Application of the ‘Data Quality’ principle to agencies

27.7 As is noted above, agencies presently are not subject to a discrete ‘Data Quality’ principle. In the Discussion Paper, Review of Australian Privacy Law (DP 72), the ALRC proposed that a single ‘Data Quality’ principle should apply to both agencies and organisations.[6]

27.8 The proposal was supported almost unanimously by stakeholders.[7] The Public Interest Advocacy Centre (PIAC), for example, submitted that

the uneven treatment of agencies and organisations in relation to data quality requirements has been a source of confusion in the Privacy Act. A single principle dealing with data quality for both agencies and organisations would lead to greater consistency and increased public confidence in agency handling of personal information.[8]

27.9 Privacy NSW supported the proposal, but suggested that the ‘Data Quality’ principle and the ‘Data Security’ principle could be combined, so that agencies and organisations would only need to have reference to one principle dealing with the quality and security of record keeping.[9]

ALRC’s view

27.10 The model UPPs should include a ‘Data Quality’ principle that applies to agencies and organisations. Placing comprehensive data quality obligations will lead to greater consistency of, and increased public confidence in, the handling of personal information. A single ‘Data Quality’ principle also is consistent with the ALRC’s recommendation that, unless there is a sound policy reason to the contrary, the privacy principles should equally to agencies and organisations.[10]

[6]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposal 25–1.

[7]Australian Privacy Foundation, Submission PR 553, 2 January 2008; Public Interest Advocacy Centre, Submission PR 548, 26 December 2007; GE Money Australia, Submission PR 537, 21 December 2007; Medicare Australia, Submission PR 534, 21 December 2007; Optus, Submission PR 532, 21 December 2007; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; ACT Government Department of Disability, Housing and Community Services, Submission PR 495, 19 December 2007; Office of the Victorian Privacy Commissioner, Submission PR 493, 19 December 2007; Legal Aid Queensland, Submission PR 489, 19 December 2007; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007; Privacy NSW, Submission PR 468, 14 December 2007; Recruitment and Consulting Services Association Australia & New Zealand, Submission PR 353, 30 November 2007; National Health and Medical Research Council, Submission PR 397, 7 December 2007. In addition, the Australian Direct Marketing Association submitted that it did not disagree with this proposal. Australian Direct Marketing Association, Submission PR 543, 21 December 2007.

[8]Public Interest Advocacy Centre, Submission PR 548, 26 December 2007.

[9]Privacy NSW, Submission PR 468, 14 December 2007.

[10] Rec 18–2.