47.37 The Commissioner has the function under s 27(1)(g) of maintaining and publishing annually a record of ‘the matters set out in records maintained by record keepers in accordance with clause 3 of IPP 5’. Record keepers, in this context, are agencies; and the record is known as the Personal Information Digest (Digest). The matters that must be included in the Digest are:
the nature of the records of personal information kept by or on behalf of the record keeper;
the purpose for which each type of record is kept;
the classes of individuals about whom records are kept;
the period for which each type of record is kept;
the persons who are entitled to have access to personal information contained in the records and the conditions under which they are entitled to have that access; and
the steps that should be taken by persons wishing to obtain access to that information.
47.38 Currently, agencies provide their Digest entries to the OPC, which then makes them available on the OPC website.
Submissions and consultations
47.41 The Cyberspace Law and Policy Centre did not disagree with the proposal to abolish the Personal Information Digest, which it acknowledged has rarely been used. It argued, however, that the OPC should prepare and publish a consolidated index of all Privacy Policies, which would allow public interest groups and the media to compare the policies.
47.42 The implementation of the recommendations in Chapter 24, dealing with the ‘Openness’ principle in the model UPPs, would obviate any need for the current requirement to prepare a Digest entry. It would also mean that the corresponding obligation on the Commissioner to prepare the consolidated Digest could be removed.
Recommendation 47-3 Subject to the implementation of Recommendation 24–1, requiring agencies to develop and publish Privacy Policies, the Privacy Act should be amended to remove the requirement in s 27(1)(g) to maintain and publish the Personal Information Digest.