The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy
Presentation • What is privacy? • The role of the Office • Our legislation • Complaint handling • Policy advice • Promotion and Education • Privacy and telecommunications regulation
What is privacy? Privacy can be divided into four separate but related concepts: • Information privacy – involving rules for the handling of personal data • Bodily privacy – protection of our physical selves against invasive procedures • Privacy of communications – security and privacy of mail, telephones etc • Territorial privacy – setting limits on intrusions into domestic and other environments. David Banisar, Electronic Privacy Information Centre, 2000 www.privacyinternational.org/survey/
Our legislation covers… • Australian Government agencies • Private sector: • annual turnover > $3m • trade in personal information • health service provider • contracted service provider for a Commonwealth contract • Credit reporting • Some other areas eg; ACT agencies, TFN
The National Privacy Principles The Privacy Act 1988 relates to information privacy. The National Privacy Principles apply to certain private sector organisations. In relation to personal information the principles cover: • Collection • Use and disclosure • Data quality • Data security • Openness
The National Privacy Principles • Access and correction • Identifiers (Australian Government) • Anonymity • Transborder flows of data (overseas) • Sensitive information
Complaint handling Our complaint handling approach emphasises: • Resolution between organisation and individual where possible and • Investigation and conciliation where complaints are made to the Privacy Commissioner
Complaint handling Typical outcomes following conciliation include: • apologies • access provided and/or records amended • change in practice or procedure • staff training and • monetary or other compensation to redress actual loss or damage
Complaint handling Powers supporting complaints process include: • make enquiries of third parties • enter premises (with consent or warrant) • require the production of information or documents • undertake own motion investigations • Apply to a court to enforce decisions made by Commissioner
Policy advice Our policy team: • provides guidance and advice to Australian Government agencies and private sector organisations on privacy issues; • examines and makes submissions on proposed legislation that may have privacy implications; and • monitors technological and social developments that affect individual privacy.
Promotion and education Our public affairs team: • “promotes an Australian culture that respects privacy” • educates individuals and organisations of their rights and obligations • manages media relations • manages Privacy Contact Officer network
Privacy & telecommunications Is regulated by: • National Privacy Principles, Privacy Act 1988 • Telecommunications Act 1997 • Telecommunications (Interception and Access) Act 1979 • Spam Act 2003 • Do Not Call Register Act 2006 • Communications Alliance Codes (formerly ACIF) OPC 2005 Review of the private sector provisions: • Privacy Commissioner recommended greater consistency in privacy regulation
Privacy Act and Telco Act Acts taken to be authorised by law for purposes of Privacy Act • s. 303B • If a disclosure or use of customer information is permitted by an exception in Part 13 of the Telco Act, then it is “authorised by law” for the purposes of NPP 2.
Responsibilities under Telco Act Registration of Industry Codes –Part 6 • s. 117(1)(j): • ACMA must be satisfied that the Privacy Commissioner has been consulted about the development of the code, if privacy matters are relevant • s. 117(1)(k): • ACMA must believe that the Privacy Commissioner is satisfied with the code, if the code deals with NPP matters
Responsibilities under Telco Act ACMA requesting codes • s. 118(4A) • ACMA must consult the Privacy Commissioner before making a request for the development of an industry code that deals with NPP issues
Responsibilities under Telco Act Directions about compliance with industry codes • s. 121 • ACMA must consult the Privacy Commissioner before directing a person to comply with an industry code, if NPP issues are relevant. Formal warnings—breach of industry codes • s. 122 • ACMA must consult the Privacy Commissioner before issuing a formal warning about breaching of a code, if NPP issues are relevant
Responsibilities under Telco Act Consultation with the Privacy Commissioner on Industry Standards • s. 134 • Before determining, varying or revoking an industry standard, ACMA must consult the Privacy Commissioner, if privacy issues are relevant (e.g. IPND industry standard)
Responsibilities under Telco Act Law enforcement and protection of public revenue • s. 282 • ACMA must consult the Privacy Commissioner before determining requirements that law enforcement agencies must follow when certifying that a disclosure of customer information is reasonably necessary
Responsibilities under Telco Act Monitoring by the Privacy Commissioner • s. 309 • Division 5 of Part 13 requires telecommunications companies to keep records of customer information that is released to law enforcement agencies under certain conditions • Privacy Commissioner has the function of monitoring compliance with Division 5 through conducting audits of these records
2005 Review Recommendations • Telecommunications • Clarify relationship between Telco Act, Spam Act and Privacy Act • Recommendations 8, 10, 11 • Further guidance • Legislative amendment? • ISPs and directory producers covered • Recommendation 9 • Small business operator exemption? • Regulations under s. 6E of the Privacy Act • Consider options for a Do Not Contact register • Do Not Call Register now being implemented
Review Recommendations • Technological developments – internet, data-mining, biometrics etc • Support for technological neutrality • But some possible gaps identified eg VoIP, GPS, Mcommerce, spyware? Australian Law Reform Commission privacy review likely to pursue these areas.
Recent Telecommunications Submissions • Inquiry into the provisions of the Do Not Call Register Bill 2006 and the Do Not Call Register (Consequential Amendments) Bill 2006; (June 2006) • Inquiry into the provisions of the Telecommunications (Interception) Amendment Bill 2006; (March 2006) • Review of the Spam Act 2003; (February 2006) • Introduction of a Do Not Call Register, Possible Australian Model: Discussion Paper (December 2005) • Telecommunications (Use of Integrated Public Number Database) Draft Industry Standard 2005 (August 2005)
More information Visit our website: www.privacy.gov.au Call our hotline: 1300 363 992 Join our Privacy Connections Network
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director of Policy