Act is ‘personal information’. The Information Privacy Principles (IPPs) and NPPs apply when government, private sector organisations and individuals collect, store, use and disclose personal information. Under s 6(1) of the Privacy Act ‘personal information’ is defined as follows:
personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
8.5 The definition of a ‘record’ is also important to the coverage of the Act. In general, the Privacy Act applies only to the handling of personal information in a record.[3] Under s 6(1) of the Privacy Act a ‘record’ is relevantly defined as follows:
record means:
- a document; or
- database (however kept); or
- a photograph or other pictorial representation of a person; …
8.6 Therefore, the extent to which the Privacy Act covers a genetic sample depends on whether:
- the genetic sample may be considered to be ‘information’;
- the information is held in a ‘record’; and
- the information is about an individual whose identity is apparent, or can reasonably be ascertained, from the information.
Is a genetic sample ‘information’?
8.7 DP 66 stated that the Privacy Act does not cover genetic samples, even where they are identifiable (for example, where they have a name or other identifier attached), because the samples are not themselves ‘information’.[4]
8.8 This interpretation is supported by common law principles of statutory interpretation, which require that general words should be given their plain and ordinary meaning, unless the contrary is shown.[5] The plain and ordinary meaning of the word ‘information’ is unlikely to extend to a genetic sample, as opposed to the information that is derived by sequencing the DNA that the sample contains.[6]
8.9 The fact that it was thought necessary in New South Wales legislation to expressly refer to ‘body samples’ in the definition of ‘personal information’ also supports the view that samples are not covered by the term ‘information’.[7]
8.10 However, different interpretations have been expressed. For example, the Office of the Victorian Privacy Commissioner has stated that the definition of personal information contained in s 3 of the Information Privacy Act 2000 (Vic) may be interpreted to mean that the Victorian legislation
will apply to DNA samples that are collected, for example, by an organisation (such as police) who have the means available to them to analyse the sample in order to ascertain a person’s identity. At a simpler level, a body sample stored or able to be linked with a unique identifier of the person from whom it was extracted is also personal information.[8]
Is a genetic sample a ‘record’?
8.11 The second question is whether a genetic sample is a record. The plain and ordinary meaning of the word ‘record’ would not generally extend to a genetic sample.[9] Under the Privacy Act, a record is relevantly defined to mean a document, database or photograph.
8.12 Further assistance in interpreting the terms ‘record’ and ‘document’ is provided by the Acts Interpretation Act 1901 (Cth), which provides that:
25. In any Act, unless the contrary intention appears:
document includes:
(a) any paper or other material on which there is writing;
(b) any paper or other material on which there are marks, figures, symbols or perforations having a meaning for persons qualified to interpret them; and
(c) any article or material from which sounds, images or writings are capable of being reproduced with or without the aid of any other article or device.
record includes information stored or recorded by means of a computer.
writing includes any mode of representing or reproducing words, figures, drawings or symbols in a visible form.[10]
8.13 As with the term ‘information’, it is difficult to argue that the meaning of the word ‘record’ is capable of extending to a genetic sample.[11]
Is a genetic sample about an identifiable individual?
8.14 The third issue concerns the circumstances in which a genetic sample may be considered to contain information about an identifiable individual. The Privacy Act does not apply to information unless it is ‘about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion’.[12] Such a standard, based on reasonableness, means that in some cases it will not be clear whether particular information is identifiable and, therefore, whether or not the IPPs and NPPs apply to how it is handled.[13]
8.15 The concept of de-identification arises in different ways under the NPPs. For example, under NPP 10.3, an organisation may collect health information about an individual for research purposes without consent only where the research cannot be conducted with de-identified information.
8.16 In relation to the conduct of research involving humans, the National Health and Medical Research Council’s National Statement on Ethical Conduct in Research Involving Humans (the National Statement) also makes distinctions between identified, potentially identifiable and de-identified personal information or material.[14] However, under the National Statement, information or material is ‘de-identified’ only if the process of de-identification is irreversible—for example because the identifiers have been removed permanently or because the data have never been identified.[15]
8.17 Some submissions questioned whether it can ever be said that a genetic sample is truly de-identified,[16] at least as long as the individual from whom the sample was taken, or their body, still exists. As collections of genetic samples and information proliferate, the chances that any given genetic sample may be able to be re-identified by matching it with samples held on human genetic databases increases.[17]
Genetic information, unlike other health information, is inherently linked to a particular individual. This fact, in combination with computer technology, makes the linkage of genetic information to an identifiable individual always a possibility … Given these concerns, it is not advisable to completely exempt ‘anonymous’ genetic information from data protection regimes.[18]
8.18 On the other hand, the Commonwealth Attorney-General’s Department observed, in relation to the argument that genetic information is, by its nature, identifiable, that the same could be said of fingerprints, dental records or any other uniquely identifying features of an individual.[19]
8.19 The Inquiry does not believe that genetic samples should be considered inherently identifiable for the purposes of the Privacy Act. Whether they are reasonably identifiable or not will depend on the surrounding context. In most circumstances, an unlabelled and uncoded sample may still be considered to be de-identified, despite a theoretical possibility of re-identification.
Conclusion—Coverage of the Privacy Act
8.20 The existing application of the Privacy Act to bodily samples is not entirely clear. However, the Inquiry has concluded that the only well-known category of genetic sample that is clearly covered by the Privacy Act is the newborn screening card. Newborn screening cards are made of blotting paper on which spots of blood have been absorbed. The child’s name, date of birth, hospital of birth and birth weight are recorded on the card, together with the mother’s name and date of birth. It seems clear that newborn screening cards contain personal information in a record and must be handled in accordance with the IPPs or NPPs, as applicable.[20] This conclusion does not stem from the fact that a card contains a genetic sample, but from the fact that it contains other personal information about an identifiable individual and the genetic sample forms part of the same documentary record.
8.21 It seems equally clear that genetic samples, in whatever form, that are not labelled with names or other identifiers are not covered by the Privacy Act, even in situations where the identity of the individual from whom the sample is derived is reasonably ascertainable by testing. Such samples are not information and will not usually be held in a ‘record’, for example, where they are stored as microscope slides.
8.22 The position with regard to labelled samples is more complex. In some cases, while the sample itself may not be covered by the Privacy Act, the information attached to it (that is, the label) may be, and must be handled in accordance with information privacy principles.
8.23 Many, if not most, bodily samples held by organisations in Australia are labelled with names or other identifiers, such as alpha-numeric codes. This appears to be the case with most samples held by pathology laboratories. Codes are used so that laboratory technicians and others may handle samples without becoming aware of the identity of individuals. DP 66 proceeded on the basis that a name or a code by itself is not ‘information about an individual’. This view is consistent with opinions expressed by the Attorney-General’s Department and the Australian Government Solicitor in relation to the identical definition of ‘personal information’ in the Freedom of Information Act 1982 (Cth).[21]
8.24 Personal information that may be derived indirectly from the context in which the identifier is found—for example, that the named individual has had blood taken from them, which is now stored in a laboratory that tests for certain genetic disorders—is not covered by the Privacy Act. This is because, while personal information need not be recorded in a material form, it must be in a ‘record’ to be governed by the IPPs or NPPs,[22] and not be merely a matter of inference.
8.25 However, the legal position is not clear. An alternative view is that a name, by itself, may constitute information about an individual and therefore, in effect, labelled samples always have to be handled in accordance with the IPPs or NPPs.[23] Another view is that the application of the Act in this regard may depend on the exact circumstances of the case, for example, on whether the name on a labelled sample is a common name or not. As with DP 66, this Report proceeds on the basis that a name or a coded name by itself is not ‘information about an individual’. The implications for the Inquiry’s recommended reforms, if this approach is not correct, are discussed at the conclusion of this chapter.
8.26 Different approaches have been taken to the coverage of samples in state and territory information and health privacy legislation. The Privacy and Personal Information Protection Act 1998 (NSW) and Health Records and Information Privacy Act 2002 (NSW) define personal information to include ‘such things as an individual’s fingerprints, retina prints, body samples or genetic characteristics’.[24] Individually identifiable genetic samples are therefore covered by New South Wales privacy legislation.[25] Other state and territory legislation contains definitions of personal information and health information which, in relevant respects, more closely follow the wording contained in the federal Privacy Act. Genetic samples are generally not covered by such legislation.[26]
[1] Provided the samples contain cells with nuclei.
[2] Including genetic material derived from samples taken from the bodies of individuals—as in the case of immortal cell lines, to the extent that these cell lines contain the DNA of an identifiable individual.
[3] See Privacy Act 1988 (Cth) s 16B (in relation to private sector organisations) and the IPPs (in relation to Commonwealth and ACT government agencies).
[4] Australian Law Reform Commission and Australian Health Ethics Committee, Protection of Human Genetic Information, DP 66 (2002), ALRC, Sydney [7.54]. The Inquiry noted that the Office of the Federal Privacy Commissioner (OFPC) has taken this interpretation: Office of the Federal Privacy Commissioner, Submission G143, 22 March 2002; Office of the Federal Privacy Commissioner, Submission G164, 27 June 2002.
[5] See eg D Pearce and R Geddes, Statutory Interpretation in Australia (5th ed, 2001) Butterworths, Sydney, 35–36.
[6] In a related vein, it has been suggested that a bodily sample, such as a newborn screening card, is not a ‘document’ for the purposes of the Freedom of Information Act 1982 (Vic) s 5(1). Therefore, there is no right of access to the card: L Skene, ‘Access to and Ownership of Blood Samples for Genetic Tests: Guthrie Spots’ (1997) 5(2) Journal of Law and Medicine 137, 140.
[7]Privacy and Personal Information Protection Act 1998 (NSW) s 4(2).
[8] Office of the Victorian Privacy Commissioner, Submission to the Forensic Procedures Review Committee on its Review of Part 1D of the Crimes Act 1914 (Cth), 5 September 2002, 5.
[9] A newborn screening card is one category of bodily sample that clearly constitutes a ‘record’. However, a blood spot excised from the card is not ‘information’ and, therefore, is not covered by the NPPs or IPPs.
[10] Acts Interpretation Act 1901 (Cth) s 25.
[11] It might be possible to argue that a bodily sample is a document because blood is material from which an image (a DNA profile) may be reproduced eg when Restriction Fragment Length Polymorphism (RFLP) analysis and Southern blotting are used to create an image on X-ray film. However, it appears doubtful that the legislation would support such an extended interpretation. In a related context, it has been suggested that a bodily sample, such as that stored on a newborn screening card, is not a ‘document’ for the purposes of the Freedom of Information Act 1982 (Vic) s 5(1): L Skene, ‘Access to and Ownership of Blood Samples for Genetic Tests: Guthrie Spots’ (1997) 5(2) Journal of Law and Medicine 137, 140.
[12] From the definition of ‘personal information’ in Privacy Act 1988 (Cth) s 6(1). Relevant state and territory information and health privacy legislation contains similar definitions.
[13] A particular issue involves the extent to which coded information can be considered to be de-identified. Where an independent person (eg a gene trustee) holds the code and it is not possible for others to ascertain the identity of the individual concerned (without the assistance of the independent person), is the information de-identified so that the Privacy Act does not govern it or does it depend on the circumstances and, in particular, the practices or policies of the gene trustee? In this context, the Australian Health Ministers’ Advisory Council (AHMAC) National Health Privacy Working Group has stated that privacy protection will depend on whether ‘an individual’s identity could be reasonably ascertained, in the particular situation in which the information is being collected, used or disclosed’: Australian Health Ministers’ Advisory Council National Health Privacy Working Group, National Health Privacy Code (draft) Consultation Paper (2002), AHMAC, Canberra, 50. See also R Magnusson and C Clarke, ‘Data Registers in Respiratory Medicine: A Pilot Evaluating Compliance with Privacy Laws and the National Statement on Ethical Conduct in Research Involving Humans’ (2002) 10 Journal of Law and Medicine 69, 74–75.
[14] National Health and Medical Research Council, National Statement on Ethical Conduct in Research Involving Humans (1999), NHMRC, Canberra, 9.
[15] The National Statement states that ‘It should be recognised that the term “de-identified” is used frequently, in documents other than this Statement, to refer to sets of data from which only names have been removed. Such data may remain “potentially identifiable”’: Ibid, 9.
[16] Office of the Privacy Commissioner (NSW), Submission G118, 18 March 2002; Centre for Law and Genetics, Submission G048, 14 January 2002.
[17] N Tonti-Filippini, Correspondence, 17 May 2002.
[18] T Lemmens and L Austin, ‘The Challenges of Regulating the Use of Genetic Information’ (2001) 2(3) Isuma: Canadian Journal of Policy Research 26, 33–34.
[19] Commonwealth Attorney-General’s Department, Submission G158, 7 May 2002. The Department submitted that ‘to be identifiable, the information must usually be accompanied by other identifying information’.
[20] However, a blood spot excised from the card is not information and, therefore, is not covered by the NPPs or IPPs.
[21] Commonwealth Attorney-General’s Department, Submission G315, 19 February 2003. See Attorney-General’s Department — Security Law and Justice Division, Freedom of Information (FOI) Memorandum No.98: Exemptions Sections in the FOI Act, Attorney-General’s Department, <www.ag.gov.au/www/securitylawHome.nsf/Web+Pages/F6D7D4157FE35630CA256C17000AA2BD?OpenDocument>, 24 February 2003.
[22] See Privacy Act 1988 (Cth) s 16B (in relation to private sector organisations) and the IPPs (in relation to Commonwealth and ACT government agencies).
[23] Yet another possible interpretation is that the labelled sample in its entirety should be considered as a ‘record’. However, this interpretation, by extension would mean that any thing may be transformed into a record covered by the Privacy Act simply by labelling it (notwithstanding that it is not a document, database or photograph) eg clothes or other personal possessions.
[24]Privacy and Personal Information Protection Act 1998 (NSW) s 4(2); Health Records and Information Privacy Act 2002 (NSW) s 5(2).
[25] Privacy NSW noted that Privacy and Personal Information Protection Act 1998 (NSW) s 4(2) was inserted ‘because the former Privacy Committee was acutely aware of concerns regarding a number of issues involving bodily samples in the NSW context, for instance, the non-consensual access to and disclosure of newborn screening cards for forensic testing and law enforcement purposes’: Office of the Privacy Commissioner (NSW), Submission G257, 20 December 2002.
[26] See Health Records Act 2001 (Vic) s 3 ‘health information’; ‘personal information’; Information Privacy Act 2000 (Vic) s 3 ‘personal information’; Health Records (Privacy and Access) Act 1997 (ACT) s 4 ‘personal health information’; ‘personal information’.