45.1 Part F is concerned with the Office of the Privacy Commissioner (OPC). The OPC is an independent statutory body established by the Privacy Act 1988 (Cth), consisting of the Privacy Commissioner and staff appointed under the Act. The OPC is responsible for administering the Privacy Act, and is the federal regulator for privacy in Australia.

45.2 General privacy regulation has operated at a federal level only since the Privacy Act was passed in 1988. In the early years of privacy regulation, the Privacy Commissioner was responsible for overseeing compliance with the Act by agencies and tax file number recipients. Since that time, however, the responsibilities of the OPC have widened significantly to include credit providers, credit reporting agencies and the private sector. These changes resulted in more functions and powers for the Commissioner, although not always a commensurate increase in resources.

45.3 This chapter sets out the key themes arising out of Part F, and summarises some of the major reforms recommended by the ALRC. The chapter also examines the ALRC’s approach to addressing systemic issues in privacy compliance. Before turning to those matters, however, the chapter considers the consolidation of the Commissioner’s functions.

Consolidating functions

45.4 The Privacy Act divides the Privacy Commissioner’s functions between interferences with privacy generally, tax file numbers and credit reporting. This division is a product of the historical development of the Privacy Act. Consistently with the ALRC’s recommendation that the Privacy Act should be amended to achieve greater logical consistency, simplicity and clarity,[1] it would add greater clarity to the Act to consolidate the functions of the Commissioner where appropriate.

45.5 For example, the Privacy Commissioner’s functions to investigate potential breaches of the Information Privacy Principles (IPPs), National Privacy Principles (NPPs), Tax File Number Guidelines[2] and credit reporting provisions, should be consolidated into a general function to investigate ‘interferences with privacy’. This term ‘interference with privacy’ is already defined to include breaches of these respective provisions. The specific functions in ss 28(1)(b)–(c) and 28A(1)(b) should then be repealed. This consolidation is particularly important if and when the ALRC’s model Unified Privacy Principles (UPPs) are adopted.

45.6 Similarly, the credit reporting guidelines, advice and education functions in s 28A[3] could be rolled into their equivalent functions in s 27[4] or moved to the new Privacy (Credit Reporting Information) Regulations.[5]

[1] Rec 5–2.

[2] To be renamed Tax File Number Rules: see Rec 47–2(a).

[3] Respectively s 28A(1)(e), (f), and (k).

[4] Those functions are Privacy Act 1988 (Cth) s 27(1)(e), (f), and (m) respectively.

[5] See Part G.