Credit providers
54.101 In general, credit reporting agencies may disclose personal information contained in credit information files (for example, a credit report) only to those persons who are ‘credit providers’ as that term is defined in the Act.[113] An entity is a credit provider under s 11B if the entity is, among other things, abank;corporation, a substantial …
Publications
Read moreDiscussion Paper proposal
51.47 In DP 72, the ALRC identified support in submissions and consultations for a requirement that data users notify individuals of a breach of their personal information in certain circumstances.[78] Supporters of a data breach notification law gave a number of reasons why such a law would be valuable. These include that it would:provide a …
Publications
Read moreSubmissions and consultations
General 51.50 There continued to be strong support among stakeholders for the introduction of a requirement that data users notify individuals of a breach to their personal information where that breach may give rise to real harm to an individual.[84] 51.51 In particular, the OPC expressed strong support for the proposal. In its view, the …
Publications
Read moreEnforcing ‘own motion’ investigations
Background50.2 In addition to the Commissioner’s power to investigate an act or practice when a complaint has been made, the Commissioner also can investigate an act or practice on his or her own motion where the Commissioner considers it desirable that the act or practice be investigated.[1] Own motion investigations are used by the OPC …
Publications
Read moreInjunctions
Background50.26 The Privacy Act contains detailed provisions regarding the granting of injunctions. Section 98 provides that following an application from the Commissioner or another person, the Federal Court or Federal Magistrates Court can grant an injunction restraining a person from engaging in conduct that would constitute a contravention of the Privacy Act and, if the …
Publications
Read moreOther enforcement mechanisms following non-compliance
Enforcement pyramid50.35 As discussed in Chapter 4, Professors Ian Ayres and John Braithwaite have suggested that the ideal regulatory approach to enforcing compliance with regulation is through the adoption of an explicit ‘enforcement pyramid’. Under such a model, regulators use coercive sanctions only when less interventionist measures have failed to produce compliance.[59] Breaches of increasing …
Publications
Read moreInvestigating privacy complaints
Background49.3 The Commissioner’s powers to investigate complaints of a breach of the Information Privacy Principles (IPPs) and the National Privacy Principles (NPPs) are established in separate paragraphs of s 27(1) of the Privacy Act.[1] These powers are activated by a ‘complaint’. The Act confers rights on individuals to complain to the Commissioner about acts or …
Publications
Read moreTransferring complaints to other bodies
Background49.14 The Privacy Act contemplates the use of other bodies to resolve privacy complaints. For example, a privacy code approved under the Act may provide procedures for dealing with complaints under the code. The Privacy Act also vests the Commissioner with discretion to refer complaints to other bodies. Where the Commissioner forms the view that …
Publications
Read moreResolution of privacy complaints
Model under the Privacy Act49.39 The Privacy Act provides two formal ways of resolving a complaint following an investigation. First, the Commissioner can endeavour, by conciliation, to effect a settlement between the complainant and respondent.[46] Secondly, the Commissioner can make a determination either dismissing the complaint or finding the complaint substantiated.[47]Conciliation49.40 The Commissioner is given …
Publications
Read moreAccountability and transparency
Background49.74 A number of stakeholders to this Inquiry submitted that transparency and accountability in complaint handling under the Privacy Act should be improved. Two methods of improving transparency and accountability are merits review of the Commissioner’s determinations and providing more guidance on the OPC’s complaint-handling policies and procedures. Merits reviewBackground49.75 The right to merits review …
Publications
Read more