Correction of personal information

Background

29.83 Where an agency or organisation holds incorrect personal information about an individual, in most circumstances the individual has the right to have this information corrected.

29.84 Under IPP 7.1, an agency that has possession or control of a record containing personal information must take reasonable steps by way of making appropriate corrections, deletions and additions to ensure that the information is accurate and is relevant, up-to-date, complete and not misleading. When assessing whether personal information satisfies these criteria, an agency must have regard to the purpose for which the information was collected, or is to be used, and any purpose that is directly related to that purpose.[95]

29.85 IPP 7.2 states that the obligation imposed on agencies to correct personal information ‘is subject to any applicable limitation in a law of the Commonwealth that provides a right to require the correction or amendment of documents’. Such a limitation is found in Part V of the FOI Act, which sets out a number of procedural steps that an individual seeking the correction of personal information must take before the information can be corrected.

29.86 In comparison, NPP 6.5 provides that an organisation must take reasonable steps to correct personal information that it holds where an individual establishes that the information is not ‘accurate, complete and up-to-date’.[96]

29.87 These correction provisions raise the following issues:

  • the criteria by which personal information is assessed as being ‘correct’, including how these criteria should be assessed;

  • any burden of proof an individual must meet to establish that personal information that an agency or organisation holds about him or her is not ‘correct’;

  • the manner of correcting personal information that has been found not to meet the correction criteria; and

  • the relationship between the correction requirements under the Privacy Act and other federal laws.

29.88 Another issue that arises when an agency or organisation has corrected personal information under the ‘Access and Correction’ principle is the circumstances (if any) in which it is appropriate for that agency or organisation to notify third parties of the correction.

What is ‘correct’ personal information?

Background

29.89 Whether information is ‘correct’ for the purposes of the Privacy Act is not necessarily self-evident. Rather, this will depend upon the criteria by which the correctness of personal information is assessed. These criteria currently differ for agencies and organisations.

29.90 As noted above, NPP 6.5 enables an individual to request an organisation to correct personal information that is not ‘accurate, complete and up-to-date’.[97] In addition to information that is not accurate, complete and up-to-date, IPP 7.1 also requires agencies to correct personal information that is irrelevant or misleading.[98]

29.91 In some situations, the correctness of personal information will depend on the context in which the information is assessed. For example, a medical record might include a diagnosis that is later demonstrated to be false. Clearly, where the record is being considered in the context of patient treatment, the information it contains would not be ‘accurate’ or ‘up-to-date’. Where the record is being considered in another context—for example, as a historical record or for pending litigation—the information may be ‘correct’.

29.92 The IPPs provide some assistance to agencies seeking to determine whether personal information is complete, up-to-date, relevant and not misleading. IPP 7.1(b) provides that whether personal information is complete, up-to-date, relevant and not misleading must be determined ‘having regard to the purpose for which the information was collected or is to be used and to any purpose that is directly related to that purpose’. The NPPs do not include any equivalent criteria against which to assess whether personal information is ‘correct’.

29.93 There is a close relationship between the correction criteria provided in the ‘Access and Correction’ principle, and obligations on agencies and organisations to maintain the quality of personal information that they hold. NPP 3 (Data Quality) currently requires an organisation to take reasonable steps to ensure that personal information it collects, uses or discloses is ‘accurate, complete and up-to-date’.[99]

29.94 At present, agencies are not subject to a ‘stand-alone’ data quality principle. Aspects of data quality, however, are included in other IPPs. IPP 3 provides, for example, that, where an agency collects personal information, it must take steps to ensure that information it collects is relevant to the purpose of collection and is up-to-date and complete.[100] IPP 8 also imposes data quality requirements on agencies when they use personal information.

Discussion Paper proposals

29.95 In DP 72, the ALRC proposed two changes to the existing principles relating to the right to correct personal information held by an organisation, aimed at achieving consistency between the ‘Data Quality’ principle and the ‘Access and Correction’ principle in the model UPPs:

  • an individual should have the right to correct personal information that an organisation holds about him or her if it is not ‘relevant’; and

  • an organisation should be required to consider ‘a purpose of collection permitted by the UPPs’, when determining whether the personal information is correct.[101]

29.96 Similarly, in the context of agencies, the ALRC proposed that an agency should consider whether personal information is correct with reference to ‘a purpose of collection permitted by the UPPs’.[102]

Submissions and consultations

29.97 Most stakeholders that commented on this issue supported the two proposed changes to the correction criteria for organisations.[103] Privacy advocates, however, were concerned that the qualification ‘with reference to a purpose of collection permitted by the UPPs’ would allow an organisation to decline to correct personal information on the grounds that, while the information may be incorrect in relation to the purpose for which it was collected, it is not ‘incorrect’ in relation to another purpose for which the information is being used.[104]

29.98 Some stakeholders also supported the proposed change to the correction criteria for agencies.[105] Privacy NSW supported the proposal provided the existing provisions in the FOI Act are referred to in the ‘Access and Correction’ principle itself, or that it is annexed to the Privacy Act.[106] ACMA was concerned that the proposals may compromise the law enforcement and regulatory functions of agencies. It also had concerns about potential resource implications.[107]

ALRC’s view

29.99 Individuals should be provided with the right to correct personal information held by agencies and organisations where the information is misleading or not accurate, relevant, up-to-date or complete. These elements are the same as those currently in the correction principle in the IPPs. Two of the elements, however, are additional to those set out in the correction principle in the NPPs—that is, that the information should be ‘relevant’ and ‘not misleading’.

Criterion of ‘relevance’

29.100 In most situations, an agency or organisation that holds personal information that is not relevant should destroy it, or render it non-identifiable, in accordance with the ‘Data Security’ principle.[108] In some situations, however, whether personal information is ‘irrelevant’ may be contextual. For example, an agency or organisation may hold personal information that is relevant for one of its functions or activities but not another. In these situations, the individual about whom the information relates should have the right to have the information deleted from (or otherwise corrected in) those records where it is irrelevant. As noted above, the proposal that individuals should have the right to correct personal information held by organisations if it is not ‘relevant’ was supported by a broad range of stakeholders.

Criterion of ‘not misleading’

29.101 The recommended right of an individual to correct ‘misleading’ personal information that an organisation holds about him or her is new. This component, however, is currently applicable to credit reporting agencies and credit providers in respect of personal information in credit information files and credit reports.[109] The ALRC does not anticipate that including a right for individuals to correct misleading personal information would impose a significant new compliance burden on organisations. In a large number of situations, misleading information will not be ‘accurate’, ‘complete’ or ‘up-to-date’ and, therefore, is already subject to the correction requirement in the NPPs.

29.102 Where information is ‘misleading’, but is otherwise accurate, complete, up-to-date and relevant, this will result in a difference between the correction requirements in the ‘Access and Correction’ principle and the requirements of the ‘Data Quality’ principle. The ALRC considers this discrepancy to be appropriate, however, in light of the different contexts in which these principles operate.

29.103 It is difficult for agencies and organisations to determine whether personal information is ‘not misleading’. They may not be aware, for example, of surrounding circumstances that make the information ‘misleading’ in the absence of specific advice from the individual. When an individual exercises his or her right of correction, however, it is appropriate for an agency or organisation to assess, in a specific context, whether personal information is or is not misleading. This distinction presently is reflected in the IPPs, which provide individuals with a right to correct misleading information, but do not impose an independent requirement on agencies under IPP 8 to ensure that personal information is ‘not misleading’ before they use it.

Reference for assessing correction criteria

29.104 Data quality, as provided for in the ‘Data Quality’ principle, should be assessed with reference to the purpose for which information is being collected, used or disclosed.[110] In the context of the ‘Access and Correction’ principle, the correctness of information should be ascertained by reference to the purpose for which the information is being held.

29.105 In accordance with the ALRC’s recommended ‘Data Security’ principle, an agency or organisation only should hold personal information where it is needed for a purpose for which the information can be used or disclosed under the UPPs, or where retention otherwise is required or authorised by or under law.[111] The purpose justifying retention of the information under the ‘Data Security’ principle also should be taken into account when assessing the correctness of the information under the ‘Access and Correction’ principle.

Establishing that personal information is not correct

29.106 NPP 6.5 provides that, before an organisation is required to correct personal information, the individual to whom it relates must establish that the information is not accurate, complete and up-to-date. In the OPC Review, the OPC expressed concern that this requirement may be unclear and could impose ‘an unduly high standard’ on the individual seeking to correct his or her personal information.[112] In comparison, IPP 7 places agencies under a positive obligation to take steps to ensure that personal information that they hold is correct. This operates independently of the individual establishing that the information is not correct.

Submissions and consultations

29.107 In DP 72, the ALRC did not propose a change to the requirement in NPP 6.5 that an individual should establish that personal information is not correct. Several stakeholders, however, expressed concerns that to require individuals to establish that their personal information is not accurate, complete and up-to-date is excessively onerous.[113] The OPC submitted that there is

a perceived lack of certainty regarding how an individual should satisfy the requirement of ‘seek to establish that information is not accurate, complete or up-to-date’. Equally, it is unclear to what degree of certainty an individual must ‘seek to establish’ this, including to the Privacy Commissioner’s satisfaction in the event of a complaint.[114]

29.108 Stakeholders suggested reframing the ‘Access and Correction’ principle to require an organisation to correct personal information where an individual: provides the organisation with ‘reasonable grounds’ to believe that the information that is held about them is in need of correction;[115] or establishes the need for correction on the balance of probabilities.[116] Liberty Victoria submitted that:

If an individual contests that information is correct, they must have the opportunity to provide evidence or require the agency to check their information and have it corrected.[117]

ALRC’s view

29.109 By requiring an agency or organisation to correct personal information if an individual ‘is able to establish’ that the information is not correct, without providing for the requisite burden of proof, NPP 6.5 results in uncertainty in the event of a complaint.

29.110 The ‘Access and Correction’ principle should require agencies and organisations to ensure that the personal information they hold is, in accordance with the requisite correction criteria, correct. The words ‘and the individual is able to establish that the information is not’, therefore, should not be replicated in the principle. This approach is consistent with the approach currently taken in the IPPs and, accordingly, will not affect the existing practices of agencies. In addition, the ALRC does not anticipate that the change will affect significantly the practical operation of the correction requirements for organisations. Where an individual seeks to correct personal information that an organisation holds about him or her, the individual and organisation still must take steps to demonstrate that the information is, or is not, correct. This change has the principal advantage, however, that in the event of a complaint the relevant issue is the correctness of the personal information that is held by the agency or organisation.

Manner of correcting personal information

29.111 Where personal information held by an agency or organisation is ‘incorrect’, the agency or organisation must decide how to correct it. For example, should incorrect information be deleted, or should it clearly be marked as being superseded, while still remaining as a historical record?

29.112 The existing requirements in the NPPs are that an organisation must ‘correct’ personal information—they do not provide further guidance on what form this correction might take. The IPPs provide that an agency should make ‘appropriate corrections, deletions and additions as are, in the circumstances, reasonable’. More detail still is set out in the FOI Act, which provides that, where an agency amends a record, it must, to the extent that it is practicable to do so, ‘ensure that the record of information is amended in a way that does not obliterate the text of the record as it existed prior to the amendment’.[118]

29.113 Some guidance about how personal information should be corrected is available in the context of the FOI Act. In Re Cox and Department of Defence, the Administrative Appeals Tribunal advised that, when an agency considers the most appropriate manner in which to amend information under the FOI Act, it should consider whether the record: purports to be an objective recording of factual material; serves a continuing purpose; or may, if retained in an unamended form, serve a historic purpose.[119]

Submissions and consultations

29.114 Although no proposal specifically addressed this issue, some stakeholders, in response to DP 72, noted the potential tension between the obligation to correct personal information and archiving responsibilities. Privacy advocates suggested that the Privacy Commissioner should issue guidance noting that correction of personal information can take the form of amendment, deletion or addition, as appropriate in the circumstances. They suggested that this guidance should state that, where there is a legal requirement of keeping historical records of transactions, operational records can be corrected and the original incorrect information retained as an archive.[120]

29.115 The National Archives of Australia expressed concerns about any changes to the FOI Act that make it easier for personal information to be deleted without regard for other record-keeping requirements. The National Archives suggested that it is more appropriate to amend or correct a record without obliterating the evidence on which a decision had been made, than to delete the information.[121]

ALRC’s view

29.116 Personal information may be corrected in a number of ways, including by directly amending the material, deleting the incorrect material, or adding to the material. The appropriate method of correction will depend on the circumstances of the case. The ALRC recommends, below, that the OPC should develop and publish guidance on the ‘Access and Correction’ principle.[122] This guidance should address the manner in which personal information can be corrected, and discuss potential conflicts between the requirements of the ‘Access and Correction’ principle and other record-keeping obligations, including those under the Archives Act.

Correction obligations under the Privacy Act and other federal laws

29.117 As noted above, the obligation imposed on agencies to correct personal information ‘is subject to any applicable limitation in a law of the Commonwealth that provides a right to require the correction or amendment of documents’.[123] The relationship between correction requirements under the Privacy Act and the FOI Act is discussed in Chapter 15. For the reasons set out in that chapter, the ALRC is of the view that individuals should continue to be able to access and correct personal information under the Privacy Act and the FOI Act.

29.118 The ALRC has received Terms of Reference to review the operation of the FOI Act and related laws. The ALRC’s FOI Inquiry could consider recommending that the FOI Act should be amended so that it no longer regulates access to, and correction of, personal information.

Incorrect information: notification of third parties

29.119 Where an agency or organisation has corrected personal information in accordance with the ‘Access and Correction’ principle, there is a question whether it should be required to notify third parties of this correction and, if so, in what circumstances this obligation should arise.

29.120 The IPPs and the NPPs currently do not include a requirement for an agency or organisation to notify third parties of personal information that it has corrected. Such an obligation is found, however, in a number of international instruments and laws. For example, the EU Directive states that member states must guarantee that every data subject has the right to require the data controller to notify

third parties to whom the data have been disclosed of any rectification, erasure or blocking out [that has been carried out where the data are incomplete or inaccurate] unless this proves impossible or involves a disproportionate effort.[124]

29.121 Canadian privacy law requires organisations, where appropriate, to transmit corrected personal information to third parties, or to notify those parties of an unresolved challenge concerning the accuracy of the personal information.[125] It also states that, in certain circumstances, a government entity that has disclosed personal information to third parties must notify the third party of any correction made to that information or of any notation where the correction is not made.[126] In Germany, public and private bodies must, ‘if necessary to protect legitimate interests of the data subject’, notify third parties to which data have been transmitted of ‘the correction of incorrect data, the blocking of disputed data and the erasure or blocking of data due to inadmissible storage’.[127]

29.122 New South Wales privacy law also requires New South Wales agencies to notify third parties of incorrect information. Section 15(3) of the Privacy and Personal Information Protection Act 1998 (NSW) provides that, if personal information is amended by an agency, the individual to whom the information relates is entitled, if reasonably practicable, to have recipients of that information notified of the amendments.[128]

29.123 The OPC Review recommended that

the Australian Government should consider amending NPP 6 to provide that when an individual’s personal information is corrected in response to a request from the individual, the organisation should be obliged to notify third parties, where practicable, that they have received the inaccurate information.[129]

Issues Paper question

29.124 In the Issues Paper, Review of Privacy (IP 31), the ALRC asked whether the Privacy Act should be amended to impose an obligation on agencies and organisations to notify third parties that they have received inaccurate information and to pass on any corrected information.[130] A number of stakeholders supported this requirement.[131] Some limitations also were suggested, including: that the obligation should be triggered only at the request of the individual concerned;[132] that any requirement to notify third parties should apply only where the inaccuracy is ‘material’;[133] and that the requirement should apply only ‘where reasonable and/or practicable’.[134]

Discussion Paper proposal

29.125 In DP 72, the ALRC proposed that an agency or organisation should be required to take reasonable steps, where practicable, to notify any third party to whom it had disclosed personal information, of any correction to that information, providing that it is requested to do so by the individual to whom the information relates.[135]

Submissions and consultations

29.126 A number of stakeholders supported the ALRC’s proposals for notification of third parties by agencies[136] and organisations.[137] Some stakeholders suggested that the circumstances in which the notification requirement applies should be broader than where the individual requests notification, to cover, for example, situations where the individual may not have the capacity to make such a request[138] or where the individual may not be aware of the error.[139]

29.127 Other stakeholders, however, were concerned about the resource implications of the proposals for agencies[140] and organisations.[141] In particular, stakeholders expressed concerns about the need for agencies and organisations to identify and track all third party disclosures, including one-off data transfers.[142]

29.128 A number of stakeholders also commented that the proposed notification requirements placed an inappropriate burden on agencies and organisations.[143] GE Money Australia, for example, noted that the proposal did not take into account the reasons why the information needed to be corrected.

The proposal appears to have implicit in it that there is fault on the part of the organisation by reason of it having and having disclosed information that may not be correct or up to date. Incorrect or unclear information may have been provided to it in the first instance. It may be practicable for an organisation to notify other entities but this does not mean that in all circumstances it should be the organisation that should do so.[144]

29.129 ANZ expressed the view that the current privacy principles dealing with the correction of personal information were adequate. It suggested, however, that, if the proposal to notify third parties were to be adopted, it should apply only ‘where inaccuracies are considered by a reasonable person to be material and [notification] would be practicable in the circumstances’.[145] Acxiom Australia also was of the view that the proposed obligation should apply only where the inaccuracy is ‘material’.[146] The Law Council of Australia noted that it would be necessary to clarify the rights and obligations of third parties that have received incorrect personal information.[147]

ALRC’s view

29.130 Where an agency or organisation has corrected personal information, it should be required to notify any other entities to which it has disclosed the information of the correction, if requested to do so by the individual. In particular, this will reduce the risk that any entities to which the incorrect personal information has been disclosed will use or disclose the information inappropriately at a later time.

29.131 The potential costs of compliance were the major cause of concern. In particular, stakeholders were concerned that the notification provision would require agencies and organisations to log all disclosures of personal information.[148] The ALRC considers that the requirement to take ‘reasonable steps’ provides sufficient flexibility to cover all situations adequately. Concerns can be addressed sufficiently by clarifying that reasonable steps may, in some situations, equal no steps.

29.132 Guidance on the ‘Access and Correction’ principle[149] should address the factors that an agency or organisation should consider when it assesses whether it would be reasonable and practicable to notify third parties that it has disclosed incorrect information. These could include:

  • whether the agency or organisation has an ongoing relationship with the entity to which it has disclosed the information;

  • the materiality of the correction;

  • the length of time that has elapsed since the incorrect information was disclosed and the likelihood that it is still in active use by the third party;

  • the number of entities that would need to be contacted by the agency or organisation; and

  • the potential consequences for the individual of the use and disclosure of the incorrect information.

Recommendation 29-5 The ‘Access and Correction’ principle should provide that, if an individual seeks to have personal information corrected under the principle, an agency or organisation must take such steps, if any, as are reasonable to:

(a) correct the personal information so that, with reference to a purpose for which the information is held, it is accurate, relevant, up-to-date, complete and not misleading; and

(b) notify other entities to whom the personal information has already been disclosed, if requested to do so by the individual and provided such notification would be practicable in the circumstances.

[95]Privacy Act 1988 (Cth) s 14, IPP 7.1(b).

[96]Ibid sch 3, NPP 6.5–6.6.

[97]Ibid sch 3, NPP 6.5–6.6.

[98]Ibid s 14, IPP 7.1.

[99]Ibid sch 3, NPP 3.

[100]Ibid s 14, IPP 3. This requirement only applies to ‘solicited’ personal information.

[101]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposal 26–5.

[102]Ibid, Proposal 12–9(a).

[103]Australian Direct Marketing Association, Submission PR 543, 21 December 2007; Australian Government Department of Human Services, Submission PR 541, 21 December 2007; GE Money Australia, Submission PR 537, 21 December 2007; Optus, Submission PR 532, 21 December 2007; Office of the Victorian Privacy Commissioner, Submission PR 493, 19 December 2007.

[104] Australian Privacy Foundation, Submission PR 553, 2 January 2008; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007.

[105]Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; Privacy NSW, Submission PR 468, 14 December 2007; Australia Post, Submission PR 445, 10 December 2007.

[106]Privacy NSW, Submission PR 468, 14 December 2007.

[107]Australian Communications and Media Authority, Submission PR 522, 21 December 2007.

[108] See Ch 28.

[109]Privacy Act 1988 (Cth) s 18J.

[110] The ‘Data Quality’ principle is discussed in Ch 27.

[111] The ‘Data Security’ principle is discussed in Ch 28.

[112]Office of the Privacy Commissioner, Getting in on the Act: The Review of the Private Sector Provisions of the Privacy Act 1988 (2005), 118.

[113]Australian Privacy Foundation, Submission PR 553, 2 January 2008; Public Interest Advocacy Centre, Submission PR 548, 26 December 2007; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007.

[114]Office of the Privacy Commissioner, Submission PR 499, 20 December 2007.

[115]Ibid.

[116]Australian Privacy Foundation, Submission PR 553, 2 January 2008; Public Interest Advocacy Centre, Submission PR 548, 26 December 2007; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007.

[117]Liberty Victoria—Victorian Council for Civil Liberties, Submission PR 540, 21 December 2007.

[118]Freedom of Information Act 1982 (Cth) s 50(3).

[119]Re Cox and Department of Defence (1990) 20 ALD 499.

[120]Australian Privacy Foundation, Submission PR 553, 2 January 2008; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007.

[121]National Archives of Australia, Submission PR 414, 7 December 2007.

[122]Rec 29–9.

[123]Privacy Act 1988 (Cth) s 14, IPP 7.2.

[124] European Parliament, Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data, Directive 95/46/EC (1995), art 12(c). See also the United States Federal Trade Commission, which in identifying core principles of data protection, has stated that ‘to be meaningful, access must encompass … the means by which corrections and/or consumer objections can be added to the data file and sent to all data recipients’: United States Government Federal Trade Commission, Privacy Online: A Report to Congress (1998), 9.

[125]Personal Information Protection and Electronic Documents Act 2000 SC 2000, c 5 (Canada) sch 1, Principles 4.9.5, 4.9.6.

[126]Privacy Act RS 1985, c P-21 (Canada) s 12(2).

[127]Federal Data Protection Act 1990 (Germany) ss 20(8), 35(6).

[128]Privacy and Personal Information Protection Act 1998 (NSW) s 15(3).

[129] Office of the Privacy Commissioner, Getting in on the Act: The Review of the Private Sector Provisions of the Privacy Act 1988 (2005), rec 28.

[130]Australian Law Reform Commission, Review of Privacy, IP 31 (2006), Question 4–25.

[131] Office of the Privacy Commissioner, Submission PR 215, 28 February 2007; G Greenleaf, N Waters and L Bygrave—Cyberspace Law and Policy Centre UNSW, Submission PR 183, 9 February 2007; Australian Privacy Foundation, Submission PR 167, 2 February 2007; Queensland Council for Civil Liberties, Submission PR 150, 29 January 2007; AAMI, Submission PR 147, 29 January 2007; Centre for Law and Genetics, Submission PR 127, 16 January 2007; National Health and Medical Research Council, Submission PR 114, 15 January 2007; K Pospisek, Submission PR 104, 15 January 2007; Office of the Information Commissioner (Northern Territory), Submission PR 103, 15 January 2007; I Turnbull, Submission PR 82, 12 January 2007.

[132] G Greenleaf, N Waters and L Bygrave—Cyberspace Law and Policy Centre UNSW, Submission PR 183, 9 February 2007; Australian Privacy Foundation, Submission PR 167, 2 February 2007.

[133] AAMI, Submission PR 147, 29 January 2007.

[134] Office of the Privacy Commissioner, Submission PR 215, 28 February 2007. See also Queensland Council for Civil Liberties, Submission PR 150, 29 January 2007; National Health and Medical Research Council, Submission PR 114, 15 January 2007.

[135]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposals 12–9(b), 26–4.

[136]Medicare Australia, Submission PR 534, 21 December 2007; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; Privacy NSW, Submission PR 468, 14 December 2007; Australia Post, Submission PR 445, 10 December 2007.

[137]Public Interest Advocacy Centre, Submission PR 548, 26 December 2007; Australian Direct Marketing Association, Submission PR 543, 21 December 2007; Australian Government Department of Human Services, Submission PR 541, 21 December 2007; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; Smartnet, Submission PR 457, 11 December 2007.

[138]Public Interest Advocacy Centre, Submission PR 548, 26 December 2007.

[139]Australian Privacy Foundation, Submission PR 553, 2 January 2008; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007.

[140]Social Security Appeals Tribunal, Submission PR 478, 17 December 2007. See also Australian Government Centrelink, Submission PR 555, 21 December 2007; Australian Government Department of Human Services, Submission PR 541, 21 December 2007.

[141]Australian Bankers’ Association Inc, Submission PR 567, 11 February 2008; BPay, Submission PR 566, 31 January 2008; Acxiom Australia, Submission PR 551, 1 January 2008; GE Money Australia, Submission PR 537, 21 December 2007; Confidential, Submission PR 536, 21 December 2007; Optus, Submission PR 532, 21 December 2007; Suncorp-Metway Ltd, Submission PR 525, 21 December 2007; ANZ, Submission PR 467, 13 December 2007.

[142]Australian Bankers’ Association Inc, Submission PR 567, 11 February 2008; BPay, Submission PR 566, 31 January 2008; Confidential, Submission PR 536, 21 December 2007; Optus, Submission PR 532, 21 December 2007; Confidential, Submission PR 519, 21 December 2007; Insurance Council of Australia, Submission PR 485, 18 December 2007.

[143]Australian Bankers’ Association Inc, Submission PR 567, 11 February 2008; GE Money Australia, Submission PR 537, 21 December 2007; Confidential, Submission PR 536, 21 December 2007; Suncorp-Metway Ltd, Submission PR 525, 21 December 2007; Confidential, Submission PR 519, 21 December 2007.

[144]GE Money Australia, Submission PR 537, 21 December 2007.

[145]ANZ, Submission PR 467, 13 December 2007.

[146]Acxiom Australia, Submission PR 551, 1 January 2008.

[147]Law Council of Australia, Submission PR 527, 21 December 2007; Law Council of Australia, Submission PR 177, 8 February 2007.

[148] In Ch 25, the ALRC considers whether agencies and organisations should be required to log disclosures of personal information and comes to the view that the potential detriments associated with logging disclosures outweigh the potential benefits.

[149] See Rec 29–9.