A review

3.155 In DP 72, the ALRC proposed that the Australian Government should initiate a review in five years to consider whether the proposed intergovernmental cooperative scheme has been effective in achieving national consistency. This review should consider whether it would be more effective for the Australian Parliament to exercise its legislative power to cover the field in relation to information privacy in the state and territory public sectors.[169]

Submissions and consultations

3.156 A number of stakeholders supported a review.[170] The NHMRC submitted that, while a cooperative national scheme will achieve a nationally consistent outcome, the sustainability of such an arrangement will need to be demonstrated. The NHMRC anticipated that it will be very challenging to achieve and sustain full participation by all states and territories.[171]

3.157 The National Australia Bank supported an ongoing review of the privacy regime, in the context of the public and the private sectors, technological advancements and societal changes, and to ensure consistency and removal of duplication between federal, state and territory legislation.[172]

3.158 Privacy NSW supported the proposal, but affirmed its view that the Privacy Act should not cover the field in relation to information privacy because state and territory regulation achieves better compliance outcomes.[173]

3.159 Other stakeholders opposed the proposal. For example, the Queensland Government submitted that Commonwealth legislation covering the state and territory public sectors would impinge on the independence of the state and territory governments to regulate the handling of their own information.[174]

3.160 The OVPC also opposed the proposal. It submitted that a national privacy law could impact negatively on the enforcement and other functions associated with privacy regulation, if regulation is to be the sole province of a single national office. The OVPC also submitted that, given the complexities of the consultative process by which uniform legislation and regulatory structures would need to be established, ten years may be a more appropriate or practical timeframe.[175]

3.161 The Government of South Australia did not support the proposal. It also argued that five years is not enough time to allow states and territories to enact and implement legislation and necessary administrative and cultural changes.[176]

ALRC’s view

3.162 The Australian Government should initiate a review in five years from the commencement of the amended Privacy Act to consider whether the proposed intergovernmental scheme in relation to the handling of personal information in state and territory public sectors has achieved its goal. The review should consider whether it would be more effective for the Australian Parliament to cover the field in relation to information privacy in the state and territory public sectors.

3.163 The ALRC does not recommend that the Commonwealth should legislate in relation to information privacy in the state and territory public sectors. Rather, the recommendation is that the review should consider this issue. Extending the operation of the Privacy Act to cover state and territory public sectors is just one option. The review could also consider whether the Privacy Act should be extended to cover certain elements of state and territory public sectors and not others. For example, the Privacy Act could be extended to apply to state and territory statutory corporations and other bodies such as public hospitals and universities. The states and territories should be consulted as part of the review.

Recommendation 3-6 The Australian Government should initiate a review in five years from the commencement of the amended Privacy Act to consider whether the recommended intergovernmental cooperative scheme has been effective in achieving national consistency. This review should consider whether it would be more effective for the Australian Parliament to exercise its legislative power in relation to information privacy to cover the field, including in the state and territory public sectors.

[169]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposal 4–5.

[170] See, eg, Australian Privacy Foundation, Submission PR 553, 2 January 2008; Medicare Australia, Submission PR 534, 21 December 2007; Optus, Submission PR 532, 21 December 2007; Confidential, Submission PR 519, 21 December 2007; Federation of Community Legal Centres (Vic), Submission PR 509, 21 December 2007; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; Centre for Law and Genetics, Submission PR 497, 20 December 2007; Legal Aid Queensland, Submission PR 489, 19 December 2007; Privacy NSW, Submission PR 468, 14 December 2007; National Health and Medical Research Council, Submission PR 397, 7 December 2007.

[171]National Health and Medical Research Council, Submission PR 397, 7 December 2007.

[172]National Australia Bank, Submission PR 408, 7 December 2007.

[173]Privacy NSW, Submission PR 468, 14 December 2007. See also Public Interest Advocacy Centre, Submission PR 548, 26 December 2007.

[174]Queensland Government, Submission PR 490, 19 December 2007.

[175]Office of the Victorian Privacy Commissioner, Submission PR 493, 19 December 2007.

[176]Government of South Australia, Submission PR 565, 29 January 2008.