Other issues in the complaint-handling process
Background49.90 In addition to general issues about investigating and resolving complaints under the Privacy Act, stakeholders raised a number of concerns relating to specific provisions in the Act. These included those provisions dealing with representative complaints, preliminary inquiries and the conduct of investigations. Representative complaints 49.91 The Privacy Act allows for the making of representative …
Publications
Read morePart IIIAA Privacy codes
48.2 When bringing organisations within the ambit of the Privacy Act, Parliament decided to adopt a co-regulatory approach. It established a framework in which organisations are able to develop specialised codes for the handling of personal information which, when approved, replace the National Privacy Principles (NPPs).[1] This approach was ‘designed to allow for flexibility in …
Publications
Read moreBinding codes
48.20 The Commissioner cannot initiate a privacy code and cannot make a code binding on organisations that do not consent to be bound. The issue of binding codes was discussed in detail in the OPC Review. Stakeholders submitted that the Commissioner should have the power to formulate and impose binding codes even where an organisation …
Publications
Read moreAudit functions
Background47.87 The Commissioner has a number of functions under the Privacy Act to audit compliance. The OPC describes an audit as ‘a snapshot of personal information handling practices in relation to an agency or organisation program at a certain time and in a particular location’.[122] An audit involves a systematic inspection and review of an …
Publications
Read moreSelf-auditing
Background47.117 A possible alternative or addition to the Commissioner’s power to conduct PPAs would be the imposition of a requirement on agencies or organisations to undertake self-auditing.[166] The Corporations Act 2001 (Cth) model of financial reporting and audits was suggested as a possible model. That model includes an obligation on corporations to self-audit, to report …
Publications
Read morePublic interest determinations
Background47.128 The Commissioner has the power to make a determination that an act or practice of an agency or organisation, which may otherwise breach an IPP, NPP or approved privacy code, should be regarded as not breaching that principle or privacy code while the determination is in force. Such a determination is called a ‘public …
Publications
Read moreOversight powers
47.2 The Commissioner’s functions in overseeing the operation of the Privacy Act include: giving advice; providing research on, and monitoring of, technological developments; and conducting education. The Commissioner also has oversight functions in relation to tax file numbers and credit reporting.[2]Advice functions47.3 The Commissioner has several advisory functions under the Privacy Act. These are to:Provide …
Publications
Read moreGuidelines
47.25 As discussed in Chapter 4, in a principles-based regime, guidance is often necessary to make the rights and obligations in the Act sufficiently certain and clear.[42] Guidance can be provided in a number of forms, including website information, ‘frequently asked questions’, education programs, and the Commissioner’s oversight functions, discussed above. It also can be …
Publications
Read morePrivacy impact assessments
Background47.44 PIAs have been the topic of much discussion in recent reviews of the Privacy Act and in privacy commentary more generally. The term ‘privacy impact assessment’ is not defined in the Privacy Act, nor is there a requirement for the Commissioner, or for an agency or organisation, to undertake a PIA. There is, however, …
Publications
Read moreManner of exercise of powers
Section 29 of the Privacy Act46.36 In exercising his or her powers under the Privacy Act, the Commissioner is bound to have regard to the matters set out in s 29. The matters in s 29 can be divided into two principal concerns. First, the Privacy Act requires the Commissioner to take the following into …
Publications
Read more