Introduction

3.1 Australia is yet to achieve uniformity in the regulation of personal information.[1] A key issue raised in recent inquiries[2] and the current ALRC Inquiry,[3] is that Australian privacy laws are multi-layered, fragmented and inconsistent. For example, the Senate Legal and Constitutional References Committee inquiry into the Privacy Act 1988 (Cth) (Senate Committee privacy inquiry) concluded that:

The committee is greatly concerned at the significant level of fragmentation and inconsistency in privacy regulation. This inconsistency occurs across Commonwealth legislation, between Commonwealth and state and territory legislation, and between the public and private sectors. As mentioned above, the committee believes that this inconsistency is one of a number of factors undermining the objectives of the Privacy Act and adversely impacting on government, business, and mostly importantly, the protection of Australians’ privacy.[4]

3.2 The various problems caused by inconsistency and fragmentation are outlined in Part C of this Report. This chapter first considers whether national consistency should be one of the goals of the regulation of personal information handling. The chapter then outlines various reforms for achieving greater consistency at the federal, state and territory level. These reforms include the amendment of the Privacy Act to provide that the Act is intended to apply to the exclusion of the states and territories in relation to the handling of personal information in the private sector; and an intergovernmental agreement that establishes an intergovernmental cooperative scheme. The scheme would provide that the states and territories should enact legislation to regulate the handling of personal information in the state and territory public sectors that adopts key uniform elements, such as a set of uniform privacy principles. The final section of the chapter outlines various methods for achieving national consistency, including codes, joint guidance, and privacy impact statements.

[1] In its 1983 report Privacy (ALRC 22), the ALRC proposed a national approach to the protection of privacy ‘at the very least in relation to information practices’: Australian Law Reform Commission, Privacy, ALRC 22 (1983), [1092].

[2] See, eg, Parliament of Australia—Senate Legal and Constitutional References Committee, The Real Big Brother: Inquiry into the Privacy Act 1988 (2005), [4.17]–[4.40] and recs 3, 4; Office of the Privacy Commissioner, Getting in on the Act: The Review of the Private Sector Provisions of the Privacy Act 1988 (2005), Ch 2 and recs 2–16; Regulation Taskforce 2006, Rethinking Regulation: Report of the Taskforce on Reducing Regulatory Burdens on Business, Report to the Prime Minister and the Treasurer (2006), Ch 4 and recs 4.47, 4.48.

[3] Inconsistency in the regulation of personal information was raised as an issue in a large number of submissions to the ALRC Inquiry. See, eg, Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; Centre for Law and Genetics, Submission PR 497, 20 December 2007; Office of the Victorian Privacy Commissioner, Submission PR 493, 19 December 2007; Queensland Government, Submission PR 490, 19 December 2007; Microsoft Asia Pacific, Submission PR 463, 12 December 2007; Telstra Corporation Limited, Submission PR 459, 11 December 2007. See also Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), [4.1].

[4] Parliament of Australia—Senate Legal and Constitutional References Committee, The Real Big Brother: Inquiry into the Privacy Act 1988 (2005), [7.6].