16.122 Section 168 of the Corporations Act requires companies and registered schemes to maintain a register of members and, if relevant, a register of option holders and a register of debenture holders. Section 169 of the Act requires a register of members to contain certain details, including the member’s name and address, the date on which the member’s name was entered on the register, as well as other details, such as the shares held by each member.
16.123 Under ss 173 and 174 of the Corporations Act, companies, registered schemes and persons who maintain registers on behalf of companies and registered schemes must allow anyone to inspect these registers. These sections are examples of provisions that require or authorise the disclosure of information for the purposes of the Privacy Act. It is unlikely, therefore, that compliance with the Corporations Act requirements would breach NPP 2.
16.124 Section 177 of the Corporations Act provides that it is a criminal offence to use information about a person obtained from a register to contact or send material to the person, or to disclose information obtained from a register knowing that the information is likely to be used to contact or send material to the person. An exception to that rule is where the use of the information is connected with the membership, or approved by the company.
16.125 Link Market Service submitted that the provisions relating to access to registers under the Corporations Act are contrary to the NPPs. It noted that, under the Privacy Act, a company that maintains a members’ register cannot provide personal information except for the primary purpose of managing a members’ register, and yet under the Corporations Act it is able to disclose information that would not usually be disclosed.
Practically we cannot, for example, disclose information to a shareholder that calls in without providing their unique identifier (their Securityholder Reference Number) but can allow access to a register to a member of [the] public if they visit our offices to a view a register (in this process they can see a specific individual’s holding balance).
16.126 In IMF (Australia) Ltd v Sons Of Gwalia Ltd,however,French J made the following comment about the relationship between s 177 of the Corporations Act and the Privacy Act:
Section 177 is designed to protect the privacy of shareholders by limiting the use to which information about them may be put. By way of example, which is given in a note to the section, the use of information on the register for the direct marketing of goods or services, would fall within the prohibition. The prohibition in s 177 is consistent with the National Privacy Principles set out in Schedule 3 of the Privacy Act 1988 (Cth).
It appears reasonably clear from its terms that the purpose of s 177 is to protect the privacy of shareholders by limiting permitted uses of information obtained from the register about them. The section would not permit the use of information on the register for direct marketing to shareholders of goods and services unrelated to their status as shareholders and it may be the case that even company approval of the use of information on the register will be constrained by the National Privacy Principles to which reference has already been made.
16.127 Particular concerns have also been raised about the personal information held by mutual entities, such as credit unions. It has been argued that the personal information on a credit union’s member register is more detailed and revealing than information on an ordinary company register, and that access to this information will encourage misuse of this information. Amendments have been made to the Corporations Regulations 2001 (Cth) to deal with this issue. Regulation 12.8.06 of the Corporations Regulations allows mutual entities to:
have a separate register of ‘member shares’ being the shares which are issued by them to their customers;
require the party seeking access to agree in writing that the information about members which is gained will be divulged only to certain named persons and used only for certain specified purposes; and
refuse access if it is not satisfied that access is being sought by a member who intends to call a meeting of members, or for another purpose approved by the Australian Securities and Investments Commission (ASIC).
16.128Further, the Corporations Amendment Regulations 2007 (No 9) (Cth) provide that when a person seeks access to a register of members of certain body corporates (a credit union, credit society and building society) and the person has given a statutory declaration in relation to the use of that information and paid the reasonable costs of contacting the members, or sending material to the members, the body corporate must do everything that is reasonably possible to arrange for the members to be contacted, or for the material to be sent to the members, on the person’s behalf by a third party service provider nominated by the body corporate.
16.129 In IP 31, the ALRC asked whether it was appropriate that the disclosure of a shareholder’s personal details in a register of members, register of debenture holders or a register of option holders under the Corporations Act is a disclosure of personal information that is permitted for the purposes of NPP 2. Stakeholders’ views were canvassed in detail in DP 72. The ALRC reached the preliminary view that the Corporations Act provides significant protection of personal information held on a register and that the current level of protection strikes an appropriate balance between the competing interests at play. The ALRC also noted that the member registers of mutuals, such as credit unions, receive extra protection under the Corporations Regulations. Accordingly, the ALRC did not make a proposal in relation to the Corporations Act in DP 72.
Submissions and consultations
16.130 Only two submissions were received on this issue in response to DP 72. The OPC noted that the handling of personal information held in public registers for the purposes of the Corporations Act provided a specific example of a more general issue—that is, ‘finding the appropriate balance in granting access to, and setting limits upon the subsequent use of, information held on public registers’. The OPC submitted that the availability of personal information held in public registers has been the subject of complaints and enquiries, but recognised the public policy objectives behind making such information publicly available. It argued:
The balance between maintaining the privacy of this information and meeting the important public policy objectives might be better achieved by more narrowly specifying in the Corporations Act the purposes for which such information may be used, particularly in regard to shareholder registers.
16.131 The OPC offered in-principle support for the idea of using trusted third-party ‘clearing houses’ to manage contact between individuals on registers and third parties. In the OPC’s view, avoiding the need to provide personal information directly to the requesting party would address the risk that the information may be misused or mishandled.It noted that the Corporations Amendment Regulation 2007 (No 9) would provide for such a mechanism.
16.132 The Australian Government Treasury noted, however, that the underlying rationale for providing access to registers of members was to facilitate ‘informed dealings by members and prospective members, and other stakeholders’. The Treasury argued, in relation to members, that ‘public access to the register promotes effective participation in the key democratic processes in a company’ and that restricting public access to the register could lead to ‘underperformance and reduced market efficiency’. The Treasury also stressed the need for members of the public interested in acquiring shares in a company (for example, through a takeover offer) to be able to find out the identity of the present owners of a company.
16.133 The Treasury disagreed with the OPC’s suggestion that the provisions of the Corporations Regulations limiting access to registers of members of mutuals should be extended to all companies.
The limitations on access to the registers of members of mutuals are adapted to the special circumstances surrounding membership of such institutions. Some mutuals have a customer base concentrated in security sensitive areas such as the defence and police forces. Provisions of the Banking Act 1959 prevent customers of financial institutions from using a non-residential address when opening an account. Members of companies other than mutual financial institutions have the options [sic] of specifying a non-residential address, such as a post office box, to the extent that they have concerns about their personal security…
The limitations on access to registers of members of mutuals may have an adverse effect on the accountability of the management of those bodies to their members. In the case of mutuals, that disadvantage is outweighed by the need to ensure the personal security of members. In our view extension of similar limitations to all companies would have significant costs that would not be justified by the benefits of such a regulatory intervention. 
16.134 The ALRC does not make a recommendation in relation to the use and disclosure of personal information held on a register of members. The Corporations Act provides significant protection for personal information held on a register. These protections strike an appropriate balance between the right of the public to know about, and use, information from a register, and the policy that shareholders should be free from undue intrusion from the use of such information. The ALRC also notes that the member registers of mutuals, such as credit unions, receive extra protection under the Corporations Regulations. They will receive further protection if the Corporations Amendment Regulations 2007 (No 9) come into effect.
16.135 The Privacy Act also provides some protection for personal information held on a register of members. For example, under the current law, the collection by an organisation of information from a register is subject to NPP 1. Personal information included on a register is subject to the data-quality requirements of NPP 3. Such protection will continue under the model UPPs. The application of the Privacy Act to publicly available information is discussed further in Chapter 11.
 Corporations Act 2001 (Cth) s 177(1A).
 Link Market Service, Submission PR 2, 24 February 2006.
 IMF (Australia) Ltd v Sons Of Gwalia Ltd (Administrator Appointed) ACN 008 994 287 (2004) 211 ALR 231.
 Ibid, –.
 See Information Integrity Solutions, Customer Lists: Background Paper for CUSCAL Industry Association (2005).
 Credit Union Industry Association and others, Issues Overview: Member Registers, Takeovers and Mutuals (2006).
 Corporations Amendment Regulations 2003 (Cth).
 Senate Disallowable Instruments List (as at 1 April 2008): A notice of motion to disallow the Corporations Amendment Regulations 2007 (No 9) (Cth) was given by a Senator during the last (41st) Parliament. This notice was not resolved at the time that the Parliament was prorogued for the 2007 federal election. As a consequence, under s 42(3) of the Legislative Instruments Act 2003 (Cth), the Corporations Amendment Regulations 2007 (No 9) (Cth) is taken to be tabled in the Senate on the first sitting day of the new (42nd) Parliament, that is 12 February 2008.
 Australian Law Reform Commission, Review of Privacy, IP 31 (2006), Question 7–6(j).
 Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), [13.83]–[13.92]. See also Australian Law Reform Commission, Review of Privacy, IP 31 (2006), Question 7–6(j).
 Office of the Privacy Commissioner, Submission PR 499, 20 December 2007.
 Ibid. The OPC noted that, at the time of making its submission, the regulation had been the subject of a disallowance motion prior to Parliament being prorogued.
 Australian Government Treasury, Submission PR 581, 20 March 2008.
Privacy Act 1988 (Cth) s 16B.